Bluepurple Pulse: week ending January 2nd 🎆
Happy New Year to those that use the Gregorian calendar
Welcome to the weekly highlights and analysis of the blueteamsec subreddit.
Operationally this week nothing really other than two Log4j related aspects. The first was a vendor trying to ruin the holidays for everyone by hyping the next Log4j vulnerability which turned out to only be a risk in number of (very rare) contrived scenarios. The second is there is an uptick in both exploit availability and exploitation of Log4j against a subset of targets (more later).
In the high-level this week:
the UK thinktank the Criminal Law Reform Now Network published their Comparative Report on the Computer Misuse Act reform
A number in the UK cyber community have been campaigning for reform of this 30 year old law (myself included). It is ambiguous and restrictive for both threat intelligence and researchers today. This is to the detriment of security and competitiveness of the UK. We have been running this campaign for over 3 years via the CyperUp Campaign on this.
This latest report from the CLRNN “