Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Recorded Future: Follow the Money: Qualifying Opportunism Behind Cyberattacks During the COVID-19 Pandemic
- SANS: Things Community Said About Chris Krebs CTI Keynote
- Blackberry: The Tradecraft of Fake Sites and Online Personas
- ThreatPost: Microsoft Edge, Google Chrome Roll Out Password Protection Tools
Threat Research
- zscaler: Malware Analysis of the DreamBus Botnet
- eset: Vadokrist: A wolf in sheep’s clothing
- Symantec: Raindrop: New Malware Discovered in SolarWinds Investigation
- SANS ISC: Qakbot activity resumes after holiday break
- Sentinel Labs: Greyware’s Anatomy: The “Potentially Unwanted” are Upping Their Game
- JP-CERT: Commonly Known Tools Used by Lazarus
- The DFIR Report: All That for a Coinminer?
- AT&T (Alien Labs): A Global Perspective of the SideWinder APT
- Trend Micro: Malicious Shell Script Steals AWS, Docker Credentials
- Walmart: Anchor and Lazarus together again?
- Infosec Institute: RegretLocker ransomware: What it is, how it works and how to prevent it
- Microsoft: Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
Tools and Tips
- FireEye: Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
- SANS ISC: CyberChef: Analyzing OOXML Files for URLs
- Bromium: Dridex Malicious Document Analysis: Automating the Extraction of Payload URLs
- red canary: Playing with Process Memory Integrity on Linux environments
- PhishLabs: Using Social Media OSINT to Determine Actor Locations
- expel: Plotting booby traps like in Home Alone: Our approach to detection writing
- Cyber Triage: How to Get Your Data & Services Back Online: Ransomware Recovery 2021
- Palo Unit42: Wireshark Tutorial: Examining Emotet Infection Traffic
- tccontre: ICEID PNG PAYLOAD SHELLCODE EXTRACTOR
- Didier Stevens: Video: Maldoc Analysis With CyberChef
- TrustedSec: RisingSun: Decoding SUNBURST C2 to Identify Infected Hosts Without Network Telemetry
- Nasreddine Bencherchali: on Tools & Techniques Used By Threat Actors and Malware — Part I
- Snort: Snort 3 officially released
Breaches, Government, and Law Enforcement
- ZDNet: SonicWall says it was hacked using zero-days in its own products
- Malwarbytes: Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach
- NPR: Woman Who May Have Stolen Laptop From Pelosi’s Office Is Arrested
- Cybereason: Last Hurrah: Executive Order to Protect IaaS Platforms from Malicious Actors
Vulnerabilities and Exploits
- CIS: Multiple Vulnerabilities in Cisco Products Could Lead to Arbitrary Code Execution
- JSOF: DNSPOOQ – 7 new vulnerabilities are being disclosed in common DNS software dnsmasq
- Oracle: Oracle Critical Patch Update Advisory – January 2021
- Checkpoint: FreakOut – Leveraging Newest Vulnerabilities for creating a Botnet
- CrowdStrike: Security Advisory: MSRPC Printer Spooler Relay (CVE-2021-1678)
- CISA: Vulnerability Summary for the Week of January 11, 2021
1 comment / Add your comment below