Welcome to the substack highlights from the blueteamsec subreddit.

Operationally this week it has been about three things:

1. Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773) and the subsequent exploitation (and the remote command execution it enabled).

2. Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013) - yes they botched the fix the first time around.

3. Google notifying 14,000 people they were targeted by Russia (APT28/Fancy Bear etc.) and the subsequent sharing of a subset of IoCs.

In the high-level:

• Syniverse which routes billions of SMS messages for hundreds of telecommunications carriers disclosed in their SEC filing they had been hacked for five years. SMS multi-factor authentication anyone?

• Singapore released their 2021 cyber security strategy which is meta for pretty much every other countries - build resilience, enable safety online and co-operate nationally and…