Tech

VMware Horizon servers are under active exploit by Iranian state hackers

Enlarge (credit: Getty Images) Hackers aligned with the government of Iran are exploiting the critical Log4j vulnerability to infect unpatched VMware users with ransomware, researchers said on Thursday. Security firm SentinelOne has dubbed the group TunnelVision. The name is meant to emphasize TunnelVision’s heavy reliance on tunneling tools and the unique way it deploys them. […]

Tech

Patch systems vulnerable to critical Log4j flaws, UK and US officials warn

Enlarge (credit: Getty Images) Criminals are actively exploiting the high-severity Log4Shell vulnerability on servers running VMware Horizon in an attempt to install malware that allows them to gain full control of affected systems, the UK’s publicly funded healthcare system is warning. CVE-2021-44228 is one associated with the most severe vulnerabilities to come to light in […]

Tech

As Log4Shell wreaks havoc, payroll service reports ransomware attack

Enlarge (credit: Getty Images) As the world is beset by Log4Shell , arguably the most severe vulnerability ever, one of the biggest payroll processors will be reporting a ransomware attack that has taken its systems offline for at least the next several weeks. The company said on Sunday that services using the Kronos Private Cloud […]

Tech

The Log4Shell zeroday 4 days on. What is it and how bad is it really?

Enlarge (credit: Getty Images / Bill Hinton ) Log4Shell is the name given to a critical zeroday vulnerability that surfaced on Thursday when it was exploited in the wild in remote-code compromises against Minecraft servers. The source of the vulnerability was Log4J, the logging utility used by thousands if not millions of apps, including those […]

Tech

The Internet’s biggest players are all affected by critical Log4Shell 0-day

Enlarge (credit: Kevin Beaumont ) The list of services with Internet-facing infrastructure that is vulnerable to a critical zero-day vulnerability in the open source Log4j logging utility is immense and reads like a who’s who of the biggest names on the Internet, including Apple, Amazon, Cloudflare, Steam, Tesla, Twitter, and Baidu. The vulnerability, now going […]