Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Kaspersky: Kaspersky Security Bulletin 2021. Statistics
- Symantec: Log4j Vulnerabilities: Attack Insights
- Red Canary: Intelligence Insights: December 2021
- Expel: Top Attack Vectors: November 2021
- F5 Labs: Holiday Phishing Trends For 2021
- CISA: Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
- JP-CERT: Observation of Attacks Targeting Apache Log4j2 RCE Vulnerability (CVE-2021-44228)
- PAN Unit42: Network Security Trends: August-October 2021: Network Attacks Observed
- Curated Intelligence: Nightmare Before Christmas – Curated Intel’s Response To Log4Shell
- Team Cymru: The Biggest Cyber Security Developments in 2021
- SteveD3: Phishing 2021 – A Year in Review
Threat Research
- Malwarebytes: Dridex affiliate dresses up as Scrooge
- Inquest: (Don’t) Bring Dridex Home for the Holidays
- Trustwave: COVID-19 Phishing Lure to Steal and Mine Cryptocurrency
- SentinelLabs: New Rook Ransomware Feeds Off the Code of Babuk
- BushidoToken: Open Redirect in Oracle BlueKai
- Trend Micro: Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager
- Michael Koczwara: Attack Analysis — Cobalt Strike C2 & Hancitor/Malware
- AdvIntel: Ransomware Advisory: Log4Shell Exploitation for Initial Access & Lateral Movement
- Threatray: Establishing the TigerRAT and TigerDownloader malware families
- Elastic: BLISTER malware campaign discovered
Tools and Tips
- SpecterOps: Ghostwriter: Looking Back at 2021
- CrowdStrike: CrowdStrike Launches Free Targeted Log4j Search Tool
- CISA: log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.
- Recorded Future: 5 Common Ransomware ATT&CK Techniques
- SANS ISC: December 2021 Forensic Contest: Answers and Analysis
- Group-IB: How MITRE ATT&CK helps users of Threat Intelligence & Attribution
- Nasreddine Benherchali: Should You Trust Your Admin Tools?
- Atomic Matryoshika: “CRACKING OPEN THE MALWARE PIÑATA” SERIES: ANALYSIS ENVIRONMENT SETUP
- FalconForce: FalconFriday —Monitoring for public shares — 0xFF1A
- TrustedSec: Log4j Detection and Response Playbook
- Righteous IT: Hudak’s Honeypot (Part 1)
- DMFR Security: 100 Days of YARA – Day 5: Shell Scripts Two Ways!
- Hexacorn: Mapping Chrome extension IDs to their names
- McAfee: Log4J and The Memory That Knew Too Much
Breaches, Government, and Law Enforcement
- Flashpoint: China’s Influence Across APAC: 2021 Analysis and Timeline
- Recorded Future: China’s Narrative War on Democracy
- US DOJ: United States Files Civil Action to Return $150 Million in Embezzled Funds to Sony; FBI Tracks Money to Bitcoin
- US DOJ: Russian National Extradited for Role in Hacking and Illegal Trading Scheme
- The Record: The NCA shares 585 million passwords with Have I Been Pwned
- Data Breach Today: Former Uber CSO Faces New Charge for Alleged Breach Cover-Up
- Data Breach Today: Cyber Activity Surges as Russia Masses on Ukraine’s Border
- Christophe Tafani-Dereeper: Cloud Security Breaches and Vulnerabilities: 2021 in Review