![]() File modifications to ‘…\VMware\VMware View\Server\appblastgateway\lib\absg-worker.Any powershell.exe processes containing ‘VMBlastSG’ in the command line.Evidence of ws_TomcatService.exe spawning abnormal processes.NHS’s report also highlights the following three signs of active exploitation on vulnerable systems: VMware released a security update for Horizon and other products last month, fixing CVE-2021-44228 and CVE-2021-45046 with versions 2111, 7.13.1, and 7.10.3Īs such, all VMware Horizon admins are urged to apply the security updates as soon as possible. VMware has published an advisory listing 30 different VMware products vulnerable to CVE-2021-44228, including vCenter Server, Horizon, Spring Cloud, Workspace ONE Access, vRealize Operations Manager, and Identity Manager. The PowerShell commands help the adversaries in retrieving outputs using a webhook, while all connections employ one of the following legitimate services:Īttack flow digram : log4j flaw in VMWare Horizon Security updates are available “The web shell can then be used by an attacker to carry out a number of malicious activities such as deploying additional malicious software, data exfiltration, or deployment of ransomware.” “Once a weakness has been identified, the attack then uses the Lightweight Directory Access Protocol (LDAP) to retrieve and execute a malicious Java class file that injects a web shell into the VM Blast Secure Gateway service.” “The attack likely consists of a reconnaissance phase, where the attacker uses the Java Naming and Directory InterfaceTM (JNDI) via Log4Shell payloads to call back to malicious infrastructure,” explains the alert. Targeting Apache Tomcat in VMware HorizonĪccording to the NHS notice, the actor is leveraging the exploit to achieve remote code execution on vulnerable VMware Horizon deployments on public infrastructure. Log4Shell is an exploit for CVE-2021-44228, a critical arbitrary remote code execution flaw in the Apache Log4j 2.14, which has been under active and high-volume exploitation since December 2021.Īpache addressed the above and four more vulnerabilities via subsequent security updates, and Log4j version 2.17.1 is now considered adequately secure. ![]() UK’s National Health Service (NHS) has published a cyber alert warning of an unknown threat group targeting VMware Horizon deployments with Log4Shell exploits.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |