The backdoors are possibly delivered by Initial Access Brokers. Therefore, the company reiterates the importance of proceeding as soon as possible a download the latest software versions.A new technical paper, “ Horde of Miner Bots and Backdoors Leveraged Log4J to Attack VMware Horizon Servers,” details the tools and techniques used to compromise the servers and deliver three different backdoors and four cryptominers. It is worth pointing out that VMware has reported other security holes important, affecting other products than the two mentioned at the opening of this article. While such conduct can be dangerous since attackers could take advantage of it to conduct attacks, the use of PoCs actually helps improve security and systems through testing and allows you to validate patches and fixes already in place. Several researchers have already made gods Proof of Conceptcreating exploit functional based on this security flaw. Several criminal groups exploit malware to mine cryptocurrencies Given the particularly serious nature of this vulnerability and its possible ramifications, the company recommends, however, to immediately install the relevant patches according to the instructions contained in VMSA-2021-0011. VMware has already shared the list of affected products and procedures for solve the problem, especially to help administrators still unable to update immediately. The flaw has already been exploited in attacks aimed at infecting servers with coin minera type of malware which allows you to take advantage of the hardware resources of the affected machine for the cryptocurrency mining.
It is also referred to as “Critical” with a CVSS score of 9.8. The vulnerability relates to remote code execution ( RCE), and has been classified with the code CVE-2022-22954 in the National Vulnerability Database of the United States.
Such as reported by VMware itself, one was encountered extremely serious security breach relating VMware Workspace ONE Access And VMware Identity Manager, two very popular software.
0 kommentar(er)
