Bluepurple Pulse: week ending September 26th
Cyber poverty line..
Welcome to the substack highlights from the blueteamsec subreddit.
372,072 Windows domain credentials in total.
96,671 UNIQUE credentials that leaked from various applications such as Microsoft Outlook, mobile email clients and other applications interfacing with Microsoft’s Exchange server.
There is probably a debate here around proportionality of the research and if five months was needed to prove it.
The real kicker was this research wasn’t new as Eli (Ilya) Nesterov and Max Goncharov had presented this exact attack in 2017 at Blackhat Asia. The triple kicker was we fixed this when at BlackBerry for BIS in ~2010.
We also had the Lithuanian National Cyber Security Centre publish their Assessment of cybersecurity of mobile devices supporting 5G technology sold in Lithuania. The findings included backdoors and censorship …
Keep reading with a 7-day free trial
Subscribe to Cyber Defence Analysis for Blue & Purple Teams to keep reading this post and get 7 days of free access to the full post archives.