Unpatched VMware applications are still being exploited, ransomware used as a decoy, and a COVID text scam.
Welcome to Cyber Security Today. It’s Friday, June 24th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
It’s hard to believe with all of the news stories earlier this year, but threat actors continue to exploit an unpatched Log4Shell vulnerability in VMware Horizon and Unified Access Gateway servers. That’s according to the U.S. Cybersecurity and Infrastructure Security Agency. Alerts about this vulnerability started circulating last December. But some IT administrators still aren’t getting the message. If your organization hasn’t paid attention to this yet, assume your Horizon or UAG installation has been compromised. Start threat hunting. The CISA report includes recommendations on what to look for. There’s a link to the report in the text version of this podcast. Log4Shell is a remote code execution vulnerability that affects products using Apache’s Log4j2 logging library. After exploiting a hole in Horizon or UAG an attacker will upload malware to spread across the IT environment.
Threat actors often use denial of service attacks to distract IT from a data theft going on elsewhere in the organization. According to researchers at Secureworks, one Chinese-based attacker may be using ransomware the same way. The ransomware used by the gang dubbed Bronze Starlight only has a short lifespan, the report…
