![]() “The attack likely consists of a reconnaissance phase, where the attacker uses theJava Naming and Directory Interface TM (JNDI) via Log4Shell payloads to call back to malicious infrastructure. “An unknown threat group has been observed targeting VMware Horizon servers running versions affected by Log4Shell vulnerabilities in order to establish persistence within affected networks.” reads the security advisory published by NHS. The security team at the UK National Health Service (NHS) also announced to have spotted threat actors exploiting the Log4Shell vulnerability to hack VMWare Horizon servers and install web shells. ![]() Microsoft Security Intelligence January 11, 2022 PS: Additionally, if you have UAGs in front of you CSs, then you don't need any more LB in front of your CS, apart from that you need internal access without UAG.We have observed a China-based ransomware operator that we’re tracking as DEV-0401 exploiting the CVE-2021-44228 vulnerability in Log4j 2 (aka #log4shell) targeting internet-facing systems running VMWare Horizon. Passthru mode on LB is the easiest setup, but this depends on your security requirements. In your case, it looks like you are trying to SSL Offload at LB level.Īlso, the vdm-lb cert is not used by the CS it is use useless configuration, you can remove it, only vdm friendly name is recognized by the CS service to load the certificate. If you are terminating SSL at LB level (SSL Offloading), so that the LB presents its own certificate, then you can have CS certs to have only their own FQDN. If you LB is in passthru mode, then it will present the CS certificates, so you must have the CS certificate to include their own FQDN + the LB one (as a Subject Alternative Name, SAN). ![]() This depends on how your LB is configured and where you place the SSL termination.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |