Bluepurple Pulse: week ending December 19th 🎅
What a difference a week makes
Welcome to the weekly highlights and analysis of the blueteamsec subreddit.
Operationally this week it has been the usual operational blend and tempo - ha! OK - who are we kidding. Lets be honest it has all been on 🔥 to varying degrees as the scale, complexity and reality of log4j (CVE-2021-44228 and CVE-2021-45046) has become clear.
We today sit with various nation states including China, North Korea, Iran and Turkey exploiting it coupled with a maelstrom of organised (and disorganised) criminal activity including ransomware (and not just Minecraft servers).
Everything we know from the Subreddit is maintained in this meta thread - https://www.reddit.com/r/blueteamsec/comments/rd38z9/log4j_0day_being_exploited/ - plus a sprinkling of latter posts. Interestingly we learnt that Reddit posts top out at 40,000 characters - we’re gonna need a bigger Reddit.
In the high-level this week:
The UK launched its next National Cyber Strategy