Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading).

Operationally this week has primarily focused on the Microsoft Office feature also known as CVE-2022-30190 which was first known to be used in targeting of Belarus. This was just in time for memorial weekend in the USA. Then today (Friday) we had a remote vulnerability disclosed as being exploited in the wild in Confluence (CVE-2022-26134) just in time for the Jubilee weekend in the UK.

In the high-level this week:

• In the world of press headlines we had some standouts this week:

  • Law enforcement is ‘failing to protect governments against ransomware’ - made by an ex UK government official, not sure that is how you win friends in law enforcment.

  • Military-made cyberweapons could soon become available on the dark web, Interpol warns - Jurgen Stock, the international police agency’s secretary general, said he’s concerned state-developed cyberweapons will become available on the darknet — in a “cou…