Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- National Cybersecurity Alliance: Data Privacy Week – Stay Safe Online
- CrowdStrike: Past Cyber Operations Against Ukraine and What May Be Next
- RiskIQ: RiskIQ Threat Intelligence Roundup: C2 and Nation-State Threat Infrastructure
- Recorded Future: Threats to the 2022 Winter Olympics
- Recorded Future: Gemini Annual Report 2021: Magecart Thrives in the Payment Card Fraud Landscape
- Check Point: 2022 Security Report: Software Vendors saw 146% Increase in Cyber Attacks in 2021, marking Largest Year-on-Year Growth
- HP: HP Wolf Security Threat Insights Report Q4 2021
- Red Canary: Intelligence Insights: January 2022
- Expel: Great eXpeltations 2022: Cybersecurity trends and predictions
- InfosecSherpa: InfoSecSherpa’s News Roundup for Friday, January 28, 2022
Threat Research
- Netskope: Infected PowerPoint Files Using Cloud Services to Deliver Multiple Malware
- CrowdStrike: StellarParticle Campaign: Novel Tactics and Techniques
- Proofpoint: DTPacker – a .NET Packer with a Curious Password
- PAN Unit42: Threat Assessment: BlackCat Ransomware
- IBM: TrickBot Bolsters Layered Defenses to Prevent Injection Research
- Recorded Future: WhisperGate Malware Corrupts Computers in Ukraine
- ESET: Watering hole deploys new macOS malware, DazzleSpy, in Asia
- Malwarebytes: North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign
- Blackberry: Log4U, Shell4Me
- Inquest: 2022-01 AsyncRAT
- SecureWorks: Ransoms Demanded for Hijacked Instagram Accounts
- Objective-See: Analyzing OSX.DazzleSpy: A fully-featured cyber-espionage macOS implant
- SentinelOne: Hacktivism and State-Sponsored Knock-Offs | Attributing Deceptive Hack-and-Leak Operations
- Morphisec: Log4j Exploit Targets Vulnerable Unifi Network Application (Ubiquiti) at Risk
- VMware: BlackSun Ransomware – The Dark Side of PowerShell
- Trend Micro: Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant
- Bitdefender: New FluBot and Teabot Global Malware Campaigns Discovered
- Team Cymru: Analysis of a Management IP Address linked to Molerats APT
- Trellix: Prime Minister’s Office Compromised: Details of Recent Espionage Campaign
- Cynet: Threats Looming Over the Horizon
Tools and Tips
- The DFIR Report: Cobalt Strike, a Defender’s Guide – Part 2
- SpecterOps: 3 Foundational Pillars for Attack Path Management: Pillar 2 — Empirical Impact Assessment
- Flashpoint: Understanding Security Risks at the 2022 Beijing Winter Olympics: A Practical Guide
- CISA (PDF): CISA Publishes Infographic on Layering Network Security Through Segmentation
- Digital Shadows: Vulnerability Intelligence: A Best Practice Guide
- Trustwave: Trustwave Threat Hunting Guide: Identifying PwnKit (CVE-2021-4034) Exploitation
- Group iB: Shedding light on the dark web: Cybersecurity analyst’s guide on how to use machine learning to show cybercriminals’ true colors
- Atomic Matryoshka: Malware Headliners: LokiBot
- DFIRScience: Intro to Windows Registry Artifact Analysis – TryHackMe Walkthrough
- DMFR Security: 100 Days of YARA – Day 39: SilentMoon
- Forensic IT Guy: GuLoader Executing Shellcode Using Callback Functions
- hackjalstead: IRCP: A series of PowerShell scripts to automate collection of forensic artefacts in most Incident Response environments
- nasbench: C2-Matrix-Indicators: collect and document indicators from the different C2’s
- Stairwell: Hunting with weak signals: How to find malware with mutated strings and YARA rules
- NCSC: Introducing Scanning Made Easy
- Cyb3r-Monk: RITA (Real Intelligence Threat Analytics) in Jupyter Notebook
Breaches, Government, and Law Enforcement
- Infosecurity Magazine: North Korea Loses Internet in Suspected Cyber-Attack
- Krebs: Who Wrote the ALPHV/BlackCat Ransomware Strain?
- FBI (PDF): Context and Recommendations to Protect Against Malicious Activity by Iranian Cyber Group Emennet Pasargad
- Data Breach Today: FCC Votes to Ban China Unicom From Operating in US
- The Record: Biden administration launches initiative to protect US water systems from cyberattacks
- Lawfare: White House Releases Memo on Cybersecurity at Federal Agencies – Lawfare
- Curated Intelligence: Hacktivist group shares details related to Belarusian Railways hack
- US DOS: Report: RT and Sputnik’s Role in Russia’s Disinformation and Propaganda Ecosystem
Vulnerabilities and Exploits
- QNAP: Take Immediate Actions to Stop Your NAS from Exposing to the Internet, and Update QTS to the latest available version
- ThreatPost: Linux Servers at Risk of RCE Due to Critical CWP Bugs
- CISA: Vulnerability Summary for the Week of January 17, 2022
- CISA: CISA Adds Eight Known Exploited Vulnerabilities to Catalog
- The Record: Zerodium looks to buy zero-days in Outlook and Thunderbird email clients