The findings should prompt organizations to adopt self-training machine learning models to identify exploitation of software vulnerabilities, according to Gurucul founder and CEO Saryu Nayyar.
Two different reverse shell types have also been deployed by the threat actors. Malicious actors have been exploiting the widespread Log4Shell vulnerability to infect vulnerable VMware Horizon servers with backdoors and miners, reports Threatpost. if your organization is running vmware horizon and unified access gateway servers and you haven’t implemented the patches or workarounds to fix/mitigate the log4shell vulnerability (cve-2021-44228). VMware is urging customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks. Attackers have also launched implants of Sliver and the legitimate tools Atera and Splashtop Streamer as backdoor payloads. Researchers discovered that miners deployed on Horizon servers included the z0Miner and JavaX miner, as well as the Mimu and Jin variants of the XMRig commercial cryptominer. "Attempts to compromise Horizon servers are among the more targeted exploits of Log4Shell vulnerabilities because of their nature," said Sophos, which noted that the peak of Log4j attacks targeted at Horizon have been ongoing since it began on Jan. Log4Shell exploited to infect VMware Horizon servers with backdoors, crypto miners ZDNet. While VMware has already issued fixes to address the flaw in Horizon servers, many organizations may still have not applied the newer versions or the provided remediations, a Sophos report revealed. Three backdoors and four miners have been. Malicious actors have been exploiting the widespread Log4Shell vulnerability to infect vulnerable VMware Horizon servers with backdoors and miners, reports Threatpost. Log4Shell exploited to infect VMware Horizon servers with backdoors, crypto miners.