Hello and welcome to the Thursday, June 8, 2020,

edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Quick diary today from Manuel about the DMARC records in Colombian domain. So that's dot CO, Manuel, of course, being from

Colombia. And he compares here also how the government domains that Gov.co and the university

domains, edu.c.O. Do and how they compare? Well, a common wisdom would sort of assume that

government domains are probably better about setting up demarc records than educational or

university domains. Turns out the opposite is true, while neither does terribly well.

The universities are actually here a little bit better than government websites, with 92.4% having no demarc protection for government websites and 91%.

So just a percent less for educational for university domains.

We do keep getting questions about DM, D.M.D. Kim, SPF and the like from readers,

which is why we do focus in some of these diaries on these numbers. It is something that you certainly should

investigate. It's not perfect. It has problems, but it does prevent a significant part of

the impersonation problem. And one of the biggest problems of Demarc, which I think is actually its biggest advantage

is that it forces you to find sort of all these rogue IT systems that people set up, those

third-party vendors that they contracted with to send emails on your behalf.

And VMware released an update for VMware Area Operations for Networks that fixes three

vulnerabilities, two of them critical, one of them.

High the critical vulnerabilities.

First one, CFSS score of 9.8, which is a command injection vulnerability.

We also have an authenticated deseralization vulnerability, CFSS score of 9.1.

And then the not quite critical one, CSS score 8.8 is an information disclosure vulnerability.

...