Industry Reports, News, and Miscellany

• Netskope: Threat Labs Report – July 2022
• CIS: Brute Ratel: The New Red Teaming Tool Coopted by CTAs
• Microsoft: Cyber Signals: Defend against the new ransomware landscape
• Fortinet: Key Findings from the 1H 2022 FortiGuard Labs Threat Report
• Flashpoint: 1,980 Data Breaches Were Reported in 2022 H1 and 60% Were the Result of Hacking
• Recorded Future: H1 2022: Malware and Vulnerability Trends Report
• Red Canary: Intelligence Insights: August 2022
• Phish Labs: Old Threats, New High: Response-Based Emails Increase in Q2
• Trustwave: 2022 Trustwave SpiderLabs Telemetry Report

Threat Research

• Proofpoint: Reservations Requested: TA558 Targets Hospitality and Travel
• Mandiant: You Can’t Audit Me: APT29 Continues Targeting Microsoft 365
• Mitiga: Advanced BEC Scam Campaign Targeting Executives on O365
• Microsoft: MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
• Microsoft: MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
• Zscaler: Making victims pay, infostealer malwares mimick pirated-software download sites
• IBM: From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers
• Fortinet: A Tale of PivNoxy and Chinoxy Puppeteer
• Securelist: Kimsuky’s GoldDragon cluster and its C2 operations
• Cybereason: THREAT ALERT: HavanaCrypt Ransomware Masquerading as Google Update
• SANS ISC: Monster Libra (TA551/Shathak) –> IcedID (Bokbot) –> Cobalt Strike & DarkVNC
• Expel: MORE_EGGS and Some LinkedIn Resumé Spearphishing
• Inquest: Pulling together the pieces to build the puzzle
• Secureworks: DarkTortilla Malware Analysis
• PAN Unit42: Threat Assessment: Black Basta Ransomware
• BushidoToken: Analysis of the emerging Darth Maul eCrime Market
• Group-IB: APT41 World Tour 2021 on a tight schedule
• Google: New Iranian APT data extraction tool
• Elastic: QBOT Malware Analysis
• Splunk: AppLocker Rules as Defense Evasion: Complete Analysis

Tools and Tips

• SpecterOps: On Detection: Tactical to Functional
• CrowdStrike: Adversary Quest 2022 Walkthrough, Part 3: Four PROTECTIVE PENGUIN Challenges
• Mandiant: Ghidrathon: Snaking Ghidra with Python 3 Scripting
• Mandiant: GitHub – mandiant/Azure_Workshop
• Microsoft: Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
• IBM: The Ransomware Playbook Mistakes That Can Cost You Millions
• Recorded Future: Detections in the Sky: Sigma Rules to Enhance Cloud Security for the Big Three
• SANS ISC: Taking Apart URL Shorteners
• Binary Defense: Digging Through Rust To Find Gold: Extracting Secrets From Rust Malware
• Open Source DFIR: Generate your own hash sets with HashR
• Atomic Matryoshka: What is an AMSI bypass?
• DFIR Science: What data can you find in RAM?
• OALABS: SmokeLoader Triage
• Security Through Obscenity: THE DOMAIN CONTROLLER
• Cyberwarzone: Shodan queries list for Threat Hunters (2022)
• Advanced-threat-research: GitHub – advanced-threat-research/DotDumper: An automatic unpacker and logger for DotNet Framework targeting files
• Jonathan Johnson: WMI Internals Part 2 Reversing a WMI Provide
• c3rb3ru5d3d53c: [38] Malware Theory – The Stack
• Katie Nickels: A Cyber Threat Intelligence Self-Study Plan: Part 2
• Covertshell: DFIR triage and Timeline Analysis
• WithSecureLabs: Chainsaw: Rapidly Search and Hunt through Windows Event Logs
• Elastic: The Elastic Container Project for Security Research
• Danusminimus: The guide for a freeloader Threat Intelligence Analyst and Malware Researcher

Breaches, Government, and Law Enforcement 

• CNBC: Former Apple engineer accused of stealing automotive trade secrets pleads guilty
• BleepingComputer: DoorDash discloses new data breach tied to Twilio hackers
• Reversing Labs: The Week in Cybersecurity: French hospital hit with ransomware attack
• Lawfare: Didi Fined $1.2 Billion for Violating Data Security Laws
• Data Breach Today: Hacker Steals Source Code, Proprietary Data from LastPass
• Risky Business News: Explosive whistleblower report exposes Twitter’s shoddy security
• US DOJ: Alleged Russian Cryptocurrency Money Launderer Extradited from the Netherlands to the United States
• Bellingcat: Socialite, Widow, Jeweller, Spy: How a GRU Agent Charmed Her Way Into NATO Circles in Italy

Vulnerabilities and Exploits

• IBM: CISA or CVSS: How Today’s Vulnerability Databases Work Together
• Malwarebytes: Update now! GitLab issues critical security release for RCE vulnerability
• CISA: Vulnerability Summary for the Week of August 15, 2022
• CISA: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
• Digital Shadows: Vulnerability Intelligence RoundUp: Cloudy With A Chance Of Zero Days
• F5 Labs: Sensor Intel Series: Top CVEs in July 2022
• Orange: Orange: Let’s Dance in the Cache – Destabilizing Hash Table on Microsoft IIS!
• Greynoise: Zimbra Collaboration Suite vulnerability analysis