Welcome to the substack highlights from the blueteamsec subreddit.

Operationally this week:

• Ransomware - but that’s every week!

• Understanding the full implications of the JavaScript RSA library (keypair) which led to duplicate keys being generated - this just happened to be used in tooling used in a number of developer oriented environments such as GitKraken.

• the new Apache vulnerability and ALPACA - see later under Vulnerabilities.

In the high-level the USA’s Financial Crimes Enforcement Network released their ransomware trends in bank secrecy data for the first 6 months of 2021. Punchline?

The total value of suspicious activity reported in ransomware-related SARs during the first six months of 2021 was $590 million, which exceeds the value reported for the entirety of 2020 ($416 million).

but

Based on blockchain analysis of identifiable transactions with the 177 CVC wallet addresses, FinCEN identified approximately $5.2 billion in outgoing BTC transactions potentially tied to ransomware pa…