Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Fidelis: 2022 AWS Cloud Security Report
- Dragos: Food Processing Special Report Reveals Increasing Concern of Cyber Attacks for Food & Beverage Industry
- PhishLabs: Q2 Phishing Volume Up, Compromised Sites Lead Staging Methods
- Intel471: Five takeaways from Intel 471’s first Annual Threat Report
- Rapid7: Cyber Incident Reporting Regulations Summary and Chart
Threat Research
- Proofpoint: Rising Tide: Chasing the Currents of Espionage in the South China Sea
- Netskope: AsyncRAT: Using Fully Undetected Downloader
- Microsoft: Vulnerability in TikTok Android app could lead to one-click account hijacking
- Zscaler: No Honor Among Thieves – Prynt Stealer’s Backdoor Exposed
- IBM: Raspberry Robin and Dridex: Two Birds of a Feather
- Fortinet: Ransomware Roundup: Snatch, BianLian and Agenda
- Check Point: Check Point Research detects Crypto Miner malware disguised as Google translate desktop and other legitimate applications
- Cisco Talos: ModernLoader delivers multiple stealers, cryptominers and RATs
- Cybereason: THREAT ANALYSIS REPORT: Ragnar Locker Ransomware Targeting the Energy Sector
- McAfee: Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users
- SentinelOne: PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks
- Trend Micro: Buzzing in the Background: BumbleBee, a New Modular Backdoor Evolved From BookWorm
- Sophos: Cookie stealing: the new perimeter bypass
- MDSec: PART 3: How I Met Your Beacon – Brute Ratel
- dodo-sec: A FormBook Matryoshka
Tools and Tips
- CrowdStrike: CrowdStrike Introduces Sandbox Scryer: A Free Threat-Hunting Tool for Generating MITRE ATT&CK and Navigator Data
- CrowdStrike: Defense Against the Lateral Arts: Detecting and Preventing Impacket’s Wmiexec
- SpecterOps: Automating Azure Abuse Research — Part 2
- CIS: CIS Software Supply Chain Security Guide
- CISA: CISA, NSA, and ODNI Release Part One of Guidance on Securing the Software Supply Chain
- Mandiant: Reviewing macOS Unified Logs
- Mandiant: Announcing the Ninth Annual Flare-On Challenge
- F5: How to Pen Test the C-Suite for Cybersecurity Readiness
- PAN Unit42: Tor 101: How Tor Works and its Risks to the Enterprise
- NVISO Labs: Finding hooks with windbg – NVISO Labs
- TrustedSec: Maturity, Effectiveness, And Risk – Security Program Building And Business Resilience
- Datadog: Introducing Threatest, A Go Framework For End-to-end Testing Of Threat Detection Rules
- mdecrevoisier: Microsoft-eventlog-mindmap: Set of Mindmaps providing a detailed overview of the different Microsoft auditing capacities
- Fishing the Internet: The Rise of LNK Files (T1547.009) and Ways To Detect Them
- jasonsoford: intel_collector is a Python library to query various sources of threat intelligence for data on domains, file hashes, and IP addresses
- JohnF: NanoCore RAT Hunting Guide Analysis and tools for hunting NanoCore command-and-control
- Nodauf: Practical guide step by step to create golden SAML
Breaches, Government, and Law Enforcement
- Recorded Future: Combating Human Trafficking With Threat Intelligence — Prosecution
- Krebs: Final Thoughts on Ubiquiti
- BleepingComputer: Montenegro hit by ransomware attack, hackers demand $10 million
- Samsung: Important Notice Regarding Customer Information
- National Police of Ukraine: The National Police exposed a network of “call centers”: those involved “specialized” in financial scams
- The Record: FBI, Secret Service join Kentucky investigation into $4 million cybercrime theft
- Lawfare: Should Uncle Sam Worry About ‘Foreign’ Open-Source Software? Geographic Known Unknowns and Open-Source Software Security
- Data Breach Today: Courts May Decide If Lloyd’s Must Cover Nation-State Attacks
- Risky Biz News: Greece tries to downplay its spyware scandal
- University of Cambridge, University of Strathclyde, University of Edinburgh: Getting Bored of Cyberwar: Exploring the Role of the Cybercrime Underground in the Russia-Ukraine Conflict
Vulnerabilities and Exploits
- Google: Google Open Source Software Vulnerability Reward Program Rules
- SANS ISC: Jolokia Scans: Possible Hunt for Vulnerable Apache Geode Servers (CVE-2022-37021)
- CISA: Vulnerability Summary for the Week of August 22, 2022
- JP-CERT: A File Format to Aid in Security Vulnerability Disclosure – the first step to a proper connection
Thanks, love the newsletter
Thanks for reading Micha!