Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Netskope: Threat Labs Report – April 2021
- CISA: Top 10 Malware March 2021
- ZDNet: Private equity firm Thoma Bravo to spend $12.3 billion on Proofpoint acquisition
- IBM: The Sodinokibi Chronicles: A (R)Evil Cybercrime Gang Disrupting Organizations for Trade Secrets and Cash
- Recorded Future: The Business of Fraud: Deepfakes, Fraud’s Next Frontier
- SecureList: APT trends report Q1 2021
- Dragos: New ICS Threat Activity Group: TALONITE
- Phish Labs: ZLoader Dominates Email Payloads in Q1
- CISA: Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders
- F5: Cyberattacks Targeting Latin America, January through March 2021
- Haft of the Spear: From Solar Sunrise to Solar Winds: The Questionable Value of Two Decades of Cybersecurity Advice
- Vulnerability: Ransomware and Data Leak Site Publication Time Analysis
Threat Research
- Proofpoint: FluBot Android Malware Spreading Rapidly Through Europe, May Hit US Soon
- FireEye: UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat
- FireEye: Abusing Replication: Stealing AD FS Secrets Over the Network
- Netlab 360: RotaJakiro: A long live secret backdoor with 0 VT detection
- Fortinet: Deep Analysis: FormBook New Variant Delivered in Phishing Campaign – Part III
- Cybereason: PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector
- Bitdefender: New Nebulae Backdoor Linked with the NAIKON Group
- Unit 42: New Shameless Commodity Cryptocurrency Stealer (WeSteal) and Commodity RAT (WeControl)
- Positive Technologies: Lazarus Group Recruitment: Threat Hunters vs Head Hunters
- NVISO Labs: Anatomy of Cobalt Strike’s DLL Stager
- Juniper Networks: Linux Servers Hijacked to Implant SSH Backdoor
- Bushido Token: Mo Money, Mo Magecart
- Trend Micro: How Cybercriminals Abuse OpenBullet for Credential Stuffing
- Trend Micro: Hello Ransomware Uses Updated China Chopper Web Shell, SharePoint Vulnerability
- Walmart: CobaltStrike Stager Utilizing Floating Point Math
Tools and Tips
- SpecterOps: Offensive Security Guide to SSH Tunnels and Proxies
- CrowdStrike: Ransomware Preparedness: A Call To Action
- SecureList: Targeted Malware Reverse Engineering Workshop follow-up. Part 2
- SANS ISC: Qiling: A true instrumentable binary emulation framework
- Red Canary: Does signed mean trusted? The Mimikatz dilemma
- NVISO Labs: I Solemnly Swear I Am Up To No Good. Introducing the Marauders Map
- F-Secure: Heavy Metal Debugging; Debugging and Reversing HLASM with TSO TEST
- AhmedS Kasmani: Malware Analysis: VBScript dropper for NJRat. (video)
- Reversing Labs: Spotting malicious Excel4 macros
- Didier Stevens: https://blog.didierstevens.com/2021/04/26/quickpost-decrypting-cobalt-strike-traffic
- Open Threat Research Blog: Malware Analysis Series – Setting Up a Basic Malware Analysis Virtual Lab
Breaches, Government, and Law Enforcement
- Troy Hunt: Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU
- Flashpoint: Second Iranian State-Sponsored Ransomware “Project Signal” Emerges
- Institute for Security and Technology: Combatting Ransomware: A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force
- NPR: After SolarWinds Hack, Biden Plans Executive Order Strengthening Cybersecurity
- Krebs: Experian API Exposed Credit Scores of Most Americans
- US DOJ: Individual Arrested and Charged with Operating Notorious Darknet Cryptocurrency “Mixer”
- Digital Shadows: The Dark Web Response to COVID Vaccinations
- The Record: Babuk gang says it will stop ransomware attacks after DC Police incident
- Lawfare: When Should U.S. Cyber Command Take Down Criminal Botnets?
Vulnerabilities and Exploits
- Microsoft: “BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks
- Talos: Vulnerability Spotlight: Information disclosure vulnerability in the Linux Kernel
- CISA: Vulnerability Summary for the Week of April 19, 2021
- Objective-See: All Your Macs Are Belong To Us
- Sentinel Labs: Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
- Jamf: Prev Shlayer malware abusing Gatekeeper bypass on macOS
1 comment / Add your comment below