VMware is rushing to convince customers to apply the latest security guidance.
According to several cybersecurity companies monitoring the situation, attackers are still targeting VMware Horizon servers through Log4J vulnerabilities.
Two weeks ago, the UK’s National Health Service (NHS) issued a warning that an ‘unknown threat group’ is attempting to exploit a Log4j vulnerability (CVE-2021-44228) in VMware Horizon servers to establish web shells that could be used to distribute malware and ransomware, steal sensitive information, and complete other malicious attacks.
Since then, several cybersecurity companies have confirmed that hackers are continuing to target VMware Horizon servers. In a statement to ZDNet, VMware said they are continuing to urge customers to apply the latest guidance found in their security advisory, VMSA-2021-0028, in order to resolve vulnerabilities CVE-2021-44228 and CVE-2021-4504.
Log4j: The background
Log4j is a logging framework for java applications and has been an integral part of many programs since the mid-1990s. Cloud storage companies like Google, Amazon, and Microsoft, which are the digital hotline for millions of other applications, have been hit hard. The same goes for other IT giants like IBM, Oracle, and Salesforce, as well as thousands of Internet-connected devices like televisions and security cameras.
Thanks to this easily accessible framework that companies have been using, hackers have an opportunity to enter the digital space to steal or plant information. Malware has a new opportunity to try to infiltrate almost anywhere it wants to. This does not mean that everyone will suffer some kind of attack, but it is certainly an event that makes it much easier to do so by threat actors.
The latest response from VMware regarding Log4j appeared last week in a blog post by the VMware Security Engineering Team. The post instructs customers to immediately read VMware Security Advisory VMSA-2021-0028 and the corresponding Questions & Answers document. “VMware support and engineering are on stand-by to support customers as needed,” they said.
Th epost ends with a dire warning. “While most customers have followed the guidance, those who have not done so remain at risk,” they added. “The security of our customers is our top priority at VMware, and we encourage immediate action. Customers should also sign up for the VMware Security Announce Mailing List for all future security advisories.”