SANS Stormcast Thursday Mar 13th: Exploiting Login Pages with Log4j; Patch Tuesday Fallout; Adobe Patches; Medusa Ransomware; Zoom and Font Library Updates;

Log4J Scans for VMWare Hyhbrid Cloud Extensions An attacker is scanning various login pages, including the authentication feature in the VMWare HCX REST API for Log4j vulnerabilities. The attack submits the exploit string as username, hoping to trigger the vulnerability as Log4j logs the username https://isc.sans.edu/diary/Scans%20for%20VMWare%20Hybrid%20Cloud%20Extension%20%28HCX%29%20API%20(Log4j%20-%20not%20brute%20forcing)/31762 Patch Tuesday Fallout Yesterday's Apple patch may re-activate Apple Intelligence for users who earlier disabled it. Microsoft is offering support for users whos USB printers started printing giberish after a January patch was applies. https://www.macrumors.com/2025/03/11/ios-18-3-2-apple-intelligence-auto-on/ https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22h2#usb-printers-might-print-random-text-with-the-january-2025-preview-update Adobe Updates Adobe updated seven different products, including Adobe Acrobat. The Acrobat vulnerability may lead to remote code execution and Adobe considers the vulnerablities critical. https://helpx.adobe.com/security/security-bulletin.html Medusa Ransomware CISA and partner agencies released details about the Medusa Ransomware. The document includes many details useful to defenders. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a Zoom Update Zoom released a critical update fixing a number of remote code execution vulnerabilities. https://www.zoom.com/en/trust/security-bulletin/ FreeType Library Vulnerability https://www.facebook.com/security/advisories/cve-2025-27363