Log4j flaw: Attackers are targeting Log4Shell vulnerabilities in VMware Horizon servers, says NHS

The UK’s National Health Service (NHS) has issued a warning that hackers are actively targeting Log4J vulnerabilities and is recommending that organisations within the health service apply the necessary updates in order to protect themselves. 

An advisory by NHS Digital says that an ‘unknown threat group’ is attempting to exploit a Log4j vulnerability (CVE-2021-44228) in VMware Horizon servers to establish web shells which could be use to distribute malware, ransomware, steal sensitive information and other malicious attacks. 

It’s unclear if the warning has been issued because attacks targeting NHS systems have been detected, or if the advisory has been released as a general precaution because of the ongoing problem of the critical security vulnerability in Java logging library Apache Log4j which was disclosed in December

“We are aware of an exploit and are actively monitoring the situation. We will support our partners with the system response to this critical vulnerability and will continue to provide guidance to NHS organisations,” an NHS spokesperson told ZDNet. 

The attacks being warned against exploit the Log4Shell vulnerability in the Apache Tomcat service embedded within VMware Horizon. Once the weaknesses have been identified, the attack uses the Lightweight Directory Access Protocol (LDAP) to execute a malicious Java file that injects

Read More: https://www.zdnet.com/article/log4j-flaw-attackers-are-targeting-log4shell-vulnerabilities-in-vmware-horizon-servers-says-nhs/#ftag=RSSbaffb68