Initial access broker group Prophet Spider has been found exploiting the Log4j vulnerability in VMware Horizon, according to a new report from researchers with BlackBerry Research & Intelligence and Incident Response teams. Given how widely used VMware Horizon is used, this is a major threat.
Jorge Orchilles, CTO, SCYTHE had this to say:
“Initial Access Brokers leverage any opportunity to gain access to an organization. They must maintain that access as they sell it and hand it off to the buyer. Today the exploit being used is for Log4j, tomorrow it will be another. As defenders, we want to be able to detect and respond to the inevitable exploit that will one day break through our protection. Regardless of the exploit, we can detect and respond to what happens after by testing, training, and improving our people, process, and security controls. This is an ever evolving field, we must collaborate to stay ahead of the threats.”
This is the key thing:
The exact number of applications (and the various versions) affected by these vulnerabilities may never be fully known. Although VMware released a patch and mitigation guidance in December 2021 in response to the vulnerability, many implementations remain unpatched, leaving them susceptible to exploitation.
Thus if you haven’t got about patching, you may want to hop to it ASAP seeing as this is being exploited.
Like this:
Like Loading...
Related
This entry was posted on January 26, 2022 at 3:46 pm and is filed under Commentary with tags Security, VMWare. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The IT Nerd 
Prophet Spider Is Exploiting Log4j Vulnerabilities In VMware Horizon
Initial access broker group Prophet Spider has been found exploiting the Log4j vulnerability in VMware Horizon, according to a new report from researchers with BlackBerry Research & Intelligence and Incident Response teams. Given how widely used VMware Horizon is used, this is a major threat.
Jorge Orchilles, CTO, SCYTHE had this to say:
“Initial Access Brokers leverage any opportunity to gain access to an organization. They must maintain that access as they sell it and hand it off to the buyer. Today the exploit being used is for Log4j, tomorrow it will be another. As defenders, we want to be able to detect and respond to the inevitable exploit that will one day break through our protection. Regardless of the exploit, we can detect and respond to what happens after by testing, training, and improving our people, process, and security controls. This is an ever evolving field, we must collaborate to stay ahead of the threats.”
This is the key thing:
The exact number of applications (and the various versions) affected by these vulnerabilities may never be fully known. Although VMware released a patch and mitigation guidance in December 2021 in response to the vulnerability, many implementations remain unpatched, leaving them susceptible to exploitation.
Thus if you haven’t got about patching, you may want to hop to it ASAP seeing as this is being exploited.
Share this:
Like this:
Related
This entry was posted on January 26, 2022 at 3:46 pm and is filed under Commentary with tags Security, VMWare. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.