Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- CIS: From Russia…With Love? Part 2 of 2
- Google: A walk through Project Zero metrics
- Chainalysis: Crypto Crime Trends for 2022: Illicit Transaction Activity Reaches All-Time High in Value, All-Time Low in Share of All Cryptocurrency Activity
- Chainalysis: Chainalysis In Action: How FBI Investigators Seized Funds from DarkSide Following the Colonial Pipeline Ransomware Attack
- ESET: ESET Threat Report T3 2021
- Kaspersky: Kaspersky Q4 2021 DDoS attack report
- Kaspersky: Kaspersky spam and phishing report for 2021
- Dragos: Dragos ICS/OT Ransomware Analysis: Q4 2021
- CISA: 2021 Trends Show Increased Globalized Threat of Ransomware
- VMware: 2022 VMware Threat Report – Exposing Malware in Linux-based Multi-Cloud Environments
- InfoSecSherpa: News Roundup for Saturday, February 12, 2022
- Bank Security: 2021 Dark Web Financial Cyber Threats
- Coveware: Law enforcement pressure forces ransomware groups to refine tactics in Q4 2021
- Microsoft: Helping users stay safe: Blocking internet macros by default in Office
Threat Research
- Proofpoint: Ugg Boots 4 Sale: A Tale of Palestinian-Aligned Espionage
- RiskIQ: RiskIQ Threat Intelligence Roundup: QBot, Magecart, Agent Tesla Headline Hijacked Infrastructure
- The DFIR Report: Qbot Likes to Move It, Move It
- Flashpoint: When Every Day Is Valentine’s Day: How Threat Actors Prey on Lonely Hearts
- Kaspersky: Roaming Mantis reaches Europe
- Cisco Talos: What’s with the shared VBA code between Transparent Tribe and other threat actors?
- Cybereason: All Paths Lead to Cobalt Strike – IcedID, Emotet and QBot
- Cybereason: Cybereason vs. Lorenz Ransomware
- Blackberry: Threat Thursday: BHunt Scavenger Harvests Victims’ Crypto Wallets
- Inquest: +380-GlowSpark
- SentinelOne: ModifiedElephant APT and a Decade of Fabricating Evidence
- BushidoToken: CTI Project: Android Banking Trojan Nexus
- Intel471: PrivateLoader: The first step in many malware schemes
- Muhammad hasan Ali: Full Hancitor malware analysis
Tools and Tips
- CIS (Podcast): Episode 24: How Do I Start a Career in Cybersecurity?
- Emsisoft: Emsisoft Decryptor for Maze / Sekhmet / Egregor
- BleepingComputer: Microsoft starts killing off WMIC in Windows, will thwart attacks
- CyberArk: Analyzing Malware with Hooks, Stomps and Return-addresses
- NVISO Labs: 4 Trends for Cloud Security in 2022
- Atomic Matryoshka: Basic PDF Analysis – Formbook Malware
- Falcon Force: Detecting realistic AWS cloud-attacks using Azure Sentinel — 0xFF1C
- DMFR Security: 100 Days of YARA – Day 53: AutoIt 3
- Forensic IT Guy: XLoader/Formbook Distributed by Encrypted VelvetSweatshop Spreadsheets
- Forensic IT Guy: AgentTesla From RTF Exploitation to .NET Tradecraft
- tuftsdev: DefenseAgainstTheDarkArts/Lab: Packet Sleuth
- jeFF0Falltrades (video): Baby’s First Malware Config Parser: Tutorial w/ dnSpy+CyberChef+Python
- DuMp-GuY TrIcKsTeR (video): IDAPro Reversing Delphi MBR Wiper and Infected Bootstrap Code
- Paul Melson: pyhexdmp Python hex dump module
- suvaditya: Reversing Golang
- ThinkDFIR: Tracking screenshots with LNK files
- Elastic: Exploring Windows UAC Bypasses: Techniques and Detection Strategies
- Google: Achieving Autonomic Security Operations: Automation as a Force Multiplier
- devnullz: Quick and Dirty script for defenders to prepare @anyrun_app sandbox and grab logs for additional analysis
- jfrog: jfrog-npm-tools A collection of tools to help audit your NPM dependencies for suspicious packages
- Microsoft: Get WinDbg Preview – Microsoft Store
- AbdulRhmanAlfaifi: fennec is an artifact collection tool written in Rust to be used during incident response on *nix based systems
Breaches, Government, and Law Enforcement
- US FTC: Reports of romance scams hit record highs in 2021
- US DOJ: Two Arrested for Alleged Conspiracy to Launder $4.5 Billion in Stolen Cryptocurrency
- Krebs: Russian Govt. Continues Carding Shop Crackdown
- The Record: FBI: $68 million lost to SIM swapping attacks in 2021
Vulnerabilities and Exploits
- CISA: CISA Adds 15 Known Exploited Vulnerabilities to Catalog
- Recorded Future: 2021 Vulnerability Landscape
- SANS ISC: Microsoft February 2022 Patch Tuesday
- SANS ISC: iOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched
- CISA: Vulnerability Summary for the Week of January 31, 2022
- Digital Shadows: CVEs You Might Have Missed While Log4j Stole the Headlines