Welcome to the substack highlights from the blueteamsec subreddit.

Operationally the week has been the long tale of CVE-2021-40444 (we have patches, exploits and mass exploitation) and then CVE-2021-38647. CVE-2021-38647 is an authentication bypass in a homage to the ‘90s resulting in remote code execution against a Linux Open Management Infrastructure agent of which there are a lot in Azure. Kevin Beaumont pushed the red button on the Wiz finding whilst Daniel Card continued to keep the world honest and updated on the situation.

The high-level news this week came in the guise of the US Government enacting its “domestic talent retention” or “stop cyber mercenaries” strategy - depending on your point of view. News came via a scoop from Reuters in the piece Ex-U.S. intel operatives admit hacking American networks for UAE. In short ex-USG employees go somewhere foreign, ignore all export laws, enable the hacking of US targets and then end up experiencing the legal ramifications but don’t …