Hello, welcome to the Friday, June 4th, 2021 edition of the Sands and the Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Well, if you're running Zoom, which probably means everybody listening to this podcast, you probably are familiar with various ways to secure Zoom and

to configure it to be less open in particular to Zoom bombing.

The Center for Internet Security has recently released a benchmark with about a hundred or so

different issues that you may want to check your Zoom configuration

for.

And while I'm still not able to receive the emails that I need to click on in order to actually

obtain a copy of the benchmarks from the Center for Internet Security, there is now a nice script available that automates

verification of this benchmark. So all you have to do is run the script, give it your account

credentials so it can check your configuration, and it'll spit out a nicely formatted report detailing what you may want to

adjust in your Zoom configuration. So if you got some time today, this may be a nice exercise

to run to see if you are in compliance with the benchmark. As usual with these benchmarks, you may not necessarily

find all of the items that they're looking for applicable for your environment.

And F5 released, an update for the Big IP Edge Client for Windows. It fixes memory corruption vulnerability CVE 2020-5897 that could be

triggered to execute arbitrary code. In order to execute the code, the victim would have to visit

a malicious website using the Internet Explorer browser.

The vulnerable component is actually the active X component for a big IPH client.

So other browsers are not affected.

And yes, and then we got another smart lock vulnerability.

Now, there are different types of smart locks.

Some of them, for example, allow local access via, for example, Bluetooth low energy, sometimes

RFID, or in some cases there is also an HTTP API involved in order to remotely lock or unlock

...