CISA Warns Unpatched VMware Servers Remain Vulnerable to Log4Shell
The US Cybersecurity and Infrastructure Agency (CISA) has warned that attackers are still exploiting the Log4Shell flaw to target VMware’s Horizon and Unified Access Gateway (UAG) servers. The security agency advised IT admins to immediately patch their servers running vulnerable Log4j versions.
The Apache Software Foundation first disclosed the Log4Shell flaw, tracked as CVE-2021-44228, back in December 2021. The vulnerability exists in the popular open-source Apache Log4j framework and allows unauthenticated remote code execution (RCE) and complete server takeover.
VMware released multiple patches to address the security flaw in its products in December and January. However, it turns out that some organizations have yet to patch their systems. CISA says that attackers have recently exploited the Log4Shell vulnerability on unpatched servers to breach the disaster recovery network of an organization and steal sensitive information.
“As part of this exploitation, suspected advanced persistent threat actors implanted loader malware on compromised systems with embedded executables enabling remote command and control (C2). In one confirmed compromise, these APT actors were able to move laterally inside the network, gain access to a disaster recovery network, and collect and exfiltrate sensitive data,” CISA explained.
CISA urges organizations to patch their systems
It is important to note that Log4Shell affected a wide range of customers, enterprise services, and device manufacturers. It is one of the reasons that the flaw was a bit challenging to patch for some organizations. While the CISA had not observed any major intrusions via Log4j, the latest incidents indicate that the security vulnerability is still vulnerable to cyber attacks or state-sponsored operations.
According to the CISA, all organizations with unpatched VMware servers should begin incident response (IR) procedures as soon as possible. It is recommended to isolate the potentially affected systems, review logs and artifacts, and report the breach to the security agency. Meanwhile, customers can hire third-party IR experts to mitigate potential risks and threats.
More in Security
CISA Releases New Free Tool to Identify Threats in Microsoft Cloud Services
Mar 24, 2023 | Rabia Noureen
Microsoft Defender for IoT Gets Cloud-Powered Security Features to Protect Enterprise Networks
Mar 21, 2023 | Rabia Noureen
Azure Firewall Basic Now Available to Protect Small Businesses Against Cyberattacks
Mar 16, 2023 | Rabia Noureen
Microsoft Releases Updates to Patch Critical Outlook NTLM Vulnerability
Mar 16, 2023 | Rabia Noureen
Microsoft Warns About New MFA Bypass Tool Used in AiTM Phishing Campaigns
Mar 15, 2023 | Rabia Noureen
Microsoft 365 Defender Adds Real-Time Custom Detections Support in Preview
Mar 14, 2023 | Rabia Noureen
Most popular on petri