Those organizations should investigate the integrity of their networks before-and you can practically hear the agencies pleading this in the advisory-patching their servers. They advise organizations to consider unpatched, publicly accessible VMware Horizon and UAG servers compromised until proven otherwise. "For those of you just learning about the mass exploitation of VMware Horizon servers and the installation of backdoor web shells," Huntress said at the time, "you should seriously consider the possibility that your server is compromised if it was unpatched and internet-facing."ĬISA and CGCYBER say the same thing in this advisory. #Vmware horizon hackers are under exploit install#Huntress, a security company founded by former National Security Agency (NSA) hackers, said in January that attackers were exploiting that vulnerability to install the popular Cobalt Strike command and control framework on victims' networks. This isn't the first time we've been warned about hackers targeting VMware Horizon servers that remain susceptible to Log4Shell. "In one confirmed compromise," the agencies say, "these APT actors were able to move laterally inside the network, gain access to a disaster recovery network, and collect and exfiltrate sensitive data."
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |