Prophet Spider, an initial access broker gang, has been linked to a series of malicious operations that take use of the Log4Shell vulnerability in unpatched VMware Horizon Servers. Log4Shell is a vulnerability in the popular Apache Log4j package that allows remote code execution by logging a specifically constructed string. Threat actors have been keen to operationalize this new attack vector for a variety of intrusion operations to obtain complete control of afflicted systems once the bug was publicly disclosed last month. Prophet Spider mainly obtains access to victims by compromising vulnerable web servers and achieving operational goals with a number of low-prevalence technologies. The footholds are sold to the highest bidder on underground forums on the dark web, just like many other initial access brokers, who subsequently abuse the access for ransomware deployment. Prophet Spider has been active since at least May 2017. The payloads discovered include cryptocurrency miners, Cobalt Strike Beacons, and web shells, validating a previous advisory from the United Kingdom's National Health Service (NHS) that warned of active exploitation of VMware Horizon server vulnerabilities to drop malicious web shells and establish persistence on affected networks in preparation for follow-on attacks. Further, researchers believe that the Log4Shell vulnerability is likely to be used by criminals in the future, therefore it's an attack vector that defenders must remain vigilant against.
US healthcare giant Kaiser Permanente has disclosed a data breach affecting 13.4 million current and former patients, exposing their personal information to third-party advertisers...
A critical security vulnerability has been discovered in the R programming language, marked as CVE-2024-27322 with a CVSS score of 8.8. This flaw, akin to the pickle vulnerability ...
Google revealed that in 2023, nearly 200,000 app submissions to its Play Store for Android were either rejected or remediated due to issues with access to sensitive data such as lo...