Breaking News

Tips for Faster Internet Speeds US Department of Labor announces availability of up to $1M in funding Brookwood-Sago grants for mine safety and health education, training Alabama Media Portal 2.0 – Press Releases Operator of Memphis franchise sandwich shop violated child labor laws, federal investigation into minor-aged worker’s injury finds Sanofi-GSK first to report a successful efficacy study against Omicron with COVID-19 Beta-containing vaccine Governor Newsom and LGBTQ Caucus Lift Up California’s Fight for Equality   – California Governor Unemployment Insurance Weekly Claims Report Becton, Dickinson and Company agrees to pay $499K to resolve alleged hiring discrimination at Nebraska subsidiaries in Columbus, Holdrege

 CISA and the United States Coast Guard Cyber Command (CGCYBER) have released a joint Cybersecurity Advisory (CSA) to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers to obtain initial access to organizations that did not apply available patches. The CSA provides information—including tactics, techniques, and procedures and indicators of compromise—derived from two related incident response engagements and malware analysis of samples discovered on the victims’ networks.

CISA and CGCYBER encourage users and administrators to update all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell, treat all affected VMware systems as compromised. See joint CSA Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems for more information and additional recommendations.
 

Source link