The exact number of applications (and the various versions) affected by these vulnerabilities may never be fully known.
Due to Log4j’s popularity in many applications (including VMware), combined with the severity of the exploit, security teams were recently left scrambling in the wake of widespread exploitation of this new attack vector. “ Log4Shell” is a moniker used to refer to a combination of remote code execution (RCE) vulnerabilities ( CVE-2021-44228, CVE-2021-45046, CVE-2021-44832) identified in Apache Log4j, a logging framework based on Java which is incorporated into Apache web servers all over the world.
This article highlights the recent indicators of compromise (IoCs) that we’ve observed.ĭefenders concerned that they may have been a victim of these attacks can make use of these IoCs and detection methods to identify evidence of compromise within their environment. The BlackBerry Research & Intelligence and Incident Response (IR) teams have found evidence correlating attacks by the Initial Access Broker (IAB) group Prophet Spider with exploitation of the Log4j vulnerability in VMware Horizon.
0 kommentar(er)
