Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- TechSheilder: The Best Cities For A Cybersecurity Job
- ENISA: Threat Landscape for Supply Chain Attacks — ENISA
- SonicWall: 2021 Cyber Threat Report Mid-Year Update
- The Record: Disgruntled ransomware affiliate leaks the Conti gang’s technical manuals
- Flashpoint: Disgruntled Conti Affiliate Leaks Ransomware Training Documents
- Kaspersky: Q2 2021 spam and phishing report
- Malwarebytes (registration required): 2021 State of Malware Report
- Dragos: Lessons Learned From Examining More Than a Decade of Public ICS/OT Exploits
- Digital Shadows: Initial Access Brokers in Q2
- PAN Unit42: IAM Misconfigurations: More Organizations Fail to Take Precautions
Threat Research
- CrowdStrike: How PROPHET SPIDER Exploits Oracle WebLogic
- Sophos: Trash Panda as a Service: Raccoon Stealer steals cookies, cryptocoins, and more
- Cybereason: DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos
- IBM: ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group
- ESET: IIStealer: A server‑side threat to e‑commerce transactions
- Blackberry: Threat Thursday: Don’t Let njRAT Take Your Cheddar
- Group-iB: Prometheus TDS
- Positive Technologies: APT31 new dropper. Target destinations: Mongolia, Russia, the US, and elsewhere
- The DFIR Report: BazarCall to Conti Ransomware via Trickbot and Cobalt Strike
- Segurança Informática: The clandestine Horus Eyes RAT: From the underground to criminals’ arsenal
Tools and Tips
- RecordedFuture: Protect Against BlackMatter Ransomware Before It’s Offered
- NSA: NSA Issues Guidance on Securing Wireless Devices in Public Settings
- SANS ISC: Pivoting and Hunting for Shenanigans from a Reported Phishing Domain
- Malware-Traffic-Analysis: 2021-07 – Traffic analysis exercise – Dualrunning
- RedCanary: Red Canary Intel: When Dridex and Cobalt Strike give you Grief
- Expel: How Expel goes detection sprinting in Google Cloud
- Secureworks: Detecting Cobalt Strike: Penetration Testers
- F-Secure: Playing with PuTTY
- SANS: How You Can Start Learning Malware Analysis
- Microsoft: Sharing the first SimuLand dataset to expedite research and learn about adversary tradecraft
- Microsoft: Spotting brand impersonation with Swin transformers and Siamese neural networks
- AGDC Services (video): How To Quickly Unpack Qbot Loader Malware
- 0xmachos: If someone wants to learn MacOS IR/forensics what’s the best resource for that?
- SOC Investigation: Lateral Movement Detection with Windows Event Logs Active Directory
- Infosec Write-ups: Autopsy Walkthrough Tryhackme
Breaches, Government, and Law Enforcement
- US DOJ: Department of Justice Statement on SolarWinds Update
- CNBC: IRS has seized $1.2 billion worth of cryptocurrency this year
- CISA: CISA Launches New Joint Cyber Defense Collaborative
- ThreatPost: Zoom Settlement: An $85M Business Case for Security Investment
- The Record: Motherboard vendor GIGABYTE hit by RansomExx ransomware gang
Vulnerabilities and Exploits
- Risk Based Security (registration required): Download the 2021 Mid Year Vulnerability QuickView Report Today
- Nozomi: New Research Uncovers 5 Vulnerabilities in Mitsubishi Safety PLCs
- Check Point: Do you like to read? I can take over your Kindle with an e-book
- CISA: Vulnerability Summary for the Week of July 26, 2021
- Trustwave: SQL Injection in WordPress Plugins: ORDER and ORDER BY as Overlooked Injection Points
- Sentinel One: Hotcobalt – New Cobalt Strike DoS Vulnerability That Lets You Halt Operations – SentinelLabs
- Juniper: Freshly disclosed vulnerability CVE-2021-20090 exploited in the wild
- Cisco: Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability
1 comment / Add your comment below