Bluepurple Pulse: week ending September 12th
CVE-2021-40444 is the operational game of the day...
Welcome to the substack from the blueteamsec subreddit. Not everything makes it in, just the highlights for you discerning readers.
Operationally the week has all been about CVE-2021-40444, a Microsoft MSHTML Remote Code Execution Vulnerability, which is being delivered via Microsoft Office files. It was picked up in the wild in September 2nd and a connection drawn to the CVE on September 8th. Then in the last few days we had the big Fortinet credential leakage - both of which are detailed within.
At the strategic level this week I came across the monster body of work that is Broken trust: Lessons from Sunburst from March by the Atlantic Council. It’s a great bit of work that evidences and distils the software supply chain challenge. At Internet speed the world has reacted and Software Bill of Materials (SBOMs) and similar are starting to manifest. As a body of work some respected individuals have come together and produced arguably something very useful. However, talking about blast r…
Keep reading with a 7-day free trial
Subscribe to Cyber Defence Analysis for Blue & Purple Teams to keep reading this post and get 7 days of free access to the full post archives.