Welcome to the weekly highlights and analysis of the blueteamsec subreddit.

Operationally this week nothing really standout just the high tempo ultra marathon as usual..

In the high-level this week:

• Cyber Risks and Business Interruption Insurance - Merck and International Indemnity v ACE - Merck suffered US$1.4 billion in business interruption losses from the Notpetya cyber attack of 2017 - their insurance tried to not pay - their insurer lost in court.

• Crypto.com had a breach - 483 users suffered unauthorised withdrawals totalled 4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other cryptocurrencies - actor was somehow able to bypass multifactor authentication to steal a lot of assets.

• CISA in the US added 13 known exploited vulnerabilities to its MUST FIX catalogue - this list makes federal agencies jump into action.

• Whitehouse mandates Zero Trust Architecture within Federal government by the end of FY 2024 - US federal government is engaging warp 9 - big move here (😘)- it will p…