Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading). Not everything makes it in, but the best bits do.

Operationally this week has mostly been centered around the at scale exploitation of MOVEit and the resulting consequences. I commented to someone that it shouldn’t be a surprise that such vulnerabilities can be found and exploited by organized crime in 2023 when you see what a small offensive team in the private sector is capable of.

In the high-level this week:

• Trump White House Aides Subpoenaed in Firing of Election Security Expert - The investigators appear focused on Mr. Trump’s state of mind around the firing of Mr. Krebs.

• Twenty-Five Years of White House Cyber Policies - The incentives that the market provides are the first choice for addressing the problem of critical infrastructure protection; regulation will be used only in the face of a material failure of the market to protect the health, safety or well-being of the American peop…