Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- The Beirut Port Explosion: Analysis of Potential Causes
- Global Threat Landscape Report – Fortinet
- DDoS attacks in Q2 2020
- Attribution: A Puzzle
- Response When Minutes Matter: RDP — Remote Desktop Pwnage, Part 1
- Response When Minutes Matter: RDP — Remote Desktop Pwnage, Part 2
- SANS Data Incident 2020 – Indicators of Compromise
- NSA and FBI Expose Russian Previously Undisclosed Malware Drovorub in Cybersecurity Advisory
- Code-Signing: How Malware Gets a Free Pass
- ScamNation: Monetizing the Pandemic Through Partisan Content Farms and Subscription Traps (email Registration Required)
Threat Research
- Smoker Backdoor: Evasion Techniques in Webshell Backdoors
- PurpleWave—A New Infostealer from Russia
- Mekotio: These aren’t the security updates you’re looking for…
- Internet Explorer and Windows zero-day exploits used in Operation PowerFall
- CactusPete APT group’s updated Bisonal backdoor
- XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
- EmoCrash: Exploiting A Vulnerability In Emotet Malware For Defense
- Office Drama on macOS: infecting macOS via macro-laden documents and 0days
- Case Study: Catching a Human-Operated Maze Ransomware Attack In Action
- Script-Based Malware: A New Attacker Trend on Internet Explorer
- Ursa Loader and the many rabbit holes
- How Malicious Tor Relays are Exploiting Users in 2020 (Part I)
Tools and Tips
- A Change of Mythic Proportions
- Defending MacOS Against Sophisticated Attacks (podcast)
- Barbervisor: Journey developing a snapshot fuzzer with Intel VT-x
- Forensic Disk Copies in Azure
- Ciphey: Fully automated decryption tool using natural language processing & artificial intelligence, along with some common sense.
- Guided Hunting Notebook: Base64-Encoded Linux Commands
- Toolmarks and Intrusion Intelligence
- 0xf0x – #6 Common Malware Persistence Techniques (video)
- Whoxyrm – A reverse whois tool based on Whoxy API
Breaches, Government, and Law Enforcement
- The skinny on the Instacart breach
- Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack
- Justice Department Acts To Shut Down Fraudulent Websites Exploiting The Covid-19 Pandemic
- Canon USA’s stolen files leaked by Maze ransomware gang
- U.S. spirits and wine giant hit by cyberattack, 1TB of data stolen
- Three Men Who Allegedly Used Existing Shell Companies and Prior Fraud Experience to Exploit Covid-19 Relief Programs Charged in South Florida Federal Court
Vulnerabilities and Exploits
- A Vulnerability in IBM WebSphere Application Server Could Allow for Remote Code Execution
- Exploiting vBulletin: “A Tale of a Patch Fail”
- Shellshock In-Depth: Why This Old Vulnerability Won’t Go Away
- Keeping the gate locked on your IoT devices: Vulnerabilities found on Amazon’s Alexa
- Old vulnerabilities die hard: researchers uncover 20-year-old code in Windows Print Spooler
- Microsoft August 2020 Patch Tuesday
- US-CERT Bulletin (SB20-223) – Vulnerability Summary for the Week of August 3, 2020
- PoC Exploit Targeting Apache Struts Surfaces on GitHub
1 comment / Add your comment below