March Patch Tuesday Critical Findings
This episode provides detailed analysis of SAP's March Patch Tuesday release, which included 12 new and updated security notes with three hot news and three high-priority vulnerabilities. The most critical issue is a code injection vulnerability in SAP NetWeaver Java's log viewer (CVE 9.1), which failed to properly restrict file uploads, allowing attackers to upload dangerous file types and potentially execute commands on the operating system. Another critical vulnerability affects SAP Build Apps (CVE 9.4), requiring organizations to rebuild all applications created with versions lower than 4.9.145 due to a vulnerable library. The Onapsis Research Labs contributed to discovering three information disclosure vulnerabilities in this release, continuing their collaboration with SAP on vulnerability research.
Open Redirect Phishing Tactics and Ransomware Updates
The discussion covers a sophisticated phishing campaign targeting a large multinational SAP customer using an open redirect vulnerability. This attack vector allows threat actors to leverage legitimate domain names in phishing emails, bypassing security filters by appending malicious redirect parameters to trusted URLs. The episode also provides updates on major ransomware operations, including Alpha V/Black Cat's alleged shutdown after receiving tens of millions in ransom payments, and LockBit's disruption following FBI and UK NCA seizure of their infrastructure after the group extorted approximately $120 million from over 2,000 victims worldwide. CISA has released alerts about ongoing ransomware campaigns that organizations should monitor closely.
