Cybercriminals have continued to exploit vulnerable VMWare Horizon and United Access Gateway servers that did not apply patches or workarounds for Log4j (CVE-2021-44228).
Latest Threat Intel News:
Hackers Continue to Exploit Unpatched Servers
This includes suspected state-sponsored APT groups as well as ransomware operators. Yesterday’s 0-day is today’s compromise.
Recommendations
-
Organizations employing the affected systems should immediately apply the vendor-recommended patches or utilize temporary workarounds if unable to update right away.
-
As always, ensure proper backup cadence.
CISA recommends all organizations with affected systems that did not immediately apply available patches or workarounds to assume compromise and initiate threat hunting activities using the IOCs provided in this CSA (https://www.cisa.gov/uscert/ncas/alerts/aa22-174a).
This blog post and its contents are intended for general guidance and informational purposes only. This blog post is under no circumstances intended to be used or considered as specific insurance or information security advice.