Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- ZDNet – ThreatConnect acquires enterprise risk management firm Nehemiah Security
- Business Insurance – Ransomware demands rise sharply in H1: Coalition
- Coalition – H1 2020 Cyber Insurance Claims Report (registration required) – Download Here
- Delve – Secureworks to Acquire Vulnerability Management Platform Delve Laboratories
- Flashpoint – The Fall of an Empire
- Kaspersky – An overview of targeted attacks and APTs on Linux
- Harvard – National Cyber Power Index 2020 [PDF]
- AT&T – 2020 Cybersecurity Data: The Cost of Cyber Crime
- Microsoft – New cyberattacks targeting US elections – Microsoft on the Issues
Threat Research
- NVISO Labs – Epic Manchego – atypical maldoc delivery brings flurry of infostealers
- Sucuri – WordPress Malware Disables Security Plugins to Avoid Detection
- zscaler – TikTok Spyware
- eset – Who is calling? CDRThief targets Linux VoIP softswitches
- Malwarebytes – Malvertising campaigns come back in full swing
- Group IB – Lock Like a Pro: Dive in Recent ProLock’s Big Game Hunting
- Juniper Networks – Zeppelin Ransomware returns with a fresh wave of attacks
- BushidoToken – Fantastic APTs and Where to Find Them
- YUSUF ARSLAN POLAT – OpBlueRaven: Unveiling Fin7/Carbanak – Part II : BadUSB Attacks
- MSTIC – STRONTIUM: Detecting new patterns in credential harvesting
Tools and Tips
- Flare-On – the 2020 Challenge begins
- SANS ISC – What’s in Your Clipboard? Pillaging and Protecting the Clipboard
- Red canary – Breaking down a breach with Red Canary’s incident handling team
- Intezer – TTPs Matrix for Linux Cloud Servers with Detection Methods
- US-CERT – Technical Approaches to Uncovering and Remediating Malicious Activity
- ReversingLabs – Excel 4.0 Macros
- Palo unit42 – The Challenge of Persistence in Containers and Serverless
- alexandereborges – Malwoverview updated to 4.0.3
- Adam Listek – The PowerShell Grep [Tutorial]
- R3nhat – GRAT2 is a Command and Control (C2) tool written in python3 and the client in .NET 4.0
- Enisa – Training for Cybersecurity Specialists
- SANS – Attack surfaces, tools and techniques cheat sheet
- ThinkDFIR – Quick Post: Disk Images for Test Environment
- Raj Chandel – Understanding the CSRF Vulnerability (A Beginner’s Guide)
- Koupi – PowerShell Tips & Tricks That Will Increase Your Productivity
- stuhli – DFIRTrack (Digital Forensics and Incident Response Tracking application) is an open source web application
- D20 Forensics – iOS – Files App Part Deux: Quick Images and A Chart!
- PT Swarm – IDA Pro Tips to Add to Your Bag of Tricks
- MITRE – Defining ATT&CK Data Sources, Part I: Enhancing the Current State
Breaches, Government, and Law Enforcement
- Eterbase – HOT WALLETS COMPROMISED – OFFICIAL ANNOUNCEMENT
- Hartfor Public Schools – Opening Postponed Due to Ransomware Attack
- Space News – White House issues cybersecurity space policy
- cyberscoop – How the government is keeping hackers from disrupting coronavirus vaccine research
- Bleeping Computer – The Week in Ransomware – September 11th 2020 – A barrage of attacks
- BC Security – Empire: Malleable C2 Profiles
Vulnerabilities and Exploits
- CISA – Multiple Vulnerabilities in Palo Alto PAN-OS Could Allow for Arbitrary Code Execution
- CISA – Critical Patches Issued for Microsoft Products, September 08, 2020
- Fortinet – FortiGuard Labs Discovers Multiple Critical Vulnerabilities in Adobe InDesign
- SANS ISC – Microsoft September 2020 Patch Tuesday
- US-CERT – Vulnerability Summary for the Week of August 31, 2020
- Source Incite – Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution Vulnerability
- Microsoft – CVE-2020-16875 | Microsoft Exchange Server Remote Code Execution Vulnerability
- SecuraBV – Python testing script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472)
1 comment / Add your comment below