Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Gemini Advisory: Amid Boom in Phishing, Fraudsters Target Customers of Small and Mid-sized Banks
- Recorded Future: China Propaganda Network Targets BBC Media, UK in Influence Campaign
- Cloudflare: Cloudflare thwarts 17.2M rps DDoS attack — the largest ever reported
- Phish Labs: New Quarterly Threat Trends & Intelligence Report Now Available
- Krebs: Wanted: Disgruntled Employees to Deploy Ransomware
- BleepingComputer: LockFile ransomware attacks Microsoft Exchange with ProxyShell exploits
- VMWare: Combating Cybersecurity Burnout Through Self-care, Empathy, and Empowerment
- Microsoft: Trend-spotting email techniques: How modern phishing emails hide in plain sight
- Huntress: Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit
- DoublePulsar: Multiple threat actors, including a ransomware gang, exploiting Exchange ProxyShell vulnerabilities
Threat Research
- Trend Micro: LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK
- IBM: Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang
- Recorded Future: Operation Secondary Infektion Targets Democratic Institutions
- Symantec: LockFile: Ransomware Uses PetitPotam Exploit to Compromise Windows Domain Controllers
- Check Point: Indra — Hackers Behind Recent Attacks on Iran
- Cisco Talos: Neurevt trojan takes aim at Mexican users
- Cisco Talos: Malicious Campaign Targets Latin America: The seller, The operator and a curious link
- PAN Unit 42: Discovering CAPTCHA Protected Phishing Campaigns
- Blackberry: Threat Thursday: TA575/Dridex
- Sentinel Labs: ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage
- Volexity: North Korean APT InkySquid Infects Victims Using Browser Exploits
- The DFIR Report: Trickbot Leads Up to Fake 1Password Installation
- Walmart: Looking at the new Krypton crypter and recent Data Exfiltrator Samples
- Active Countermeasures: Malware of the Day – Pings!
- Cyble: A Deep-dive Analysis of LOCKBIT 2.0
Tools and Tips
- SpecterOps: Playing Detection with a Full Deck — The importance of Identification in Detection Engineering
- SpecterOps: 1Password Secret Retrieval — Methodology and Implementation
- CIS: How to Layer Secure Docker Containers with Hardened Images
- FireEye: Detecting Embedded Content in OOXML Documents
- IBM: Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon
- Microsoft: New Versions of Sysinternals Tools
- SANS ISC: Simple Tips For Triage Of MALWARE Bazaar’s Daily Malware Batches
- SANS ISC: Waiting for the C2 to Show Up
- Red Canary: Remote access tool or trojan? How to detect misbehaving RATs
- Intezer: Cobalt Strike: Detect this Persistent Threat
- NVISO Labs: Building an ICS Firing Range – Part 1
- FalconForce: FalconFriday — Detecting UAC Bypasses — 0xFF16
- Nasreddine Bencherchali: A Primer On Event Tracing For Windows (ETW)
- Advanced Intel: Hunting for Corporate Insurance Policies: Indicators of [Ransom] Exfiltration
- Google (podcast): The Mysteries of Detection Engineering: Revealed!
- Michael Koczwara: Cobalt Strike Hunting — DLL Hijacking/Attack Analysis
Breaches, Government, and Law Enforcement
- ZDNet: T-Mobile says information of more than 48 million customers leaked in breach
- Flashpoint: Counterfeit COVID Vaccine Card Market Takes Hold in the US and Europe
- AP: Cyber leader calls for nonpartisan path to securing the vote
- CNN: Colonial Pipeline says ransomware attack also led to personal information being stolen
- Schneier: Apple Adds a Backdoor to iMessage and iCloud Storage
- BleepingComputer: AT&T denies data breach after hacker auctions 70 million user database
- The Record: Japanese crypto-exchange Liquid hacked for $94 million
- The Record: Hackers breached US Census Bureau in January 2020 via Citrix vulnerability
Vulnerabilities and Exploits
- FireEye: Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices
- Fortinet: Fortinet FortiWeb OS Command Injection
- CISA: Vulnerability Summary for the Week of August 9, 2021
- CISA: BadAlloc Vulnerability Affecting BlackBerry QNX RTOS
- SANS ISC: Laravel (<=v8.4.2) exploit attempts for CVE-2021-3129 (debug mode: Remote code execution)
- ThreatPost: Critical Cisco Bug in Small Business Routers to Remain Unpatched
- Orange: A New Attack Surface on MS Exchange Part 3 – ProxyShell!
1 comment / Add your comment below