Industry Reports, News, and Miscellany
- Netskope: Threat Labs Report – July 2022
- CIS: Brute Ratel: The New Red Teaming Tool Coopted by CTAs
- Microsoft: Cyber Signals: Defend against the new ransomware landscape
- Fortinet: Key Findings from the 1H 2022 FortiGuard Labs Threat Report
- Flashpoint: 1,980 Data Breaches Were Reported in 2022 H1 and 60% Were the Result of Hacking
- Recorded Future: H1 2022: Malware and Vulnerability Trends Report
- Red Canary: Intelligence Insights: August 2022
- Phish Labs: Old Threats, New High: Response-Based Emails Increase in Q2
- Trustwave: 2022 Trustwave SpiderLabs Telemetry Report
Threat Research
- Proofpoint: Reservations Requested: TA558 Targets Hospitality and Travel
- Mandiant: You Can’t Audit Me: APT29 Continues Targeting Microsoft 365
- Mitiga: Advanced BEC Scam Campaign Targeting Executives on O365
- Microsoft: MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
- Microsoft: MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
- Zscaler: Making victims pay, infostealer malwares mimick pirated-software download sites
- IBM: From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers
- Fortinet: A Tale of PivNoxy and Chinoxy Puppeteer
- Securelist: Kimsuky’s GoldDragon cluster and its C2 operations
- Cybereason: THREAT ALERT: HavanaCrypt Ransomware Masquerading as Google Update
- SANS ISC: Monster Libra (TA551/Shathak) –> IcedID (Bokbot) –> Cobalt Strike & DarkVNC
- Expel: MORE_EGGS and Some LinkedIn Resumé Spearphishing
- Inquest: Pulling together the pieces to build the puzzle
- Secureworks: DarkTortilla Malware Analysis
- PAN Unit42: Threat Assessment: Black Basta Ransomware
- BushidoToken: Analysis of the emerging Darth Maul eCrime Market
- Group-IB: APT41 World Tour 2021 on a tight schedule
- Google: New Iranian APT data extraction tool
- Elastic: QBOT Malware Analysis
- Splunk: AppLocker Rules as Defense Evasion: Complete Analysis
Tools and Tips
- SpecterOps: On Detection: Tactical to Functional
- CrowdStrike: Adversary Quest 2022 Walkthrough, Part 3: Four PROTECTIVE PENGUIN Challenges
- Mandiant: Ghidrathon: Snaking Ghidra with Python 3 Scripting
- Mandiant: GitHub – mandiant/Azure_Workshop
- Microsoft: Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
- IBM: The Ransomware Playbook Mistakes That Can Cost You Millions
- Recorded Future: Detections in the Sky: Sigma Rules to Enhance Cloud Security for the Big Three
- SANS ISC: Taking Apart URL Shorteners
- Binary Defense: Digging Through Rust To Find Gold: Extracting Secrets From Rust Malware
- Open Source DFIR: Generate your own hash sets with HashR
- Atomic Matryoshka: What is an AMSI bypass?
- DFIR Science: What data can you find in RAM?
- OALABS: SmokeLoader Triage
- Security Through Obscenity: THE DOMAIN CONTROLLER
- Cyberwarzone: Shodan queries list for Threat Hunters (2022)
- Advanced-threat-research: GitHub – advanced-threat-research/DotDumper: An automatic unpacker and logger for DotNet Framework targeting files
- Jonathan Johnson: WMI Internals Part 2 Reversing a WMI Provide
- c3rb3ru5d3d53c: [38] Malware Theory – The Stack
- Katie Nickels: A Cyber Threat Intelligence Self-Study Plan: Part 2
- Covertshell: DFIR triage and Timeline Analysis
- WithSecureLabs: Chainsaw: Rapidly Search and Hunt through Windows Event Logs
- Elastic: The Elastic Container Project for Security Research
- Danusminimus: The guide for a freeloader Threat Intelligence Analyst and Malware Researcher
Breaches, Government, and Law Enforcement
- CNBC: Former Apple engineer accused of stealing automotive trade secrets pleads guilty
- BleepingComputer: DoorDash discloses new data breach tied to Twilio hackers
- Reversing Labs: The Week in Cybersecurity: French hospital hit with ransomware attack
- Lawfare: Didi Fined $1.2 Billion for Violating Data Security Laws
- Data Breach Today: Hacker Steals Source Code, Proprietary Data from LastPass
- Risky Business News: Explosive whistleblower report exposes Twitter’s shoddy security
- US DOJ: Alleged Russian Cryptocurrency Money Launderer Extradited from the Netherlands to the United States
- Bellingcat: Socialite, Widow, Jeweller, Spy: How a GRU Agent Charmed Her Way Into NATO Circles in Italy
Vulnerabilities and Exploits
- IBM: CISA or CVSS: How Today’s Vulnerability Databases Work Together
- Malwarebytes: Update now! GitLab issues critical security release for RCE vulnerability
- CISA: Vulnerability Summary for the Week of August 15, 2022
- CISA: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
- Digital Shadows: Vulnerability Intelligence RoundUp: Cloudy With A Chance Of Zero Days
- F5 Labs: Sensor Intel Series: Top CVEs in July 2022
- Orange: Orange: Let’s Dance in the Cache – Destabilizing Hash Table on Microsoft IIS!
- Greynoise: Zimbra Collaboration Suite vulnerability analysis