Weekly News Roundup — Feb. 10 to Feb. 16

Summary

— Hello, and welcome to Security Soup’s first in a series of posts covering news highlights from the previous week. This list is not intended to be an exhaustive source, but simply a collection of items I found significant or interesting throughout my weekly research. Quick, bulleted summaries are provided with links for the reader to drill down into particular topics according to their own interests.

Vulnerabilities and Exploits

Highlights/Comments: Microsoft’s Patch Tuesday this week brought a notable fix for the PrivExchange Proof of Concept (POC) attack against Active Directory by researcher Dirk-jan Mollema, which had likely caused more than a few sleepless nights for sysadmins and blue teams alike.

Threats in the Wild – Malware, Phishing, and other campaigns

Highlights/Comments: This week brought several items related to TrickBot and its continued development with the addition of new capabilities. Researchers note that it continues to be delivered as a follow-up payload in Emotet Infections, and CrowdStrike also takes a look at its relationship to IcedID (aka BokBot). In other news, legit infrastructure such as cloud storage and online repos continue to be popular for staging payloads.

Breaches, Government, and Law Enforcement

Industry News and Reports

Highlights/Comments: Many vendors are releasing their end of year reports. Proofpoint’s quarterly reports are required reading in my opinion and offer fantastic insight into the email threat landscape. Dragos’ work here is also excellent and despite their focus on ICS, their analysis and methodology is frequently applicable beyond critical infrastructure.

Tools and Tips

Highlights/Comments: Eric Zimmerman releases another cool tool for forensicators. It would be hard to overstate his amazing contributions to the field.

Leave a Reply

Your email address will not be published. Required fields are marked *