Challenges of securing open-source supply chains. Kazakhstan shuts down its Internet. Ransomware at a school website provider.
Log4j and the offense-defense seesaw. (The CyberWire) Log4j vulnerabilities are now part of the familiar action-reaction cycle between attackers and defenders.
Log4Shell Vulnerabilities in VMware Horizon Targeted to Install Web Shells (NHS Digital) Attackers are actively targeting Log4Shell vulnerabilities in VMware Horizon servers in an effort to establish web shells.
UK NHS: Threat actor targets VMware Horizon servers using Log4Shell exploits (The Record by Recorded Future) The security team of the UK National Health Service (NHS) said that it detected an unknown threat actor using the Log4Shell vulnerability to hack VMWare Horizon servers and plant web shells for future attacks.
Attacks Target Log4j Bug in VMware Horizon (Decipher) An unknown threat group is exploiting the Log4j vulnerability in VMware Horizon servers to install webshells for further malicious activity.
CISA: Federal Agencies Taking Steps to Address Log4j Flaw (Decipher) CISA said that thousands of internet-connected assets have been mitigated by federal agencies under its Emergency…