Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Netskope: Cloud and Threat Report: Shadow IT in the Cloud
- CIS: Top 10 Malware January 2021
- CrowdStrike: 2021 Global Threat Report: Analyzing a Year of Chaos and Courage
- Code42: 2021 Data Exposure Report (registration required)
- Blackberry: BlackBerry 2021 Threat Report (registration required)
- Minerva Labs: The Curious Case of FlashHelperService – Updated
- IBM: 2021 X-Force Threat Intelligence Index Reveals Peril From Linux Malware, Spoofed Brands and COVID-19 Targeting
- Recorded Future: The Business of Fraud: An Overview of How Cybercrime Gets Monetized
- Fortinet: FortiGuard Labs Threat Report: Disruption Key Threat Trend in 2020
- Dragos: 2020 ICS Cybersecurity Year in Review
- Check Point: Helping You Immunize Your Organization Against the Cyber Pandemic: Check Point Research’s 2021 Security Report
- Intezer: Year of the Gopher: A 2020 Go Malware Round-Up
- Digital Shadows: The Rise of Initial Access Brokers
- JPCERT: Emotet Disruption and Outreach to Affected Users
- PWC: Cyber Threats 2020: Report on the Global Threat Landscape
Threat Research
- Avar: Cloud as an Attack Vector
- CrowdStrike: New Ransomware Tactic: Adversaries Target ESXi Servers
- Check Point: The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day
- RiskIQ: Turkey Dog Continues to Target Turkish Speakers with RAT Trojans via COVID Lures
- Zscaler: MINEBRIDGE Remote-access Trojan
- Kaspersky: Lazarus targets defense industry with ThreatNeedle
- Malwarebytes: LazyScripter: From Empire to double RAT
- Talos: Gamaredon – When nation states don’t pay all the bills
- Proofpoint: TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations
- Bromium: Hancitor Infection Chain Analysis: An Examination of its Unpacking Routine and Execution Techniques
- McAfee: Babuk Ransomware
- PhishLabs: Surge in ZLoader Attacks Observed
- CISA: Exploitation of Accellion File Transfer Appliance
- CISA: MAR-10325064-1.v1 – Accellion FTA
- FireEye: Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion
- FireEye: So Unchill: Melting UNC2198 ICEDID to Ransomware Operations
- ANNSSI: Ryuk ransomware now self-spreads to other Windows LAN devices
- Trend Micro: An Analysis of the Nefilim Ransomware
Tools and Tips
- Microsoft: Microsoft open sources CodeQL queries used to hunt for Solorigate activity
- SANS ISC: Forensicating Azure VMs
- Inquest: Cracking Password Protected Payloads
- Open Source DFIR: What I wish someone had told me when I started learning about File System Forensics
- Volatility Labs: https://volatility-labs.blogspot.com/2021/01/malware-and-memory-forensics-training.html
- malware.re blog: Rapid MISP Deployment in AWS Serverless
- redheadOntherun: Detecting .NET/C# injection (Execute-Assembly)
- Cedric Owens: Swift-Attack Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods
- Cedric Owens: Infra Automation Primer (Red Team Edition)
- Marco Lancini: Security Logging in Cloud Environments
- Katie Nickels: A Cyber Threat Intelligence Self-Study Plan: Part 1
- pwndefend: CyberChef Taster
- svch0st: Windows User Access Logs (UAL) Windows Server Artefact
- Jan Geisbauer: Gundog provides you with guided hunting for Microsoft 365 Defender
- Nasreddine Beencherchali: Forensic Artifacts — Parsing Symantec EDR “localdatastore” LevelDB Files
- Cybersecurity Dive: How Target bridges communication gaps between threat intel analysis, detection teams
- James Coote: Dumping LSASS with SharpShere
- cybercdh: phishfeed – Gets a list ofPhishing URLS form a disparate sources and outputs to stdout
- PCsXcetra: Go_Steggo_Data_Extractor – Tool to extract data from pixels of a Go encoded picture file.
Breaches, Government, and Law Enforcement
- NPR: TikTok To Pay $92 Million To Settle Class-Action Suit Over ‘Theft’ Of Personal Data
- Bombardier: Bombardier Statement on Cybersecurity Breach
- Washington Post: Biden administration preparing to sanction Russia for SolarWinds hacks and the poisoning of an opposition leader
- Lawfare: Senate Intelligence Holds Hearing on the SolarWinds Breach
- NSDC: The NCCC at the NSDC of Ukraine warns of a cyberattack on the document management system of state bodies Council of Ukraine
- NSA: NSA Issues Guidance on Zero Trust Security Model
- Binary Defense: US Government Response to the Growing Threat of Ransomware
- US DOJ: Federal Charges Against Stanford University Researcher Expanded
Vulnerabilities and Exploits
- VMWare: VMware vCenter Server updates address remote code execution vulnerability in the vSphere Client (CVE-2021-21972)
- Fidelis: Critical RCE and SLP Protocol Vulnerabilities in VMWare
- CISA: Vulnerability Summary for the Week of February 15, 2021
- Rapid7: Unauthenticated Remote Code Control and Execution Vulns in Multiple Cisco Products
- Chi Tran: [ZDI-21-203] D-Link DAP-2020 webproc getpage Stack-based BOF RCE
1 comment / Add your comment below