Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- CISA: Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
- Zscaler: ThreatLabz Security Advisory: Cyberattacks Stemming from the Russia-Ukraine Conflict
- NVISO Labs: Threat Update – Ukraine & Russia conflict
- IBM: Ransomware Resilience Tops Findings in X-Force Threat Intelligence Index 2022
- Fidelis: January 2022 Threat Intelligence Summary
- Fortinet: FortiGuard Labs Reports Ransomware Relentless and More Destructive
- Kaspersky: Kaspersky financial threat report 2021
- Dragos: Dragos 2021 Industrial Cybersecurity Year In Review Summary
- PhishLabs: Vishing Volume Increases 554% in 2021
- SentinelOne: Sanctions Be Damned | From Dridex to Macaw, The Evolution of Evil Corp
Threat Research
- CISA: Destructive Malware Targeting Organizations in Ukraine
- Symantec: Ukraine: Disk-wiping Attacks Precede Russian Invasion
- IBM: IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine
- Zscaler: HermeticWiper & resurgence of targeted attacks on Ukraine
- Zscaler: Technical Analysis of PartyTicket Ransomware
- Fortinet: Nobelium Returns to the Political World Stage
- Cisco Talos: Threat Advisory: HermeticWiper
- SecureWorks: Disruptive HermeticWiper Attacks Targeting Ukrainian Organizations
- SentinelOne: HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine
- NSFOCUS: APT Lorec53 group launched a series of cyber attacks against Ukraine
- CrowdStrike: Access Brokers: Their Targets and Their Worth | CrowdStrike
- CISA: New Sandworm Malware Cyclops Blink Replaces VPNFilter
- CISA: Malware Analysis Report (AR22-055A) MAR–10369127–1.v1 – MuddyWater
- The DFIR Report: Qbot and Zerologon Lead To Full Domain Compromise
- Cynet: New Wave of Emotet – When Project X Turns Into Y
- Netskope: Microsoft Office: VBA Blocked By Default in Files From the Internet
- IBM: Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail
- Fortinet: The Hunt for the Lost Soul: Unraveling the Evolution of the SoulSearcher Malware
- ThreatFabric: Xenomorph: A newly hatched Banking Trojan
- Check Point: New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft’s Official Store
- Xavier Mertens: Europol & Interpol Phishing Ahead?
- InQuest: Dangerously thinBasic
- Mandiant: (Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware
- Mandiant: Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity
- VMware: AvosLocker – Modern Linux Ransomware Threats
- PAN Unit42: OutSteel, SaintBot Delivered by Spear Phishing Attacks Targeting Ukraine
- PAN Unit42: SockDetour Backdoor Targets US Defense Contractors
- Trend Micro: SMS PVA Part 1: Underground Service for Cybercriminals
- Trend Micro: Latest Mac Coinminer Utilizes Open-Source Binaries and the I2P Network
- Intel471: Something strange is going on with Trickbot
- Sekoia: The story of a ransomware builder: from Thanos to Spook and beyond (Part 1)
- Bvp47 (PDF): Bvp47 – Top-tier Backdoor of US NSA Equation Group
Tools and Tips
- Flashpoint: Guide to Cyber Threat Intelligence: Elements of an Effective Threat Intel and Cyber Risk Remediation Program
- Fortinet: Ukraine Crisis Cyber-Readiness Checklist
- Cisco Talos: Current executive guidance for ongoing cyberattacks in Ukraine
- SANS ISC: Using Snort IDS Rules with NetWitness PacketDecoder
- SANS ISC: Video: Quick & Dirty Shellcode Analysis – CVE-2017-11882
- Digital Shadows: Russian Cyber Threats: Practical Advice For Security Leaders
- Binary Defense: Take Stock Of Cyber Risk In Light Of Russian Cyber Activity
- Trustwave: Trustwave’s Action Response: Russia/Ukraine Crisis – Defending Your Organization From Geopolitical Cybersecurity Threats
- PAN Unit42: Russia-Ukraine Crisis: How to Protect Against the Cyber Impact (Updated Feb. 24 to Include New Information on DDoS, HermeticWiper and Defacement)
- SANS: Ukraine-Russia Conflict – Cyber Resource Center
- SANS: Easy As (Pizza) Pie: Five Factors for Successful CFP Submissions
- JP-CERT: FAQ: Malware that Targets Mobile Devices and How to Protect Them
- eSentire: How to Measure the Success of Your Phishing and Security Awareness Training (PSAT) Program
- Mehmet Ergene: Detecting Kerberos Relaying
- Atomic Matryoshka: Ousaban MSI Installer Analysis
- DFIRScience: Introduction to Memory Forensics with Volatility 3
- Shodan: nrich · A command-line tool to quickly analyze all IPs in a file and see which ones have open ports/ vulnerabilities
- Finding Bad: Hunting for Fakes
- David Okeyode: Understanding and Protecting local authentication for Azure services — Part 2 (Cosmos DB)
- Thomas Roccia: My Top Books to Learn Malware Analysis and Reverse Engineering
- NCCGroup: exploit_mitigations: Knowledge base of exploit mitigations available across numerous operating systems, architectures and applications and versions.
- Hackfreaksofficial: Cobalt Strike. Beginner’s Guide
- Lares: The Lowdown on Lateral Movement
- Uzair Afzal: Practical Malware Analysis – LAB01
Breaches, Government, and Law Enforcement
- Flashpoint: How Donbas-based militias are using social media and chat
- The Texas Tribune: Texas Attorney General Ken Paxton sues Facebook’s parent company over use of facial recognition tech
- Krebs: Russia Sanctions May Spark Escalating Cyber Conflict
- Digital Shadows: Cybercriminals React To Ukraine-Russia Conflict
- The Record: EU: SWIFT financial system to cut off access to some Russian banks
- Lawfare: Cybersecurity Tools Lie Unused in Federal Agencies’ Toolboxes
- Data Breach Today: Chip Maker Nvidia Investigating Potential Cyberattack