Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading). Not everything makes it in, but the best bits do.

Operationally this week you will see there are plethora of vulnerabilities and exploits in edge security products including reporting of mass exploitation of CVE-2022-40684 in FortiOS / FortiProxy / FortiSwitchManager. Outside of that China has been running an information operation accusing the US of hacking in response to the APT41 disclosures. Finally you see a Chinese researcher has weaponized the recent Cobalt Strike vulnerability… hold on!

In the high-level this week:

• Executive Order On Enhancing Safeguards For United States Signals Intelligence Activities - US outline a modern framework around signals intelligence.

• We must tackle Europe’s winter cyber threats head-on - European leaders and energy operators should look to the Ukrainian experience for inspiration. Beyond simply blaming Russia, it’s Ukraine’s long-term efforts to build cyb…