BROADCASTS.com

CISA and the US Coast Guard Cyber Command are releasing this joint Cybersecurity Advisory to warn network defenders that cyber threat actors, including state-sponsored APT actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon and Unified Access Gateway servers to obtain initial access to organizations that did not apply available patches or workarounds.\nAA22-174A Alert, Technical Details, and Mitigations\nMalware Analysis Report 10382254-1 stix\nMalware Analysis Report 10382580-1 stix\nCISA\u2019s Apache Log4j Vulnerability Guidance webpage\nJoint CSA Mitigating Log4Shell and Other Log4j-Related Vulnerabilities\nCISA\u2019s database of known vulnerable services on the CISA GitHub page\nSee National Security Agency (NSA) and Australian Signals Directorate (ASD) guidance Block and Defend Web Shell Malware for additional guidance on hardening internet-facing systems.\nAll organizations should report incidents and anomalous activity to CISA\u2019s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI\u2019s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.\nLearn more about your ad choices. Visit megaphone.fm/adchoices