Bluepurple Pulse: week ending January 30th
Yes it really is this bad..
Welcome to the weekly highlights and analysis of the blueteamsec subreddit.
Operationally this week nothing really standout just the high tempo ultra marathon as usual..
In the high-level this week:
Cyber Risks and Business Interruption Insurance - Merck and International Indemnity v ACE - Merck suffered US$1.4 billion in business interruption losses from the Notpetya cyber attack of 2017 - their insurance tried to not pay - their insurer lost in court.
Crypto.com had a breach - 483 users suffered unauthorised withdrawals totalled 4,836.26 ETH, 443.93 BTC and approximately US$66,200 in other cryptocurrencies - actor was somehow able to bypass multifactor authentication to steal a lot of assets.
CISA in the US added 13 known exploited vulnerabilities to its MUST FIX catalogue - this list makes federal agencies jump into action.
Whitehouse mandates Zero Trust Architecture within Federal government by the end of FY 2024 - US federal government is engaging warp 9 - big move here (😘)- it will p…