Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Resource Guide for Cybersecurity During the COVID-19 Pandemic
- COVID-19 Key Developments: April 14-17
- A look at the ATM/PoS malware landscape from 2017-2019
- Findings on COVID-19 and online security threats
- Zoom Hits Milestone on 90-Day Security Plan, Releases Zoom 5.0
- Weekly Threat Intelligence Bulletin: COVID-19
- Understanding the relationship between Emotet, Ryuk and TrickBot
- Joint NSA and ASD Report: Detect and Prevent Web Shell Malware
Threat Research
- Malspam in the Time of COVID-19
- Nazar: A Lost Amulet
- Obfuscated WordPress Malware Dropper
- New Distribution Mechanism for the NanoCore RAT
- New Android Banking Trojan Targets Spanish, Portuguese Speaking Users
- Following ESET’s discovery, a Monero mining botnet is disrupted
- Deconstructing an Evasive Formbook Campaign Leveraging COVID-19 Themes
- Threat Spotlight: MedusaLocker
- Malicious Excel With a Strong Obfuscation and Sandbox Evasion
- Remote Video Conferencing Themes in Credential Theft and Malware Threats
- Malicious APKs share code during Covid-19 pandemic
- Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage
- WINNTI GROUP: Insights From the Past
- Excel Malspam: Password Protected … Not!
- Gorgon uses COVID-19 outbreak to launch cyber attacks on Canada and other regions
- IcedID Botnet | The Iceman Goes Phishing for US Tax Returns
- BazarBackdoor: TrickBot gang’s new stealthy network-hacking malware
- VMware Carbon Black TAU Threat Analysis: The Evolution of Lazarus
- Ursnif via LOLbins
Tools and Tips
- 5 Tips for Effective Threat Hunting
- What does it take to become a good reverse engineer?
- OptOut – Compiler Undefined Behavior Optimizations
- SpectX: Log Parser for DFIR
- Comparing open source adversary emulation platforms for red teams
- 10 tips for protecting computer security and privacy at home
- Video conferencing: new guidance for individuals and for organisations
- LogonTracer v1.4 Released
- BlackBag Announces Release of BlackLight 2020 R1
- Ghost In The Logs – allows you to evade sysmon and windows event logging
- XLMMacroDeobfuscator – Extracts and Deobfuscates XLM macros (a.k.a Excel 4.0 Macros)
- ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra disassemblers.
- Forensic Walkthrough: QBot Infection
- Ebfuscation: Abusing system errors for binary obfuscation
- Zloader-extractor: A script to extract network IOCs from Zloader xls droppers
- Unhide.py – A script of unhiding hidden Excel sheets
- Career Hacking: Tips and Tricks to Making the Most of your Career
- The Simple Path Towards Cybersecurity Expertise
- How to Set Up a SpiderFoot Server for OSINT Research
- Analysis of Apple Unified Logs: Quarantine Edition [Entry 1] – Converting Log Archive Files on 10.15 (Catalina)
- Lynis – Auditing System Hardening and Compliance Testing
- Windows DLL Hijacking (Hopefully) Clarified
Breaches, Government, and Law Enforcement
- Report on unauthorized login to “Nintendo Network ID” and request for safe use of “Nintendo Account”
- Fight Back: How to Stop Cyber Criminals During the Pandemic
- Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining
- Unproven Coronavirus Therapy Proves Cash Cow for Shadow Pharmacies
- US-CERT Alert (AA20-107A): Continued Threat Actor Exploitation Post Pulse Secure VPN Patching
- Department of Justice Announces Disruption of Hundreds of Online COVID-19 Related Scams
Vulnerabilities and Exploits
- Multiple Vulnerabilities in Autodesk FBX-SDK library Could Allow for Arbitrary Code Execution
- You’ve Got (0-click) Mail!
- Multiple Vulnerabilities in IBM Data Risk Manager
- Vulnerability Spotlight: Zoom Communications user enumeration
- US-CERT Bulletin (SB20-111): Vulnerability Summary for the Week of April 13, 2020
- CVE-2020-0022 an Android 8.0-9.0 Bluetooth Zero-Click RCE – BlueFrag