Khabza Career Portal
Menu
  • Jobs
  • Companies Hiring
  • Government Jobs
    • Z83 Application Form
  • Where to study
    • SA Bursaries
  • News
    • Cover Letter and Resume
    • Career News
    • Business
    • Education
    • Fashion
    • Finance
    • Food
    • Health
    • How To
    • Law
    • Lifestyle
    • Marketing
    • Product
    • Property
    • SEO
    • Sport
    • Technology
    • Travel
  • About
    • Services
    • Contacts
    • Privacy Policy
    • Terms of Service
Menu
Hackers

Hackers continue to take advantage of the Log4Shell vulnerability, says US CISA

Posted on 29 June 202229 June 2022 by Khabza
0
SHARES
Facebook
Twitter

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Coast Guard Cyber Command (CGCYBER) warned that nation-state hackers are still exploiting Log4Shell (CVE-2021-44228), specifically targeting unpatched, Internet-facing VMware Horizon and Unified Access Gateway servers. This has been occurring since at least December 2021, one month after Log4Shell was discovered.

“As part of this exploit, suspected APT participants planted add-on malware on infected systems with embedded executables that can execute remote command and control (C2),” CISA warned. “In a confirmed compromise, these APT participants were able to move laterally within the network, access the disaster recovery network, and collect and compromise sensitive data.”

The CISA advisory emphasizes the necessity for product security teams to exercise special caution in identifying any software that includes dangerous Log4j packages. The Log4Shell issue presently impacts more than 1,800 products, so security teams shouldn’t stop at patching VMware Horizon and Unified Access Gateway servers, according to our records.

We noted the potential for Log4Shell to have a significant impact in our 2021 Year-End Vulnerability Quick Look report and noted that it has more references than any other vulnerability, including Heartbleed, POODLE, and Spectre v2. Our analysis shows that since the report’s publication, the overall number of affected products has grown by 11.6%. The total number of products affected by Log4Shell is expected to rise as long as we keep track of vulnerabilities.

Log4Shell, tracked as CVE-2021-44228 (CVSS score: 10.0), is a remote code execution vulnerability that affects the Apache Log4j logging repository used by a wide range of consumer and enterprise services, websites, applications and other products.

Understanding Vulnerability

Organizations should be aware of all suppliers and products that are known to be affected in order to stop attempts to exploit the Log4Shell vulnerability and other potentially exploitable vulnerabilities. They also need to be aware of vulnerabilities that lack a CVE ID for a fuller understanding.

VulnDB has been following this information and compiling the specifics onto its user-friendly platform since since the discovery of Log4Shell. In reality, our explanation and solution details disclose the precise VMware vulnerability method. Users of VulnDB can protect themselves from ongoing exploitation attempts by using this metadata.

Threats and Vulnerabilities Participants’ Chatter

It’s crucial for enterprises to comprehend the vulnerabilities threat actors are actively discussing and looking to exploit in the underworld community, in addition to the major vulnerabilities and supply chain/third-party problems they confront. This crucial knowledge can guide procedures that security teams can actively prioritize in order to patch potentially dangerous vulnerabilities, like Log4Shell.

View a demo of the Flashpoint vulnerability management tool.

Numerous more products could be at risk from CVE-2021-44228 right now, in addition to VMware and Unified Access Gateway. To find out how to backup and disaster-proof your important data right now, sign up for a free Vinhchin trial.

Vinchin Backup & Recovery provides a range of enterprise backup that minimize the impact on business networks and production systems, improve the transmission efficiency of backup data, decrease the amount of storage needed for backup data, and enable users to recover the pertinent virtual machines and their data at that point in time in just a few seconds and resume business system operation in a matter of minutes—all without ever affecting the original backup data. Because the entire procedure has no influence on the initial backup data, failure or disaster-related downtime is reduced, and the confidentiality of the backup data is ensured.

Vinchin Backup & Recovery provides Hyper-V backup and restore best practices that may be applied in various circumstances to guarantee that crucial data is completely protected against a variety of threats. VMware, XenServer/XCP-ng, Hyper-V, RHV/oVirt, OpenStack, Sangfor HCI, Oracle Linux Virtualization Manager, and Huawei FusionCompute are a few of the virtual environments it supports (Xen Based). Vinchin Backup & Recovery v6.5 now includes new features including oVirt backup for MSPs, Cross-Platform Recovery (V2V), Database Backup & Recovery, Backup Data Encryption & Backup Storage Protection, among others.

Latest post

  • Tips for Accessorizing With Women’s Jewelry
  • How to Find a Target Audience on YouTube in 2023
  • SEO Challenges in 2023 – How are the Top Search Engine Optimization Companies Preparing?
  • The Role of Search Engine Optimization (SEO) in Digital Marketing
  • The best desert safari activities to experience in Dubai
  • 7 Things You Should Know About Custom Jewelry Cardboard Boxes
  • Protect Your Photography Business with a Wyoming-Specific Contract Template
  • What To Expect from Thigh Lift Surgery
  • How to Select a Rewarding Career as Well as Get Job Satisfaction
  • 10 Types of Rudraksha Beads and Their Benefits
  • How the UK’s Best Accounting Outsourcing Services Are Re-establishing the Country as an International Business Leader?
  • What Classroom Features Should be Present in a Preschool?
  • Home Upgrades That Are Perfect for Growing Families
  • How To Take Your Bath and Shower Routine to the Next Level
  • Benefits Of A Will In The UK
  • How to Create a Standout Resume: Tips and Tricks for Success
  • Is it worth trading with the Investmarkets broker? – Traders Union gives the answer.
  • Insights from the Traders Union Experts for All Levels of Trading
  • Different Types of Therapy for Children Explained
  • Why you need home security system for your home?

Enter Your Name and E-mail Address to Get Updates




©2023 Khabza Career Portal | Theme by SuperbThemes