07.07.22

Corvus Threat Intel

Did you already forget about Log4j? Well, threat actors haven’t.

Cybercriminals have continued to exploit vulnerable VMWare Horizon and United Access Gateway servers that did not apply patches or workarounds for Log4j (CVE-2021-44228).  

This includes suspected state-sponsored APT groups as well as ransomware operators. Yesterday’s 0-day is today’s compromise.

Recommendations

CISA recommends all organizations with affected systems that did not immediately apply available patches or workarounds to assume compromise and initiate threat hunting activities using the IOCs provided in this CSA (https://www.cisa.gov/uscert/ncas/alerts/aa22-174a).

 


This blog post and its contents are intended for general guidance and informational purposes only. This blog post is under no circumstances intended to be used or considered as specific insurance or information security advice.

 

[RELATED POST] Hive Ransomware, Holiday Phishing Scams, & Amazon RDS Leaks Data

Hive Ransomware, Holiday Phishing Scams, & Amazon RDS Leaks Data

Hive ransomware makes a profit, phishing for the holidays, and Amazon RDS leaks personal data.

[RELATED POST] Exploiting Zero Days, Citrix Vulnerability, and SEO Poisoning

Exploiting Zero Days, Citrix Vulnerability, and SEO Poisoning

Attackers are exploiting zero-days faster, Citrix vulnerability, and SEO poisoning attack.