The attack likely consists of a reconnaissance phase, where the attacker uses the Java Naming and Directory Interface (JNDI) via Log4Shell payloads to call back to malicious infrastructure, said the alert. Microsoft’s report follows a January 5th alert by the U.K.’s National Health Service that attackers are actively targeting Log4Shell vulnerabilities in VMware Horizon servers in an effort to establish web shells. ![]() “Our investigation shows that successful intrusions in these campaigns led to the deployment of the NightSky ransomware,” Microsoft said in its cumulative blog on Log4Shell. The latest warning comes from Microsoft, which said Monday that as early as January 4, attackers from a China-based ransomware operator it calls DEV-0401 started exploiting the CVE-2021-44228 vulnerability in internet-facing systems running VMware Horizon. Threat actors continue trying to exploit the vulnerabilities in the open-source Apache log4j2 library collectively known as Log4Shell, according to security researchers, meaning IT teams have to work faster at finding and remediating evidence of the bugs in their software. Artificial Intelligence (739) Auto Tech (26) Blockchain (133) CanadianCIO (75) Careers & Education (4401) Channel Strategy (21) Cloud (1961) Communications & Telecom (303) Companies (456) Data & Analytics (1230) Development (597) Digital Transformation (1093) Distribution (120) Diversity & Inclusion (36) Ecommerce (75) Emerging Tech (24088) End User Hardware (17) Engineering (76) Financial Services (87) FinTech (69) Future of Work (295) Governance (82) Government & Public Sector (5939) Human Resources (790) Infrastructure (8477) IoT (6161) ITWC Morning Briefing (98) Leadership (4245) Legal (70) Legislation (105) Managed Services & Outsourcing (4300) Marketing (49) MarTech (2) Medical (15) Mobility (3412) Not For Profit (10) Open Source (18) Operations (61) People (77) Podcasts (1815) Privacy (529) Project Management (1099) Security (7216) Service (36) Smart Home (12) SMB (38) Social Networks (114) Software (4097) Supply Chain (102) Sustainability (54) Tech in Sports (4) Women in Technology (163)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |