Article 5W8TA VMware Horizon servers are under active exploit by Iranian state hackers

VMware Horizon servers are under active exploit by Iranian state hackers

by
Dan Goodin
from Ars Technica - All content on (#5W8TA)
iran-hack-800x534.jpeg

Enlarge (credit: Getty Images)

Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said on Thursday.

Security firm SentinelOne has dubbed the group TunnelVision. The name is meant to emphasize TunnelVision's heavy reliance on tunneling tools and the unique way it deploys them. In the past, TunnelVision has exploited so-called 1-day vulnerabilities-meaning vulnerabilities that have been recently patched-to hack organizations that have yet to install the fix. Vulnerabilities in Fortinet FortiOS (CVE-2018-13379) and Microsoft Exchange (ProxyShell) are two of the group's better-known targets.

Enter Log4Shell

Recently, SentinelOne reported, TunnelVision has started exploiting a critical vulnerability in Log4j, an open source logging utility that's integrated into thousands of apps. CVE-2021-44228 (or Log4Shell, as the vulnerability is tracked or nicknamed) allows attackers to easily gain remote control over computers running apps in the Java programming language. The bug bit the Internet's biggest players and was widely targeted in the wild after it became known.

Read 9 remaining paragraphs | Comments

index?i=pIXUynNEs4w:D79w-ihjrqQ:V_sGLiPB index?i=pIXUynNEs4w:D79w-ihjrqQ:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments