Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Netskope: Threat Labs Report – January 2021
- Agari: BIMI: What It Is & Why It Matters to Email Security
- Bleeping Computer: Fonix ransomware shuts down and releases master decryption key
- zscaler: Did COVID Cancel Christmas for Cybercriminals?
- Flashpoint: Ransomware Retrospective: 1,100 Successful Attacks in 2020
- SANS: A Visual Summary of SANS Cyber Threat Intelligence Summit
- red canary: Hindsight is 2020: gearing up for the Threat Detection Report
- digital shadows: Ransomware 2020 Round-Up
- Google: New campaign targeting security researchers
- Microsoft: ZINC attacks against security researchers
- NSA: Cybersecurity 2020 Year in Review
- TechRepublic: How to show an ROI on cybersecurity spends
Threat Research
- Proofpoint: New Year, New Version of DanaBot
- Menlos Security: Trickbot—New Year | Old Lure
- ClearSky: ‘Lebanese Cedar’ APT
- RiskIQ: LogoKit: Simple, Effective, and Deceptive
- Sophos: Nefilim Ransomware Attack Uses “Ghost” Credentials
- IBM: TrickBot’s Survival Instinct Prevails: What’s Different About the TrickBoot Version?
- Recorded Future: Keyloggers and Stealers Help Harvest Lifeblood Data of Criminal Activities
- Check Point: Deep into the SunBurst Attack
- Cybereason: Cybereason vs. RansomEXX Ransomware
- CISA: MAR-10319053-1.v1 – Supernova
- FireEye: Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication
- JP-CERT: Operation Dream Job by Lazarus
- Palo Unit42: Pro-Ocean: Rocke Group’s New Cryptojacking Malware
- Trend Micro: Chopper ASPX web shell used in targeted attack
- 0xthreatintel: Internals of SunBurst Malware
- VX-HIVE: Deep Dive Into SectopRat
Tools and Tips
- SANS ISC: PacketSifter as Network Parsing and Telemetry Tool
- SANS ISC: TriOp – tool for gathering (not just) security-related data from Shodan.io
- Intezer: Fix Your Misconfigured Docker API Ports
- Inquest: Carving Images for Leisure and Gain
- Group-IB: The source of everything: digital forensic examination of incidents involving source code leaks
- WWHF: SOC Core Skills w/ John Strand (16 Hours – Pay What You Can)
- MalwareAnalysisForHedgehogs (video): Malware Analysis – Fileless Gozi/Ursnif static analysis and unpacking
- Thomas Roccia: [Reverse Engineering Tips] — Binary Diffing
- 0xC0DECAFE.com: The malware analyst’s guide to PE timestamps
- casey.is Blog: Getting Started in Infosec
- NCC Group Research: RIFT: Analysing a Lazarus Shellcode Execution Method
- Malware and Stuff: Catching Debuggers with Section Hashing
- shell.systems: Introducing APT-Hunter : Threat Hunting Tool via Windows Event Log
- 0xf0x (video): #11 Analysing Obfuscated Functions Using x64dbg
- Ajin Abraham: Detecting zero days in software supply chain with static and dynamic analysis
- David Ledbetter: String Encoding and YARA… Oh My
- Bank Security: Cyber Intelligence: HUMINT Operations
- OALabs (video): IDA Pro Decompiler Basics Microcode and x86 Calling Conventions
- Varonis: 11 Best Malware Analysis Tools and Their Features
- TrustedSec: Tailoring Cobalt Strike on Target
- Revx0r: RE Craft
Breaches, Government, and Law Enforcement
- Europol: World’s most dangerous malware EMOTET disrupted through global action
- ZDNet: Electronic health records provider Athena to pay $18m settlement in kickback lawsuit
- Stack Overflow: A deeper dive into our May 2019 security incident
- US DOJ: Department of Justice Launches Global Action Against NetWalker Ransomware
- Krebs: Arrest, Seizures Tied to Netwalker Ransomware
- Malwarebytes: Cleaning up after Emotet: the law enforcement file
- threatpost: Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball
- Mimecast: Important Security Update
- FTC: Scam “US Trading Commission” website is not the FTC
- Bleeping Computer: Perl.com domain stolen, now using IP address tied to malware
Vulnerabilities and Exploits
- CIS: Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
- Armis: NAT Slipstreaming v2.0: New Attack Variant Can Expose All Internal Network Devices to The Internet
- CrowdStrike: Pwn2Own: A Tale of a Bug Found and Lost Again
- CISA: Vulnerability Summary for the Week of January 18, 2021
- Qualys: CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) | Qualys Security Blog
- SonicWall: Urgent Security Notice: Probable SMA 100 Series Vulnerability [Updated Jan. 29, 2021]