Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- CIS: Ransomware: The Data Exfiltration and Double Extortion Trends
- CrowdStrike: Improved ECX Model Shows Increasing Relevance of Access Broker Market
- Proofpoint: BEC Taxonomy: A Proofpoint Framework
- IBM: Health Care Ransomware Strains Have Hospitals in the Crosshairs
- Kaspersky: Ransomware by the numbers: Reassessing the threat’s global impact
- Phish Labs: ZLoader Dominates Email Payloads in Q1
- The New Yorker: The Incredible Rise of North Korea’s Hacking Army
- CISA: Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities
- Palo Unit 42: Unsecured Kubernetes Instances Could Be Vulnerable to Exploitation
- Intel471: How China’s cybercrime underground is making money off big data
- The Record: Ransomware gang wants to short the stock price of their victims
- ODNI: ODNI Releases 2021 Annual Threat Assessment of the US Intelligence Community
Threat Research
- FireEye: Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day
- FireEye: Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise
- Sophos: Nearly half of malware now use TLS to conceal communications
- Recorded Future: Iran-Linked Threat Actor The MABNA Institute’s Operations in 2020
- Fortinet: Deep Analysis: FormBook New Variant Delivered in Phishing Campaign
- Intezer: HabitsRAT Used to Target Linux and Windows Servers
- CISA: CISA Identifies SUPERNOVA Malware During Incident Response
- Inquest: Unearthing Hancitor Infrastructure
- Group-iB: Lazarus BTC Changer
- Sentinel One: A Deep Dive into Zebrocy’s Dropper Docs
- Advanced Intel: Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021
- Cybereason: Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities
- F5: Business Email Compromise with Credential Stuffing Attack Tools
- Ali Aqeel: IcedID Analysis
- Malwarebytes: Lazarus APT conceals malicious code within BMP image to drop its RAT
Tools and Tips
- SpecterOps: Offensive Security Guide to SSH Tunnels and Proxies
- Netskope: A Real-World Look at AWS Best Practices: Root Accounts
- Kaspersky: Targeted Malware Reverse Engineering Workshop follow-up. Part 2
- SANS ISC: Decoding Cobalt Strike Traffic
- SANS ISC: Why and How You Should be Using an Internal Certificate Authority
- Red Canary: Research ATT&CK techniques from the comfort of your VSCode editor
- Secureworks: Post-Intrusion Ransomware Attack Incident Response
- Falcon Force: Sysmon 13.10 — FileDeleteDetected
- F-Secure: Attack Detection Fundamentals 2021
- The Cyber Sector: [0x06] Cybersecurity Foundat1ons – 00110 – Cryptography Fundamentals pt.II
- AhmedS Kasmani (Video): Malware Analysis of a Password Stealer
- 4archib4ld: IcedID on my neck I’m the coolest
- Sneaky Monkey: OSCP 2020 Tips
- Eli Salem: Dancing With Shellcodes: Cracking the latest version of Guloader
- Jai Minton: Practical Malware Analysis – Lab Write-up – Chapter 18. Packers and Unpacking
- Hop Infosec: AV Evasion Part 1
- TrustedSec: Azure Application Proxy C2
- Splunk: Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)
- Offensive Security: Understanding the Tools/Scripts You Use in a Pentest
Breaches, Government, and Law Enforcement
- JDSupra: 2021 Developments in State Cybersecurity Safe Harbor Laws
- The White House: Statement by Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger on SolarWinds and Microsoft Exchange Incidents
- ZDNet: ‘High-level’ organiser of FIN7 hacking group sentenced to 10 years in prison
- The Record: Ransomware gang tries to extort Apple hours ahead of Spring Loaded event
- Bleeping Computer: HashiCorp is the latest victim of Codecov supply-chain attack
- US DOT: Treasury Sanctions Russia with Sweeping New Sanctions Authority
- US DOJ: High-level organizer of notorious hacking group FIN7 sentenced to ten years in prison for scheme that compromised tens of millions of debit and credit cards
Vulnerabilities and Exploits
- CIS: Multiple Vulnerabilities in SonicWall Email Security Could Allow for Arbitrary Code Execution
- CIS: A Vulnerability in Pulse Connect Secure VPN Could Allow for Remote Code Execution
- Kaspersky: Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild
- Talos: Vulnerability Spotlight: Multiple vulnerabilities in Synology DiskStation Manager
- CISA: Vulnerability Summary for the Week of April 12, 2021
- Digital Shadows: Q1 Vulnerability Roundup
- Trustwave: All Your Databases Belong To Me! A Blind SQLi Case Study
- Qnap: Response to Qlocker Ransomware Attacks: Take Actions to Secure QNAP NAS
- Signal: Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app’s perspective
1 comment / Add your comment below