Log4J Scans for VMWare Hyhbrid Cloud Extensions

An attacker is scanning various login pages, including the authentication feature in the VMWare HCX REST API for Log4j vulnerabilities. The attack submits the exploit string as username, hoping to trigger the vulnerability as Log4j logs the username

https://isc.sans.edu/diary/Scans%20for%20VMWare%20Hybrid%20Cloud%20Extension%20%28HCX%29%20API%20(Log4j%20-%20not%20brute%20forcing)/31762

Patch Tuesday Fallout

Yesterday's Apple patch may re-activate Apple Intelligence for users who earlier disabled it. Microsoft is offering support for users whos USB printers started printing giberish after a January patch was applies.

https://www.macrumors.com/2025/03/11/ios-18-3-2-apple-intelligence-auto-on/

https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22h2#usb-printers-might-print-random-text-with-the-january-2025-preview-update

Adobe Updates

Adobe updated seven different products, including Adobe Acrobat. The Acrobat vulnerability may lead to remote code execution and Adobe considers the vulnerablities critical.

https://helpx.adobe.com/security/security-bulletin.html

Medusa Ransomware

CISA and partner agencies released details about the Medusa Ransomware. The document includes many details useful to defenders.

https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a

Zoom Update

Zoom released a critical update fixing a number of remote code execution vulnerabilities.

https://www.zoom.com/en/trust/security-bulletin/

FreeType Library Vulnerability

https://www.facebook.com/security/advisories/cve-2025-27363

Podden och tillhörande omslagsbild på den här sidan tillhör Johannes B. Ullrich. Innehållet i podden är skapat av Johannes B. Ullrich och inte av, eller tillsammans med, Poddtoppen.

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Thursday Mar 13th: Exploiting Login Pages with Log4j; Patch Tuesday Fallout; Adobe Patches; Medusa Ransomware; Zoom and Font Library Updates;

00:00