Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading).

Operationally this week there were a couple of vulnerabilities in the Spring web framework (we ran live posts on the sub reddit) that distracted but otherwise the usual volume of criminal incident response cases. We also continue to research and work on investigations related to the Chinese intrusions mentioned a couple of weeks back. There was also some work around organised crime with good results around infrastructure discovery. Finally we got to see some North Korean Lazarus targeting used for an initial compromise via social media in a victim org.

In the high-level this week:

• UK Cyber Security Breaches Survey 2022 - in the last 12 months, 39% of UK businesses identified a cyber attack (those that responded) - biggest highlight here is the ‘haves’ vs ‘have nots’ in relation to cyber incident response capabilities.

• The UK’s National Cyber Security Technical Director put out advice on the