CISA Alert AA22-174A – Malicious cyber actors continue to exploit Log4Shell in VMware Horizon systems. [CISA Cybersecurity Alerts]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 24 June 2022

⏱️ 3 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

CISA and the US Coast Guard Cyber Command are releasing this joint Cybersecurity Advisory to warn network defenders that cyber threat actors, including state-sponsored APT actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon and Unified Access Gateway servers to obtain initial access to organizations that did not apply available patches or workarounds. AA22-174A Alert, Technical Details, and Mitigations Malware Analysis Report 10382254-1 stix Malware Analysis Report 10382580-1 stix CISA’s Apache Log4j Vulnerability Guidance webpage Joint CSA Mitigating Log4Shell and Other Log4j-Related Vulnerabilities CISA’s database of known vulnerable services on the CISA GitHub page See National Security Agency (NSA) and Australian Signals Directorate (ASD) guidance Block and Defend Web Shell Malware for additional guidance on hardening internet-facing systems. All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at [email protected] or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or [email protected].

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	This is a CISA cybersecurity alert.
0:14.0	ID number Alpha Alpha 22 TAC 174 Alpha.
0:20.0	Original release date, June 23rd, 2022.
0:23.3	CISA and the U.S. Coast Guard Cyber Command are releasing this joint advisory
0:31.6	to warn network defenders that cyber threat actors,
0:34.0	including state-sponsored APT actors, have continued to exploit the Log4 Shell vulnerability
0:38.6	in VMware Horizon and Unified Access Gateway servers to obtain initial access to organizations that did not apply
0:45.1	available patches or workarounds.
0:47.0	Log4 Shell is a remote code execution vulnerability affecting the Apache Log4J
0:52.1	library and a variety of products such
0:54.4	as consumer and enterprise services, websites, applications, certain versions of
0:58.5	VMware Horizon and Unified Access Gateway servers.
1:02.7	The vulnerability enables malicious cyber actors to submit a specially crafted request to a vulnerable
1:07.4	system.
1:08.2	The request allows the malicious actors to take full control of the affected system.
1:13.0	VMware made fixes available in December 2021.
1:16.0	Since then, multiple threat actor groups have exploited Log4 Shell on unpatched public facing
1:21.0	VMware Horizon and Unified Access Gateway servers.
1:24.8	As a part of this exploitation, suspected APT actors implanted loader malware on compromise systems
1:29.9	with embedded executables, enabling remote command and control.
1:33.9	In one confirmed compromise, these APT actors were able to move laterally inside the network,
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.