VMware: Patch Horizon servers against ongoing Log4j attacks!


Level 37
Thread author
Top Poster
Feb 4, 2016
VMware urges customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks.
Following successful exploitation, threat actors deploy custom web shells into the VM Blast Secure Gateway service to gain access to organizations' networks, according to a recent NHS Digital report about VMware Horizon systems attacked with Log4Shell exploits.

This allows them to carry out various malicious activities, including data exfiltration and deployment of additional malware payloads such as ransomware.

Microsoft also warned two weeks ago of a Chinese-speaking threat actor tracked as DEV-0401 who deploys Night Sky ransomware on Internet-exposed VMware Horizon servers using Log4Shell exploits.
In an email to Bleeping Computer today, VMware said they are strongly urging customers to patch their Horizon servers to defend against these active attacks.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.