Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- APWG: Phishing Activity Trends Report – Q2 2020 (PDF)
- Recorded Future: Russian-Related Threats to the 2020 US Presidential Election
- Kaspersky: IT threat evolution Q2 2020. Mobile statistics
- Kaspersky: IT threat evolution Q2 2020. PC statistics
- CrowdStrike: PIONEER KITTEN: Targets & Methods [Adversary Profile]
- PhishLabs: Navigating Social Media Threats : A Digital Risk Protection Playbook
- Cloudflare: August 30th 2020: Analysis of CenturyLink/Level(3) Outage
Threat Research
- CyberReason: No Rest for the Wicked: Evilnum Unleashes PyVil RAT
- RiskIQ: Inter: The Magecart Skimming Tool Now on More than 1,500 Sites
- ESET: KryptoCibule: The multitasking multicurrency cryptostealer
- Malwarebytes: New web skimmer steals credit card data, sends to crooks via Telegram
- Talos: Salfram: Robbing the place without removing your name tag
- Proofpoint: Chinese APT TA413 Resumes Targeting of Tibet Following COVID-19 Themed Economic Espionage Campaign Delivering Sepulcher Malware Targeting Europe
- GData: DLL Fixer leads to Cyrat Ransomware
- digital shadows: Revisiting Typosquatting And The 2020 US Presidential Election
- Sentinel Labs: Multi-Platform SMAUG RaaS Aims To See Off Competitors
- Sentinel Labs: Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic
- Palo Unit42: Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa
- JPCERT: Malware Used by Lazarus after Network Intrusion
- The DFIR Report: NetWalker Ransomware in 1 Hour – The DFIR Report
Tools and Tips
- SpecterOs: Malware Development Pt. 1: Dynamic Module Loading in Go
- CIS: Information Hub : Securing Debian Family Linux
- IBM Security Intelligence: SOC 2.0: A Guide to Building a Strong Security Ops Team
- Intezer: Turning Open Source Against Malware
- US-CERT: Technical Approaches to Uncovering and Remediating Malicious Activity
- Compass Security: 101 for lateral movement detection
- CyberArk: Running Sensitive Apps in WSL: (SAFE + SAFE) < SAFE
- D20 Forensics: iOS – The Tile Strikes Back
- Möbius Strip Reverse Engineering: An Exhaustively-Analyzed IDB for ComRAT v4
- Milann Shrestha: Analysis: Emotet in Nepa
- Menasec: Discovering Windows Registry Symbolic Links using Sysmon
- Fox-IT: Machine learning from idea to reality: a PowerShell case study
- Roberto Rodriguez @Cyb3rWard0g: Threat Hunter Playbook WMI ActiveScriptEventConsumers
- MDSec: I Like to Move It: Windows Lateral Movement Part 1 – WMI Event Subscription
- ztgrace: Mole is a framework for identifying and exploiting out-of-band application vulnerabilities.
Breaches, Government, and Law Enforcement
- ZDNet: European ISPs report mysterious wave of DDoS attacks
- Indian Gvernment: Government Blocks 118 Mobile Apps Which are Prejudicial to Sovereignty and Integrity of India, Defence of
- Cnet: Facebook takes down network of fake accounts tied to infamous Kremlin-linked troll farm
- DOJ: Russian National Indicted for Conspiracy to Introduce Malware into a Computer Network
- Bleeping Computer: SunCrypt Ransomware shuts down North Carolina school district
- radware: Global Ransom DDoS Campaign Targeting Finance, Travel and E-Commerce
Vulnerabilities and Exploits
- Kaspersky: Operation PowerFall: CVE-2020-0986 and variants
- threat post: Cisco Warns of Active Exploitation of Flaw in Carrier-Grade Routers
- McAfee: Vulnerability Discovery in Open Source Libraries: Analyzing CVE-2020-11863
- US-CERT: Vulnerability Summary for the Week of August 24, 2020 | CISA
- Project Zero: Project Zero: JITSploitation I: A JIT Bug
1 comment / Add your comment below