Summary
— Hello, and welcome to Security Soup’s continuing news coverage of highlights from the previous week. This list is not intended to be an exhaustive source, but simply a collection of items I found interesting throughout my weekly research. The summaries are provided with links for the reader to drill down into particular topics according to their own interests.
Industry News and Reports
- Coinhive to shut down on March 8th
- Microsoft Announces: Azure Sentinel — a cloud-based SIEM
- Alienvault rebrands as AT&T Cybersecurity
- IBM X-Force 2019 Threat Intelligence Index (email registration required)
- How crimeware variants traverse networks
- Bad actors target “people first, not infrastructure”
- After widespread DNS hijacking, ICANN Pushes wider adoption of DNSSEC
- A look at how Geopolitics can influence cyber operations
- Offensive operations against industrial control systems
Tools and Tips
- Resources for deep web Research
- Installing MISP-dockerized
- Over 100 different #threathunting tips shared by @SBousseaden
- The NSA’s upcoming release at RSA of the Ghidra tool for malware analysis
- How to Identify Cobalt Strike team servers
- FireEye’s FLARE script series: ironstrings
- A list of CyberChef Recipes
- The RDP through SSH Encyclopedia
Vulnerabilities and Exploits
- Thunderclap – a new set of vulnerabilities affecting peripherals using the Thunderbolt interface
- Cisco Fixes a few flaws in VPN/Firewall Routers
- SplunkWhisperer2 – Hijacking Splunk Universal forwarders
- “No Place Like Chrome” – Leveraging Chrome extensions to deliver payloads to MacOS
- First evidence of exploitation for WinRAR ACE vulnerability via malspam
- OpenSSL Releases Security Update
- Latest Drupal vulnerabilities exploited for RCE and cryptomining
Breaches, Government, and Law Enforcement
- Year End QuickView Report highlights vulnerabilities (email registration required for access)
- Apex Payroll software company pays ransom to restore data.
- Credential Stuffing Attack on TurboTax exposes user tax returns
- Congress exploring new legislation for a national data privacy standard
- Former cybersecurity chief of Russian DSA sentenced for treason
- U.S. Cyber Command’s offensive operation against Russian election meddling
Threats in the Wild – Malware, Phishing, and other campaigns
- A new variant of Qbot banker is spreading
- GoBrut: A new botnet written in Golang
- A look at DNS data from sinkholes and DGAs for the Necurs botnet infrastructure
- Analysis of network detections for the LokiBot crimeware
- A threat group’s tactics for compromising social media profiles
- Researchers vote on Top 10 innovative web hacking techniques of 2018
- Sextortion scams making it easier to pay with an embedded QR Code
- “Cyax” – the reemergence of a PowerShell-based loader
- Magecart Group’s continued e-crime operations
- Secureworks covers some TTPs of APT 27
- E-commerce sites attacked with Golang brute forcer
- Honeypot shows increased attacks on Elasticsearch Clusters