Iranian APT Actors Breached a US Government Network
CISA says Federal Civilian Executive Branch systems were compromised through a Log4Shell vulnerability in an unpatched VMware Horizon server.
Log4Shell is a critical flaw in Apache Log4j that can let attackers execute code remotely in Java applications using the library.
Search across headline titles and summaries.
Background for this topic.
Log4Shell is a remote-code-execution vulnerability in Apache Log4j, a Java library used to record application events. Identified as CVE-2021-44228, it can be triggered when an affected Log4j version processes attacker-controlled text containing a specially crafted lookup. In vulnerable configurations, that lookup can cause the application to contact an attacker-controlled service and load code, potentially giving the attacker control of the host. Exploitation is not automatic in every deployment, but the library’s widespread use made the vulnerability significant.
Security teams must account for Log4j bundled inside applications and other dependencies, not only software they installed directly. Vulnerability management therefore requires dependency inventory, version verification, and upgrading or otherwise mitigating affected installations according to Apache’s guidance. Teams should also review application and network logs for exploitation attempts, restrict unnecessary outbound connections, and investigate systems that may have processed malicious lookups. If compromise is suspected, response may require isolating the host and rotating credentials or secrets accessible to the affected process.
CISA says Federal Civilian Executive Branch systems were compromised through a Log4Shell vulnerability in an unpatched VMware Horizon server.
Threat actors installed crypto-miner and achieved persistence
Iranian government-sponsored threat actors have been blamed for compromising a U.S. federal agency by taking advantage of the Log4Shell vulnerability in an unpatched VMware Horizon server
The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware. [...]
Researchers at cloud coding security company Oxeye have written up a critical bug that they recently discovered in the popular cloud development toolkit Backstage. Their report includes an explanation of how the bug works, plus proof-of-concept (PoC) code showing how to exploit it. Backstage is what’s known as a cloud developer portal – a sort […]