Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- CIS: Center For Internet Security Funds No-Cost Service to Help Protect all US Private Hospitals Against Ransomware
- Netskope: Cloud Threats Memo: Surprising Findings from Q4 2020 Phishing Trends Report
- CrowdStrike: CrowdStrike Redefines True XDR With Humio Acquisition
- Palo: Palo Alto Networks Announces Intent to Acquire Bridgecrew
- LastPass: Changes to LastPass Free
- Chainalysis: 270 Service Deposit Addresses Drive 55% of Money Laundering in Cryptocurrency
- Kaspersky: Spam and phishing in 2020
- Malwarebytes: Extortion, precision malware, and ruthless scams. Read the State of Malware 2021 report
- Proofpoint: Q4 2020 Threat Report
- WMC Global: YEAR-END PHISHING REPORT – 2020
Threat Research
- Palo Unit42: WatchDog: Exposing a Cryptojacking Campaign That’s Operated for Two Years
- Fortinet: New Bazar Trojan Variant is Being Spread in Recent Phishing Campaign – Part II
- Checkpoint: ApoMacroSploit : Apocalyptical FUD race
- Cisco Talos: Masslogger campaigns exfiltrates user credentials
- Cybereason: Cybereason vs. NetWalker Ransomware
- SANS ISC: Malspam pushing Trickbot gtag rob13
- Red canary: Silver Sparrow macOS malware with M1 compatibility
- CISA: North Korean Malicious Cyber Activity: AppleJeus
- ObjectiveSee: Arm’d & Dangerous: malicious code, now native on apple silicon
- Palo Unit42: IronNetInjector: Turla’s New Malware Loading Tool
- Sophos: Conti ransomware: Evasive by nature
Tools and Tips
- RiskIQ: Threat Hunting in a Post-WHOIS World
- CrowdStrike: Don’t Get Schooled: Understanding the Threats to the Academic Industry
- PhishLabs: OSINT: Mapping Threat Actor Social Media Accounts
- Expel: Attack trend alert: REvil ransomware
- Intezer: ELF Malware Analysis 101: Part 3 – Advanced Analysis
- Deepinstinct: LSASS Memory Dumps are Stealthier than Ever Before Part 2
- Sentinel Labs: 20 Common Tools & Techniques Used by macOS Threat Actors & Malware
- 0xthreatintel: How to unpack SManager APT tool?
- Didier Stevens: Quickpost: oledump.py plugin_biff.py: Remove Sheet Protection From Spreadsheets
- XM Cyber: Introducing MacHound: A Solution to MacOS Active Directory-Based Attacks
- Nasreddine Bencherchali: Finding Forensic Goodness In Obscure Windows Event Logs
Breaches, Government, and Law Enforcement
- US DOJ: Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe
- ZDNet: Experian challenged over massive data leak in Brazil
- FTC: Romance scams take record dollars in 2020
- Flashpoint: Joker’s Stash Is Gone, What’s Next in Card Fraud Cybercrime
- Malwarebytes: Egregor ransomware hit by arrests – Malwarebytes Labs
- Symantec: Lazarus: Three North Koreans Charged for Financially Motivated Attacks
- Roll Call: Virginia set to become second state to pass data privacy law
- Cybereason: Global Law Firm Attributes Data Breach to Compromise at File Sharing Provider
- Bleeping Computer: US cities disclose data breaches after vendor’s ransomware attack
- CyberCrime & Doing Time: Mystery Shoppers Challenge Gift Card Warnings
Vulnerabilities and Exploits
- CISA: Vulnerability Summary for the Week of February 8, 2021
- CISA: Cisco Releases Security Updates for AnyConnect Secure Mobility Client
- FireEye: Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)
- Sentinel Labs: CVE-2021-24092: 12 Years in Hiding – A Privilege Escalation Vulnerability in Windows Defender
- Bitdefender: Cracking the LifeShield: Unauthorized Live-Streaming in your Home
- Trend Mirco: Gauging LoRaWAN Communication Security with LoraPWN
1 comment / Add your comment below