Bluepurple Pulse: week ending September 19th
Don't be a cyber mercenary...
Welcome to the substack highlights from the blueteamsec subreddit.
Operationally the week has been the long tale of CVE-2021-40444 (we have patches, exploits and mass exploitation) and then CVE-2021-38647. CVE-2021-38647 is an authentication bypass in a homage to the ‘90s resulting in remote code execution against a Linux Open Management Infrastructure agent of which there are a lot in Azure. Kevin Beaumont pushed the red button on the Wiz finding whilst Daniel Card continued to keep the world honest and updated on the situation.
The high-level news this week came in the guise of the US Government enacting its “domestic talent retention” or “stop cyber mercenaries” strategy - depending on your point of view. News came via a scoop from Reuters in the piece Ex-U.S. intel operatives admit hacking American networks for UAE. In short ex-USG employees go somewhere foreign, ignore all export laws, enable the hacking of US targets and then end up experiencing the legal ramifications but don’t …
Keep reading with a 7-day free trial
Subscribe to Cyber Defence Analysis for Blue & Purple Teams to keep reading this post and get 7 days of free access to the full post archives.