Bluepurple Pulse: week ending December 18th
What gift will Santa give the industry this year? Apparently multiple in the wild exploited zero days and we still have 10 days to go..
Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading). Not everything makes it in, but the best bits do.
Operationally this week it has been about the vulnerabilities (zero days) exploited in the wild in the guise of Citrix and Fortinet by state and criminals actors. Edge device product security quality continues to plague.
In the high-level this week:
China’s internet censors target deepfake tech to curb online disinformation - Just like in Bladerunner where they could track the source of the synthetic snake - “Deep synthesis providers and users are required to make sure any doctored content is explicitly labelled and can be traced back to its source”
How the Global Spyware Industry Spiraled Out of Control - The New York Times long article which is good for broader understanding.
related The Autocrat in Your iPhone: How Mercenary Spyware Threatens Democracy - NSO getting some over and Rwanda raised once more - but also “In November 2022, Sir Jer…