Hello, welcome to the Thursday, August 19th, 2021 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Stockholm, Germany.

Today I wrote a quick diary with some of the issues that you may need to consider as you're moving back to a real office from

your home office like VPN configurations or considering, for example, some of the cloud

migrations that may have happened while you were at home and how they may affect, for example,

firewalls and such as you're moving back to your office.

If you are about to start working from a real office again, if you're not lucky enough to continue

working from home, take a look at the list, then maybe let me know what I missed or any comments

that you may have.

Then we got updates from Adobe for Adobe Bridge,

Captivate Media Encoder, Photoshop, and the XMP toolkit SDK.

Probably most northworthy here is Media Encoder and Photoshop,

as these vulnerabilities will allow for arbitrary code execution.

And probably Photoshop here is the more likely target.

An import P3 has a great block regarding some surveillance software that they're calling Tetris that's entirely

implemented in JavaScript.

Reminds me a little bit in its capabilities of beef, the browser exploitation framework, but

was found in two different Chinese language websites, apparently targeting Chinese users in that it does check

the language of the browser and only acts if it is set to Chinese. Real nice and detailed

write-ups, I definitely recommend you read it in order to learn more about how this really

works. Not much a user can really do about this particular spyver as far as detection goes.

At this point, at least when the blog was written, and high virus didn't really detect it.

...