Bluepurple Pulse: week ending January 9th
Welcome to Thunderdome..
Welcome to the weekly highlights and analysis of the blueteamsec subreddit.
Operationally this week not much out of the ordinary beyond some ongoing response to Log4j including confirmed exploitation of VMWare Horizon and new exploits for Citrix XenMobile and Fidelis CommandPost (see within).
In the high-level this week:
China orders cybersecurity reviews for some firms seeking overseas listings - we knew this was coming - but it has now arrived:
The Cyberspace Administration of China (CAC) said the new rules come into effect on Feb. 15 and require platform companies with data on more than 1 million users to undergo a security review before listing their shares overseas.
India’s Personal Data Protection Bill, 2019 is inching its ways through - they issued a Standing Committee report in late December - massive changes and the report is an interesting read as to India’s vision of the future.
New York Attorney General James Alerts 17 Companies to “Credential Stuffing” Cyberattacks Impacting Mo…