In January, we started seeing attackers taking advantage of the vulnerabilities in internet-facing systems, eventually deploying ransomware. There is high potential for the expanded use of the vulnerabilities.
Sophisticated adversaries (like nation-state actors) and commodity attackers alike have been observed taking advantage of these vulnerabilities. Microsoft has observed attackers using many of the same inventory techniques to locate targets. Customers are encouraged to utilize scripts and scanning tools to assess their risk and impact. By nature of Log4j being a component, the vulnerabilities affect not only applications that use vulnerable libraries, but also any services that use these applications, so customers may not readily know how widespread the issue is in their environment. This open-source component is widely used across many suppliers’ software and services. Janurecap – The Log4j vulnerabilities represent a complex and high-risk situation for companies across the globe.
Microsoft Purview Communication Compliance.Microsoft Purview Insider Risk Management.Risk management & privacy Risk management & privacy.Microsoft Defender External Attack Surface Management.Microsoft Defender Cloud Security Posture Mgmt.Microsoft Defender Vulnerability Management.
Azure Active Directory part of Microsoft Entra.The report also showed that Log4Shell was also used by Lazarus to distribute the Jin Miner cryptominer instead. The info-stealer has been discovered to have been able to exfiltrate browser-based search histories and account credentials, names of recently used MS Office and Hancom 2010 files, and email account data from MS Office Outlook, Outlook Express, and Windows Live Mail. Researchers found that the C++-based NukeSped backdoor features screenshot capturing, file accessing, and key press recording capabilities, and has been leveraged by Lazarus for deploying a console-based information-stealer malware. Vulnerable VMware Horizon servers have been attacked since last month by Lazarus, which has been abusing Log4Shell via the servers' Apache Tomcat service to facilitate PowerShell command execution and eventual NukeSped backdoor installation, a report from AhnLab's ASEC revealed. North Korean state-sponsored hacking operation Lazarus has been targeting VMware Horizon servers in malware attacks exploiting the Log4Shell remote code execution flaw, tracked as CVE-2021-44228, reports BleepingComputer.
0 kommentar(er)
