Hackers continue to use the Log4Shell vulnerability to hack into VMware servers


The US Cybersecurity and Infrastructure Agency (CISA) and the Coast Guard Cyber Command (CGCYBER) have warned information security specialists that the Log4Shell vulnerability in VMware and Unified Access Gateway (UAG) services is still being used by hackers. CVE-2021-44228 has a score of 10 out of 10 on the CVSS scale and poses a threat to organizations that have not applied the appropriate security fixes.

The full text of the warning details several recent cases where hackers successfully exploited a vulnerability to gain access to the victim’s servers. In one case, hackers managed to collect confidential target information and then delete it.

“This vulnerability is no different from others – it was discovered, issued a flurry of warnings and fixes, and then forgotten,” said Kumar Saurabh, CEO and co–founder of LogicHub Inc. “But even if the vulnerability has already been fixed, it is very important to remain vigilant and apply security updates on time.”

In connection with the latest attacks, CISA and CGCYBER recommend that all organizations install the latest VMware and UAG updates, keep the software up to date and give priority to fixing the vulnerabilities found.

Start a discussion …