Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- ESET: ESET Threat Report Q4 2020
- CIS: Top 4 COVID-19 Scams to Watch Out For
- Recorded Future: Q4 Malware Trends: Year Punctuated by Ransomware and Data Breaches Concludes With Sophisticated SolarWinds Attack
- Google: New research reveals who’s targeted by email attacks
- PhishLabs: Emotet Dismantled, Trickbot, ZLoader, and BazarLoader Step In
- F5: 2021 Credential Stuffing Report
- Any Run: Rise and fall of Emotet
Threat Research
- Agari: Cosmic Lynx Returns in 2021 with Updated Tricks
- Microsoft: Web shell attacks continue to rise
- Lookout: Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict
- Zscaler: Discord CDN: A Popular Choice for Hosting Malicious Payloads
- Fortinet: New Bazar Trojan Variant is Being Spread in Recent Phishing Campaign
- Check Point: Domestic Kitten – An Inside Look at the Iranian Surveillance Operations
- Check Point: After Lightning Comes Thunder
- Cisco Talos: Kasablanka Group’s LodaRAT improves espionage capabilities on Android and Windows
- CrowdStrike: Press #1 to Play: A Look Into eCrime Menu-style Toolkits
- CrowdStrike: Blocking SolarMarker Backdoor
- Proofpoint: A Baza Valentine’s Day
- CISA: MAR-10320115-1.v1 – TEARDROP
- CISA: MAR-10318845-1.v1 – SUNBURST
- Trustwave: The Many Roads Leading To Agent Tesla
- Morphisec: Egregor Ransomware Adopting New Techniques
- Palo Unit42: BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech
- Ali Aqeel: Dridex Malware Analysis
- Grnet CERT: Reverse engineering Emotet – Our approach to protect GRNET against the trojan
- AON: Cloudy with a Chance of Persistent Email Access
Tools and Tips
- Cisco Talos (podcast): The tl;dr of Snort 3
- CrowdStrike: 4 Steps to Ensure a Secure Container Deployment
- Red canary: Catch me if you code: how to detect process masquerading
- Expel: Behind the scenes: Building Azure integrations for ASC alerts
- BushidoToken: Using a Discord server as a Personal CTI Dashboard
- Security Onion: Elastic License Changes and Security Onion
- The Lonely Administrator: Searching Active Directory Logs with PowerShell
- CyCAT: Whitepaper – CyCAT.org – The Cybersecurity Resource Catalogue
- Andrew Hay: Jupyter Notebook for crt.sh Queries
- 0xf0x (video): #12 How to Install Ghidra on Windows
- Winternl: Detecting Manual Syscalls from User Mode
- Strategic Cyber LLC: Learn Pipe Fitting for all of your Offense Projects
- Rapid7: Talkin’ SMAC: Alert Labeling and Why It Matters
Breaches, Government, and Law Enforcement
- CISA: Compromise of US Water Treatment Facility
- Binary Defense: Attack on a water treatment plant highlights vulnerabilities in infrastructure
- Dragos: Recommendations Following the Oldsmar Water Treatment Facility Cyber Attack
- Bleeping Computer: CD Projekt’s stolen source code allegedly sold by ransomware gang
- Krebs: Arrest, Raids Tied to ‘U-Admin’ Phishing Kit
- Associated Press: UN experts: North Korea using cyber attacks to update nukes
- Cybereason: Extortionists Publish Data Stolen from Two Healthcare Service Providers
- CIS: Managing Cybersecurity Supply Chain Risks in Election Technology
- ZDNet: Proofpoint sues Facebook to get permission to use lookalike domains for phishing tests
- CyberCrime & Doing Time: Phone Company Insiders Helped Global Sim-Swapping Gang Steal Millions in Cryptocurrency
- Cyberscoop: FBI leaned on Dutch cops’ hacking in Emotet disruption
Vulnerabilities and Exploits
- Forescout: NUMBER:JACK – Forescout Research Labs Finds Nine ISN Generation Vulnerabilities Affecting TCP/IP Stacks
- SANS ISC: Microsoft February 2021 Patch Tuesday
- McAfee: Researchers Follow the Breadcrumbs: The Latest Vulnerabilities in Windows’ Network Stack
- CISA: Vulnerability Summary for the Week of February 1, 2021
- Sentinel Labs: CVE-2021-24092: 12 Years in Hiding – A Privilege Escalation Vulnerability in Windows Defender
- Alex Birsan: Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies