Welcome to the substack from the blueteamsec subreddit.

This week operationally it is all about the continued carnage that is the mass Microsoft Exchange exploitation via ProxyShell. We saw similar incidents happen with Exchange earlier in the year and also with vulnerabilities such as Citrix, F5, Pulse VPN etc. Increasingly the speculative mass compromise by state and organised crime groups is a thing and one can’t see why it will be a trend that will stop any time soon.

140+ webshells across 1900+ unpatched boxes in 48hrs

…

corroborate[d] that the webshell and LockFile ransomware incidents we’re seeing within companies may be related

A more upbeat little nugget comes from Dawn of the Code War: America's Battle Against Russia, China, and the Rising Global Cyber Threat

Chinese culture celebrated hackers. A 2005 study by the Shanghai Academy of Social Sciences compared hackers to rock stars. Finding that 2 out of 5 elementary age children adored hackers and third wanted to to grow up to …