U.S. Cybersecurity and Infrastructure Security Agency and Coast Guard Cyber Command issue advisory. Attackers are using the Log4Shell vulnerability to hack into unpatched VMWare virtual desktop software. Vulnerability was discovered late last year when researchers discovered a zero-day vulnerability in a popular open-source Java data-logging framework present in hundreds of millions of devices. The advisory illustrates an all-too-common trajectory of vulnerabilities, says cybersecurity expert Kumar Saurabh, co-founder of cybersecurity firm LogicHub.”]
Source: https://www.cuinfosecurity.com/attackers-use-log4shell-to-hack-unpatched-vmware-products-a-19449