Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading). Not everything makes it in, but the best bits do.

Operationally this week Lastpass released their ‘Recommended Actions for LastPass Business Administrators’ plus various router/firewall campaigns outed and finally a Jenkins remote code execution vulnerability which if exploited could lead to excitement in various supply chains.

In the high-level this week:

• Annual Threat Assessment of the US Intelligence Community - China, Russian, Iran and North Korea all get special cyber mentions including China probably currently represents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private-sector networks. China’s cyber pursuits and its industry’s export of related technologies increase the threats of aggressive cyber operations against the U.S. homeland, suppression of the free flow of information in cyberspace—such as U.S. web content—that Beijing views as…