Cyber Defence Analysis for Blue & Purple Teams

Cyber Defence Analysis for Blue & Purple Teams

Share this post

Cyber Defence Analysis for Blue & Purple Teams
Cyber Defence Analysis for Blue & Purple Teams
Bluepurple Pulse: week ending April 24th
Copy link
Facebook
Email
Notes
More

Bluepurple Pulse: week ending April 24th

The NSO business model has shown the possible value to investors

Ollie's avatar
Ollie
Apr 23, 2022
∙ Paid
2

Share this post

Cyber Defence Analysis for Blue & Purple Teams
Cyber Defence Analysis for Blue & Purple Teams
Bluepurple Pulse: week ending April 24th
Copy link
Facebook
Email
Notes
More
Share

Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading).

Operationally this week two things, the first was the campaign involving stolen OAuth user tokens issued to two third-party integrators against Github. The second was that Java’s implementation of the cryptography signature algorithm ECDSA was broken allowing the spoofing of digital signatures in various situations - there will be a long tail of vulnerability as a result (see vulnerabilities section).

In the high-level this week:

  • The US put up a $5 million reward for information on North Korea individuals for amongst other things their cyber activity.

  • 🇺🇸🇦🇺🇨🇦🇳🇿🇬🇧 Put out a joint alert on Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure - Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks. I do stress exploring here..

  • U.S. Ninth Circuit of Appeals rules that Web Scraping is Legal and does not Breach…

Keep reading with a 7-day free trial

Subscribe to Cyber Defence Analysis for Blue & Purple Teams to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
© 2025 Ollie Whitehouse from BinaryFirefly
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More