Bluepurple Pulse: week ending October 10th
Welcome to the substack highlights from the blueteamsec subreddit.
Operationally this week it has been about three things:
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773) and the subsequent exploitation (and the remote command execution it enabled).
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013) - yes they botched the fix the first time around.
Google notifying 14,000 people they were targeted by Russia (APT28/Fancy Bear etc.) and the subsequent sharing of a subset of IoCs.
In the high-level:
Syniverse which routes billions of SMS messages for hundreds of telecommunications carriers disclosed in their SEC filing they had been hacked for five years. SMS multi-factor authentication anyone?
Singapore released their 2021 cyber security strategy which is meta for pretty much every other countries - build resilience, enable safety online and co-operate nationally and…
Keep reading with a 7-day free trial
Subscribe to Cyber Defence Analysis for Blue & Purple Teams to keep reading this post and get 7 days of free access to the full post archives.