Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- CrowdStrike: Cyber Front Lines Report
- CISA: Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
- zScaler: The 2020 State of Cloud (In)Security
- Kaspersky: The story of the year: remote work
- Dragos: Digital Transformation Drives Investment in Operational Technology (OT) Cybersecurity
- Cisco Talos: Quarterly Report: Incident Response trends from Fall 2020
- Proofpoint: Understanding BEC Scams: Supplier Invoicing Fraud
- Adobe: Final Release Notes for Flash Player
- Mandiant:It’s not FINished: The Evolving Maturity in Ransomware Operations
Threat Research
- BlackBerry: MountLocker Ransomware-as-a-Service Offers Double Extortion Capabilities to Affiliates
- Microsoft: Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers
- eset: Operation StealthyTrident: corporate software under attack
- Palo Unit42: njRAT Spreading Through Active Pastebin Command and Control Tunnel
- Cybereason: Cybereason vs. Ryuk Ransomware
- SANS ISC: Recent Qakbot (Qbot) activity
- Intezer: Russian APT Uses COVID-19 Lures to Deliver Zebrocy
- Binary Defense: Qakbot Upgrades to Stealthier Persistence Method
- Group-IB: The footprints of Raccoon: a story about operators of JS-sniffer FakeSecurity distributing Raccoon stealer
- JP-CERT: Attack Activities by Quasar Family
- Trend Micro: Investigating the Gootkit Loader
Tools and Tips
- SpecterOps: Adventures in Dynamic Evasion
- Google: Announcing the Atheris Python Fuzzer
- Flashpoint: Flashpoint Launches “Pulse” to Track Critical Headlines for Cybersecurity and Intelligence Professionals
- red canary: The why, what, and how of threat research and detection
- Objective-See: Detecting SSH Activity via Process Monitoring
- Billy Ellis: ASLR & the iOS Kernel — How virtual address spaces are randomised
- Censys: Advanced Persistent Infrastructure Tracking
- ufrisk: The Memory Process File System (MemProcFS) is an easy and convenient way of viewing physical memory as files in a virtual file system.
- iheartmalware: BEC Response Guide— Tips for Responding to Business Email Compromise Incidents
Breaches, Government, and Law Enforcement
- EMA: Cyberattack on the European Medicines Agency
- ZDNet: The biggest hacks, data breaches of 2020
- FireEye: FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community
- Associated Press: Russian sentenced to French prison for bitcoin laundering
Vulnerabilities and Exploits
- MS-ISAC: Multiple Vulnerabilities in Various Opensource TCP/IP Stack Could Allow for Remote Code Execution
- Cisco: Cisco Jabber Desktop and Mobile Client Software Vulnerabilities
- Checkpoint: Game On – Finding vulnerabilities in Valve’s “Steam Sockets”
- SANS ISC: December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing
- CISA: Vulnerability Summary for the Week of November 30, 2020
- CIS: A Vulnerability in Apache Struts Could Allow for Remote Code Execution
- NetSPI: CVE-2020-17049: Kerberos Bronze Bit Attack – Overview
1 comment / Add your comment below