Hello, welcome to the Wednesday, July 22nd, 2020 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Jan today took a look at how exposed systems changed during various COVID-19 lockdown periods in different countries.

It has been widely reported how services like SSH, Telnet, RDP and VNC were more exposed after

certain restrictions on movement were implemented.

But Gian is now looking at it, sort of on a country-by-country level, and found some significant differences there.

First of all, in a type of protocols being opened up, and also how quickly they were sort of being turned off again after the restrictions were lifted.

One interesting outliers was actually the USA, where not really all that much changed

overall. The total number of RDP services exposed actually consistently fell and not really

sort of in line necessarily with any restrictions,

which may also in part be due to the more regional nature of the restrictions in the United States

and the lesser extent to which they had been enforced.

And Adobe published a couple of updates today, most notable for Photoshop.

The vulnerability is rated as critical as it does allow code execution.

However, its priority level is only three, indicating that exploitation is unlikely.

Now, these random updates from Adobe have often, and here again, been labeled as emergency

patches.

Adobe has in general moved away from the patch Tuesday cycle, which is really only important

for its Adobe Acrobat product,

which has to coordinate with Windows patches.

So these patches for products like Photoshop and also Adobe Bridge today are not necessarily

being released out of any kind of urgency and should also be treated just like any other normal patch.

...