Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Flashpoint: New Report From Flashpoint and Risk Based Security Finds 22 Billion Records Exposed in 2021 Data Breaches
- Kaspersky: Kaspersky report on telehealth security in 2020 and 2021
- Trend Micro: Conti and LockBit Make Waves with High-Profile Attacks: Ransomware in Q4 2021
- WIRED: Inside Trickbot, Russia’s Notorious Ransomware Gang
- The Record: An ALPHV (BlackCat) representative discusses the group’s plans for a ransomware ‘meta-universe’
- InfoSecSherpa: InfoSecSherpa’s Cryptocurrency Security, Legislation, and Litigation News Roundup for Week Ending Friday, February 4, 2022
- Mandiant: 1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Information
Threat Research
- Proofpoint: MFA PSA, Oh My!
- IBM: TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware
- Recorded Future: WhisperGate Malware Corrupts Computers in Ukraine
- Volexity: Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra
- Symantec: Antlion: Chinese APT Uses Custom Backdoor to Target Financial Institutions in Taiwan
- Symantec: Shuckworm Continues Cyber-Espionage Attacks Against Ukraine
- Cisco Talos: Arid Viper APT targets Palestine with new wave of politically themed phishing attacks, malware
- Cisco Talos: Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables
- Blackberry: Threat Spotlight: WhisperGate Wiper Wreaks Havoc in Ukraine
- G Data: QR codes on Twitter deliver malicious Chrome extension
- PAN Unit42: Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine
- Walmart: Sugar Ransomware, a new RaaS
- Microsoft: ACTINIUM targets Ukrainian organizations
- Microsoft: The evolution of a Mac trojan: UpdateAgent’s progression
- Mandiant: Zoom For You — SEO Poisoning to Distribute BATLOADER and Atera Agent
- Forensic IT Guy: STRRAT Attached to a MSI File
- Segurança Informática: Taking the bait: The modus operandi of massive social engineering waves impacting banks in Portugal
- 3xp0rt: Mars Stealer: Oski refactoring
- Security Onion: Security Onion: Quick Malware Analysis: Contact Forms Campaign IcedID Bokbot with Cobalt Strike pcap from 2022-01-27
Tools and Tips
- SpecterOps: Apollo 2.0 — New Year, New Features
- CIS: The Cost of Ignoring the Log4j Vulnerability
- Dragos: How to Talk to the C-Suite and Board About OT Security
- SANS ISC: Keeping Track of Your Attack Surface for Cheap
- JPCERT: FAQ: Malware that Targets Mobile Devices and How to Protect Them
- Nasreddine Bencherchali: Why Hunting For LOLBINs Is One Of The Best Bets
- TrustedSec: I’m bringing relaying back: A comprehensive guide on relaying anno 2022
- DMFR Security: 100 Days of YARA – Day 45: Generic NirSoft Tools
- CrowdStrike: Programs Hacking Programs: How to Extract Memory Information to Spot Linux Malware
- cudeso: Scripts to integrate DFIR-IRIS, MISP and TimeSketch
- AndrewRathbun: The DFIR Artifact Museum was created to provide a centralized location for examples of artifacts from various operating systems.
- Security Onion: Security Onion 2.3.100 now available including SOC Cases!
- hasherezade: How to start RE/malware analysis?
- Target: Meet Merry Maker: How Target Protects Against Digital Skimming
Breaches, Government, and Law Enforcement
- CrowdStrike: Past Cyber Operations Against Ukraine and What May Be Next
- Flashpoint: The Death of an ISIS Leader; ISIS Attacks, January 2022: Key Trends, Statistics, and Geographic Analysis
- Recorded Future: The Chinese Communist Party’s Appeal to Youth in Overseas Propaganda
- Malwarebytes: $320 milllion stolen from Wormhole crypto-trading platform
- FBI: FBI Releases PIN on Potential Cyber Activities During the 2022 Beijing Winter Olympics and Paralympics
- US DOJ: Multiple India-based call centers and their directors indicted for perpetuating phone scams affecting thousands of Americans
- The Record: Iran’s national TV stream hacked for the second time in a week
- Reversing Labs: After Russian Arrests, REvil Implants Persist
- Data Breach Today: Cybercrime: Darknet Markets Live On, Even as Players Change
- Team Cymru: Expert Analyst Insight into North Korean ‘Internet Outages’
Vulnerabilities and Exploits
- Zscaler: Analysis of Adobe Acrobat Pro DC Solid Framework Out-of-Bounds Read Vulnerability (CVE-2021-40729)
- CISA: Vulnerability Summary for the Week of January 24, 2022
- CISA: Samba Releases Security Updates
- SentinelOne: Firefox JIT Use-After-Frees | Exploiting CVE-2020-2695
- Apiiro: Malicious Kubernetes Helm Charts can be used to steal sensitive information from Argo CD deployments
- CyberArk: Checking for Vulnerable Systems for CVE-2021-4034 with PwnKit-Hunter
- Trend Micro: The Samba Vulnerability: What is CVE-2021-44142 and How to Fix It