Threat Actor Is Using Log4Shell Vulnerability to Plant Web Shells on VMWare Horizon Servers

Polish leader admits country purchased Pegasus spyware, Log4Shell-like flaw afflicts H2 database consoles, FIN7 has been sending malicious USB devices, Power struggles arise in WH cyber circles, more

Check out my latest CSO column, which recaps the FTC’s warning on Log4j and highlights how another government agency, the SEC, is taking a dim view regarding failures to remediate Log4j vulnerabilities.

In the second known instance of a VMWare product targeted via the Log4Shell vulnerability, the UK National Health Service (NHS) security team said that it detected an unknown threat actor using the Log4Shell vulnerability to hack VMWare Horizon servers and plant web shells for future attacks.

VMWare issued a patch for the vulnerability, but the NHS says it is now seeing attacks trying to identify VMWare Horizon servers that haven’t been patched. The NHS released instructions on how to detect possible signs of exploitation. (Catalin Cimpanu / The Record)

Related: ZDNet Security, Bleeping Computer, The Register - Security, Security Affairs, The Hacker News, Dark Reading, Ars Technica, NHS Digital

Poland’s most powerful politician, Jaroslaw Kaczynski, the leader of the ruling conservative par…