Summary
— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. It was a slow week, so I eschewed a top picks section here in the summary. Happy Reading!
Industry Reports, News, and Miscellany
- McAfee buys container security startup NanoSec
- Broadcom acquires Symantec’s enterprise business for $10.7 billion
- Introducing CrowdScore: A New Approach to Eliminate Alert Fatigue and Provide CxO-Level Real-Time Threat Metrics [VIDEO]
- Apple Upgrades Bug Bounty Program: Adds Macs, $1M Reward
- Labs quarterly report finds ransomware’s gone rampant against businesses
- This Week in Data #2019-3
- The Evolution Of Bitcoin In Terrorist Financing
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- APT41: A Dual Espionage and Cyber Crime Operation
- The Evolution of Aggah: From Roma225 to the RG Campaign
- Pardot CRM Attack
- TrickBot Adds ‘Cookie Grabber’ Information Stealing Module
- Saefko: A new multi-layered RAT
- The Curious Case of a Fileless TrickBot Infection
- New Ursnif Variant Spreading by Word Document
- LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks
- Latest Trickbot Campaign Delivered via Highly Obfuscated JS File
- SODINOKIBI: THE CROWN PRINCE OF RANSOMWARE
- Phishing Actor Using XOR Obfuscation Graduates to Enterprise Cloud Storage on AWS
- Oh Snap!: New Ostap Variant Observed in the Wild
- Ransomware in exotic email attachments
Tools and Tips
- Enter Mordor: Pre-recorded Security Events from Simulated Adversarial Techniques
- Finding Evil in Windows 10 Compressed Memory, Part Three: Automating Undocumented Structure Extraction
- Eight Certs in 18 Months, Lessons Learned
- Machinae: Security Intelligence Collector
- Practical Threat Hunting and Incidence Response : A Case of A Pony Malware Infection
- How to setup PasteHunter in a VirtualBox
- Detec UACME: Sysmon config for UAC Bypass
- Active Defense – Dynamically Locking AWS Credentials to Your Environment
Breaches, Government, and Law Enforcement
- One Misconfig (JIRA) to Leak Them All- Including NASA and Hundreds of Fortune 500 Companies!
- A Technical Analysis of the Capital One Hack
Vulnerabilities and Exploits
- Multiple Vulnerabilities in Cisco WebEx Network Recording Player and Cisco Webex Player Could Allow for Arbitrary Code Execution
- Assessing the BACnet Control System Vulnerability
- Reverse RDP Attack: The Hyper-V Connection
- Vulnerability Spotlight: Multiple vulnerabilities in NVIDIA Windows GPU Display Driver, VMware ESXi, Workstation and Fusion
- Low-level Reversing of BLUEKEEP vulnerability (CVE-2019-0708)