Hello, welcome to the Wednesday, January 25th, 2017 edition of the Sands and its Storm Center's

Stormcast. My name is Johannes Ulrich, and I am recording from Jacksonville, Florida.

I got an update and a clarification about the Cisco WebEx Chrome plugin issue I talked about yesterday.

First of all, on Tuesday morning, Cisco did release yet another update for this plugin

105.

This version now fixes the vulnerability and should be safe.

Secondly, yesterday I stated that this vulnerability was released after the courtesy time that Google usually gives vendors expired.

That's not true.

They actually released details about the vulnerability after version 103 of the plugin was released, which

was supposed to fix the vulnerability, but ended up not quite fixing it.

So in short, make sure that you're running at least 105 of this plugin.

That plugin should be fine.

There are also some questions about if this affects other browsers.

It's possible that it affects other browsers, but at this point there is no evidence of that.

Also, each browser has their own WebEx plugin, so it's not that you would install

the Chrome plugin into Safari, Firefox or some other

browser like that. And Citrix conducted a survey of large British companies into ransomware,

in particular into what Citrix calls Bluff Ransenware. I'll also have it called fake Ransomware. This is Ransomware that just

pops up a message telling you your files are encrypted and is asking for ransom. Amazingly

about 20% of UK businesses have fallen for this kind of ransomware which is a little bit more than half of the organizations that

have been affected by it. This is actually also not that uncommon with the good old-fashioned

kidnapping ransom in countries where kidnappings and ransom demands are somewhat common. Kidnappers often

...