— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- W2 Scams and BEC: 3 Reasons Advanced Email Threats Are About to Get Worse
- New Ryuk Info Stealer Targets Government and Military Secrets
- 2019 Holiday Shopping Season Threat Review: A Post-mortem of E-commerce Threats
- Has Necurs Fallen From (Cybercrime) Grace? Elite Malware Botnet Now Distributes Clunky Scams
- Common Attacks and Effective Mitigation: 2020 CrowdStrike Services Report Key Findings (Part 2 of 2)
- Network Security Perspective on Coronavirus Preparedness
- Cyber Threat Intelligence Frameworks: 5 Rules for Integrating These Frameworks
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- Aggah: How to run a botnet without renting a Server (for more than a year)
- New Iranian Campaign Tailored to US Companies Utilizes an Updated Toolset
- Frenchy – Shellcode in the Wild
- Winnti Group targeting universities in Hong Kong
- Android Malware Targets Diabetic Patients
- RATs in the Library – Remote Access Trojans Hide in Plain “Public” Site
- Is That Really Your AV Company? (Trickbot gtag mor85)
- An Overhead View of the Royal Road
- Tracking Down REvil’s “Lalartu” by utilizing multiple OSINT methods
Tools and Tips
- Detection Engineering using Apple’s Endpoint Security Framework
- 7 Steps to Help Prevent & Limit the Impact of Ransomware
- Introducing Chain Reactor: an open source tool for adversary simulations on Linux
- Route to the DFIR Career
- Memhunter – Live Hunting Of Code Injection Techniques
- WhatsApp messages in Non-Rooted Android Devices
Breaches, Government, and Law Enforcement
- Raytheon engineer arrested for taking US missile defense secrets to China
- Wawa’s massive card breach: 30 million customers’ details for sale online
- Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world
- The cyber attack the UN tried to keep under wraps
- Dozens of companies have data dumped online by ransomware ring seeking leverage
- Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security
Vulnerabilities and Exploits
- IE and FIREFOX-Patching nightmare begins in 2020…
- Trend Micro antivirus zero-day used in Mitsubishi Electric hack
- US-CERT Bulletin (SB20-027) – Vulnerability Summary for the Week of January 20, 2020
- US-CERT Alert (AA20-031A) – Detecting Citrix CVE-2019-19781