Talk With an Expert

Internet Storm Center Tech Corner

SANS Internet StormCast Friday, March 14, 2025

File Hashes in MSFT BI; Apache Camel Vuln; Juniper Fixes Exploited Vuln; AMI Patches 10.0 Redfish BMC Vuln

https://isc.sans.edu/podcastdetail/9364

File Hashes Analysis with Power BI

Guy explains in this diary how to analyze Cowrie honeypot file hashes using Microsoft's BI tool and what you may be able to discover using this tool.

https://isc.sans.edu/diary/File+Hashes+Analysis+with+Power+BI+from+Data+Stored+in+DShield+SIEM/31764

Apache Camel Vulnerability

Apache released two patches for Camel in close succession. Initially, the vulnerability was only addressed for headers, but as Akamai discovered, it can also be exploited via query parameters. This vulnerability is trivial to exploit and leads to arbitrary code execution.

https://www.akamai.com/blog/security-research/march-apache-camel-vulnerability-detections-and-mitigations

Juniper Patches Junos Vulnerability

Juniper patches an already exploited vulnerability in JunOS. However, to exploit the vulnerability, and attacker already needs privileged access. By exploiting the vulnerability, an attacker may completely compromised the device.

https://supportportal.juniper.net/s/article/2025-03-Out-of-Cycle-Security-Bulletin-Junos-OS-A-local-attacker-with-shell-access-can-execute-arbitrary-code-CVE-2025-21590?language=en_US

AMI Security Advisory

AMI patched three vulnerabilities. One of the, an authentication bypass in Redfish, allows for a complete system compromise without authentication and is rated with a CVSS score of 10.0.

https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf

SANS Internet StormCast Thursday, March 13, 2025

Exploiting Login Pages with Log4j; Patch Tuesday Fallout; Adobe Patches; Medusa Ransomware; Zoom and Font Library Updates

https://isc.sans.edu/podcastdetail/9362

Log4J Scans for VMWare Hybrid Cloud Extensions

An attacker is scanning various login pages, including the authentication feature in the VMWare HCX REST API for Log4j vulnerabilities. The attack submits the exploit string as username, hoping to trigger the vulnerability as Log4j logs the username

https://isc.sans.edu/diary/Scans+for+VMWare+Hybrid+Cloud+Extension+HCX+API+Log4j+not+brute+forcing/31762

Patch Tuesday Fallout

Yesterday's Apple patch may re-activate Apple Intelligence for users who earlier disabled it. Microsoft is offering support for users whose USB printers started printing gibberish after a January patch was applied.

https://www.macrumors.com/2025/03/11/ios-18-3-2-apple-intelligence-auto-on/

https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22h2#usb-printers-might-print-random-text-with-the-january-2025-preview-update

Adobe Updates

Adobe updated seven different products, including Adobe Acrobat. The Acrobat vulnerability may lead to remote code execution and Adobe considers the vulnerabilities critical.

https://helpx.adobe.com/security/security-bulletin.html

Medusa Ransomware

CISA and partner agencies released details about the Medusa Ransomware. The document includes many details useful to defenders.

https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a

Zoom Update

Zoom released a critical update fixing a number of remote code execution vulnerabilities.

https://www.zoom.com/en/trust/security-bulletin/

FreeType Library Vulnerability

https://www.facebook.com/security/advisories/cve-2025-27363

SANS Internet StormCast Wednesday, March 12, 2025

Microsoft Patch Tuesday; Apple Patch; Espressif ESP32 Statement

https://isc.sans.edu/podcastdetail/9360

Microsoft Patch Tuesday

Microsoft Patched six already exploited vulnerabilities today. In addition, the patches included a critical patch for Microsoft's DNS server and about 50 additional patches.

https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+March+2025/31756

Apple Updates iOS/macOS

Apple released an update to address a single, already exploited, vulnerability in WebKit. This vulnerability affects iOS, macOS and VisionOS.

https://support.apple.com/en-us/100100

Expressif Response to ESP32 Debug Commands

Expressif released a statement commenting on the recent release of a paper alleging "Backdoors" in ESP32 chipsets. According to Expressif, these commands are debug commands and not reachable directly via Bluetooth.

https://www.espressif.com/en/news/Response_ESP32_Bluetooth

View Older Issues

Catch up on recent editions of NewsBites or browse our full archive of expert-curated cybersecurity news.

Browse Archive