Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Securing Home Networks & Small Office Equipment (webinar)
- BEC Gift Card Scams Move Online During COVID-19 Pandemic
- Cloudflare dumps reCAPTCHA as Google intends to charge for its use
- Accenture Acquires Revolutionary Security, Provider of Cybersecurity Services for Critical Infrastructure
- Microsoft shares new threat intelligence, security guidance during global crisis
- Advisory: COVID-19 exploited by malicious cyber actors (Joint alert from DHS and NCSC)
- Ransomware in the Health Sector 2020 – A Perfect Storm of New Targets and Methods (email Registration Required)
- Spam and phishing in 2019
- Online credit card skimming increased by 26 percent in March
- Election security: Why to care and what to do about it
- Report: Decade of the RATs (Registration Required)
Threat Research
- New dark_nexus IoT Botnet Puts Others to Shame
- ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework
- Phishers and iPhone Thieves Rolling Out Multimillion-Dollar Operations
- Despite Infighting and Volatility, Iran Maintains Aggressive Cyber Operations Structure
- Intent to Infekt: ‘Operation Pinball’ Tactics Reminiscent of ‘Operation Secondary Infektion
- Unkillable xHelper and a Trojan matryoshka
- APTs and COVID-19: How advanced persistent threats use the coronavirus as a lure
- Threat Actors Migrating to the Cloud
- Increase in RDP Scanning
- COVID-19 Phishing Update: Promise of Payments Fuel Financial Fraud
- Limited Shifts in the Cyber Threat Landscape Driven by COVID-19
- An In-depth Look at MailTo Ransomware, Part Three of Three
- Deep Dive Into TrickBot Executor Module “mexec”: Hidden “Anchor” Bot Nexus Operations
- TAU Threat Analysis: NetWire Variant Leveraging AutoIt Scripts and Windows Shortcut Links
- COVID-19, Excel 4.0 Macros, and Sandbox Detection – #zloader
Tools and Tips
- Introducing New SANS 3MinMax Series with Certified Instructor Kevin Ripa
- 3 Straightforward Ways to Build a SOC
- Wireshark 3.2.3 Released: Mac Users Pay Attention Please
- Uncompromised: Unpacking a malicious Excel macro
- Thinking Outside the Bochs: Code Grafting to Unpack Malware in Emulation
- Cloudy Times: Extracting and Analyzing Location Evidence from Cloud Services
- Universally Evading Sysmon and ETW
- LevelUp Labs
- ATT&CK Navigator Layers for CrowdStrike, Red Canary and Recorded Future Reports
- Free Autopsy Digital Forensics Training
- Upcoming Release of IDA Home
Breaches, Government, and Law Enforcement
- Foreign National and American Trader Settle Fraud Charges in EDGAR Hacking Case
- Corona Crimes: Suspect Behind €6 Million Face Masks and Hand Sanitizer Scam Arrested Thanks to International Police Cooperation
- New IRS Site Could Make it Easy for Thieves to Intercept Some Stimulus Payments
- ACLU WHITE PAPER: THE LIMITS OF LOCATION TRACKING IN AN EPIDEMIC
Vulnerabilities and Exploits
- Vulnerability Exploitation Trends to Watch
- Critical Vuln in vCenter vmdir (CVE-2020-3952)
- US-CERT Bulletin (SB20-097): Vulnerability Summary for the Week of March 30, 2020
- Attacks Simultaneously Exploiting Vulnerability in IE (CVE-2020-0674) and Firefox (CVE-2019-17026)