Hello, welcome to the Tuesday, January 18th, 2020 edition of the Sans and the Storm Center's Stormcast.

My name is Johannes Ulrich and I'm recording from Jacksonville, Florida.

A quick reminder today that log for shell attacks, attacks that are attempting to exploit. The recent vulnerability in Log 4J are still a

thing. Well, it sort of has fallen off the radar after this initial barrage of attacks that

typically just sort of took a prey and spray kind of approach to just throwing the string all over the place.

Well, now what we're seeing is attempts to tailor the exploit two particular systems.

Have one here that I wrote up today that looks like it's going a bit after Tomcat and trying

to do sort of some bypass here

in order to inject code into Tomcat.

So don't stop looking for vulnerable systems here if you haven't been hit yet by any compromises.

We definitely have seen sort of more targeted hacks against, for example,

Unify controllers as well as VMware.

And of course, over time, attackers will get better at exploiting this vulnerability against

specific systems.

Microsoft today released a special set of updates to deal with some of the failures that

came up with last week's January cumulative patches.

As quoted here by a pleading computer, this update addresses issues related to VPN connectivity,

Windows server domain controllers, restarting

virtual machines, start failures, and REFS formatted, removable media failing to mount.

So let's hope that with this update, all the Windows patches for this month can finally

be applied. And remember, there's still sort of that

HTTP.sys issue that hasn't really been exploited yet, but is still sort of looming. And Cisco

...