Organizations are advised to proactively block traffic to the IPs/URLs listed in the IOCs section. As a general practice, Rapid7 recommends never exposing VMware Horizon to the public internet, only allowing access behind a VPN. Patch Immediately: Organizations that still have a vulnerable version of VMware Horizon in their environment should update to a patched version of Horizon on an emergency basis and review the system(s) for signs of compromise. We have a dedicated resource page for the Log4j vulnerability, which includes our AttackerKB analysis of Log4Shell containing a proof-of-concept exploit for VMware Horizon.
Rapid7 researchers are currently evaluating the feasibility of adding a VMware Horizon vulnerability check for Nexpose/InsightVM.
Suspicious Process - VMWare Horizon Spawns CMD or PowerShell (created: Thursday, January 6, 2022, 14:18:21 UTC) Rapid7 InsightIDR and MDR customers: Alerts generated by the following detection rules can assist in identifying successful VMware Horizon exploitation:Īttacker Technique - PowerShell Download Cradles (created: Thursday, January 3, 2019, 15:31:27 UTC)
0 kommentar(er)
