Node.js has released several fixes for vulnerabilities in the JavaScript runtime environment, which could lead to arbitrary code execution, HTTP request smuggling, DNS rebinding vulnerability and other bugs

North Korea-linked Lazarus APT uses Log4J to target VMware servers

North Korea-linked Lazarus APT uses Log4J to target VMware servers

North Korea-linked Lazarus APT is exploiting the Log4J remote code execution (RCE) in attacks aimed at VMware Horizon servers. North Korea-linked group Lazarus is exploiting the Log4J RCE vulnerability (CVE-2021-44228) to compromise VMware Horizon servers. Multiple threat actors are exploiting this flaw since January, in January VMware urged customers to patch critical Log4j security…

View On WordPress

RT @TheHackersNews: A "potentially destructive actor" aligned with the Iranian government is actively exploiting the known #Log4j #vulnerability to infect unpatched #VMware Horizon servers with #ransomware. Read details: https://t.co/PONC5U2Kim #infosec #cybersecurity #hacking (via Twitter https://twitter.com/TheHackersNews/status/1494983573325041666)

In 2021, about 80% of businesses experienced an email-based ransomware assault.

Proofpoint presented research on Tuesday claiming that in 2021, 78 percent of firms would suffer an email-based ransomware assault, and 77 percent will encounter business email compromise (BEC) threats.

 Proofpoint's State of the Phish report for 2022 concluded that hackers are still focusing on compromising individuals rather than using technical flaws to get access to systems.

 According to Alan Lefort, senior vice president and general manager of security awareness training at Proofpoint, "email remains the preferred attack tool for cyber criminals, so there's definite value in developing a culture of security." "As the threat landscape evolves and work-from-anywhere becomes more popular, it's vital that firms empower their employees and support their efforts to learn and apply new cyber skills at work and at home."

 According to Matthew Warner, co-founder and CTO of Blumira, phishing has become one of the most popular means of ransomware entry into an environment. To get initial access, some ransomware gangs would brute force public RDP servers or exploit vulnerabilities like Exchange with ProxyShell or VMWare Horizon with Log4j, according to Warner, although this requires more tools and targeting.

 "It has long been proven — and the Proofpoint figures support this — that attackers will succeed if they hit a company with phishing emails enough times," Warner said. "Then it's just a question of whether the attackers can send weaponized documents via email or persuade the victim to download and run a payload." Ransomware created from phishing has become just another tool for attackers in the grand system of defensive protection. The chances of success grow dramatically if threat actors can send phishing emails while concurrently checking for known-vulnerable services and credential stuffing."

 It's not that 78 percent of the 600 survey participants were victims of a full-fledged ransomware attack, according to Chris Clements, vice president of solutions architecture at Cerberus Sentinel, but that they saw phishing emails that attempted to begin a ransomware attack.

 "In light of that, the 78 percent figure seemed to me to be quite low," Clements added. "I would expect any firm of any size to receive a phishing email attempting to deploy ransomware over the course of a year." It's possible that all of the respondents received ransomware-targeted phishing attempts, but that they went unnoticed or were stopped by spam filtering or antivirus measures that the participants were unaware of."

Access broker found exploiting Log4j vulnerability in VMware

A gang of cybercriminals known for breaking into computer systems and selling access to them has been discovered exploiting an Apache Log4j vulnerability, Log4Shell, in  unpatched VMware Horizon to plant cryptominers and backdoors on targeted systems. https://jpmellojr.blogspot.com/2022/01/access-broker-found-exploiting-log4j.html

12 de Enero, 2022

Internacional

Ransomware usa el error Log4j para hackear

La pandilla de ransomware Night Sky ha comenzado a explotar la vulnerabilidad crítica CVE-2021-44228 en la biblioteca de registro Log4j, también conocida como Log4Shell, para obtener acceso a los sistemas VMware Horizon. El actor de amenazas se dirige a máquinas vulnerables expuestas en la web pública desde dominios que se hacen pasar por empresas legítimas, algunas de ellas en los sectores de tecnología y ciberseguridad. La compañía agrega que el grupo es conocido por implementar otras familias de ransomware en el pasado, como LockFile, AtomSilo y Rook.

 E.@. Los ataques anteriores de este actor también aprovecharon los problemas de seguridad en los sistemas conectados a Internet como Confluence (CVE-2021-26084) y los servidores Exchange locales (CVE-2021-34473 – ProxyShell). Se cree que Night Sky es una continuación de las operaciones de ransomware antes mencionadas. El vínculo con el ransomware Rook ya se ha establecido. Después de aplicar ingeniería inversa al malware, Jiří Vinopal, analista forense del CERT de la República Checa, descubrió que Night Sky es una bifurcación del ransomware Rook.

Microsoft señala que los operadores de ransomware Night Sky confían en servidores de comando y control que se hacen pasar por dominios utilizados por empresas legítimas como las empresas de ciberseguridad Sophos, Trend Micro, las empresas de tecnología Nvidia y Rogers Corporation. La advertencia de Microsoft se produce inmediatamente después de otra alerta del Servicio Nacional de Salud (NHS) del Reino Unido el 5 de enero sobre los actores de amenazas que apuntan a las implementaciones de VMware Horizon con exploits Log4Shell.

Explotar el error para lograr la ejecución del código sin autenticación requiere un esfuerzo mínimo. Un actor de amenazas puede iniciar una devolución de llamada o solicitud a un servidor malicioso que pasa solo necesita visitar un sitio o buscar una cadena específica para provocar una devolución de llamada del servidor a una ubicación maliciosa. La falla de seguridad se puede aprovechar de forma remota en máquinas vulnerables expuestas en Internet pública o desde la red local, por un adversario local para moverse lateralmente a sistemas internos sensibles.

Fuente

​Log4jHorizon A proof of concept for VMWare Horizon instances and allows attackers to execute...

​Log4jHorizon A proof of concept for VMWare Horizon instances and allows attackers to execute code as an unauthenticated user using a single HTTP request. Research: https://www.sprocketsecurity.com/blog/crossing-the-log4j-horizon-a-vulnerability-with-no-return Exploit: https://github.com/puzzlepeaches/Log4jHorizon #log4j #vmware #horizon #rce

-

A remote code execution (RCE) vulnerability(CVE-2021-22941) affecting Citrix ShareFile Storage Zones Controller, was used by Prophet Spider to attack a Microsoft Internet Information Services (IIS) web server. The attacker took advantage of the flaw to launch a WebShell that allowed the download of further tools.

Prophet Spider also exploits known Log4j vulnerabilities in VMware Horizon (CVE-2021-44228, CVE-2021-45046, CVE-2021-44832). Prophet Spider most typically used encoded PowerShell instructions to download a second-stage payload to the targeted PCs after exploiting the vulnerabilities. The specifics of that payload are determined by the attacker’s motivations and aims, such as crypto mining, ransomware, and extortion.

VMware Warns of Log4j Attacks Targeting Horizon Servers

VMware Warns of Log4j Attacks Targeting Horizon Servers

VMware is urging customers to patch their VMware Horizon instances as these systems have been targeted in a recent wave of attacks exploiting the Log4Shell vulnerability. read morehttp://dlvr.it/SHvGsv

View On WordPress

. . هانی پات های بیت دیفندر در حال گزارش حملات روز صفر Log4Shell با نیاز به وصله بلادرنگ می باشند. Log4shell یک آسیب پذیری روز صفر در کتابخانه Log4j جاوا است که به مهاجمان اجازه می دهد تا اسکریپت هایی را بر روی سرورهای مورد هدف، به منظور کنترل کامل از راه دور، بارگزاری و اجرا نمایند. هانی پات های بیت دیفندر با شروع به ثبت این حملات بر شدت این آسیب پذیری ها تاکید ویژه دارند. Log4j صرفا یک کتابخانه جاوا نیست و در بسیاری از سرورها و سرویس های خدماتی در سراسر جهان تعبیه شده است و توسط شرکت هایی مانند Apple، Amazon، VMWare، Apachi، Elastic و بسیاری دیگر مورد استفاده می باشد. Log4Shell (CVE-2021-44228) دارای امتیاز 10/10 است، بدین معنی که مهاجمان می توانند از راه دور و بدون هیچ ورودی از جانب قربانی از آن سواستفاده کنند. قطعاً تخمین تاثیر عظیم Log4Shell دشوار خواهد بود. بنیاد نرم افزار آپاچی یک وصله اضطراری عرضه نموده و اکنون Log4j 2.15.0 در دسترس عموم است. شبکه جهانی هانی پات های بیت دیفندر شاهد تلاش فعالانه مهاجمان برای به خطر انداختن سرویس های مختلف وب هستند. تعداد کل اسکن‌های استفاده از Log4Shell در یک روز سه برابر افزایش یافته است، به این معنی که به احتمال زیاد ما در ابتدای راه هستیم. در حالی که اکثر اسکن ها هدف خاصی ندارند، به نظر می رسد حدود 20 درصد از تلاش ها در جستجوی سرویس های آسیب پذیر Apache Solr هستند. اکثر این اسکن ها از آدرس های IP مستقر در روسیه نشأت می گیرند. این آسیب پذیری بر روی محصولات VMWare نظیر vCenter، Horizon، NSX و ... ؛ تاثیر بسیار مخربی دارد و تلاش برای بهره برداری از این آسیب پذیری در سطح گسترده توسط VMWare نیز تایید شده است. باید توجه داشت که مهاجمان قادر به استفاده از این آسیب پذیری برای حملات باج افزاری و رمزگذاری تمامی ماشین های مجازی بر روی بستر VMWare خواهند بود. ما معتقدیم که در حال حاضر شاهد شروع یک کمپین بسیار طولانی هستیم!!! برای پیشگیری و وصله این آسیب پذیری با ما تماس بگیرید. #bitdefender #adrion #adrion_ir #log4shell #log4j #vmware #apple #amazon #apachi #vcenter #ransomware #hack #vulnerability #zeroday #honeypot #securitynews #بیت_دیفندر #آدرین #حمله_سایبری #افتا — view on Instagram https://ift.tt/33KeiiT

Attackers Hitting VMWare Horizon Servers With Log4j Exploits

Attackers Hitting VMWare Horizon Servers With Log4j Exploits

Threat hunters in the U.K.’s National Health Service have raised an alarm for an unknown threat actor hitting vulnerable VMWare Horizon servers with exploits for the ubiquitous Log4j security flaw. read morehttp://dlvr.it/SGjwpS

View On WordPress