Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!

Industry Reports, News, and Miscellany

• Netskope: Threat Labs Report – January 2021
• MIT: Defining success and mapping the road ahead for public-private partnership and critical infrastructure cybersecurity
• Chainalysis: Blockchain Analysis Shows Connections Between Four of 2020’s Biggest Ransomware Strains
• NCC Group: 2020 Annual Research Report
• RiskIQ: 2020 Mobile App Threat Landscape: New Threats Arise, But the Ecosystem Got Safer
• Recorded Future: Top 6 MITRE ATT&CK Techniques Identified in 2020, Defense Evasion Tactics Prevail
• Cisco Talos: A ransomware primer
• Atlantic Council: Pathologies of obfuscation: Nobody understands cyber operations or wargaming

Threat Research 

• Microsoft: What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
• eset: Kobalos – A complex Linux threat to high performance computing infrastructure
• Sophos: Agent Tesla amps up information stealing attacks
• SANS ISC: Excel spreadsheets push SystemBC malware
• SentinelLabs: Zeoticus 2.0 | Ransomware With No C2 Required
• Morphisec: CinaRAT Resurfaces With New Evasive Tactics and Techniques
• Palo Unit42: Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes
• Trend Micro: New in Ransomware: Seth-Locker, Babuk Locker, Maoloa, TeslaCrypt, and CobraLocker
• 0xthreatintel: Uncovering APT-C-41 (StrongPity) Backdoor
• The DFIR Report: Bazar, No Ryuk?
• Norfolk: DPRK Targeting Researchers II: .Sys Payload and Registry Hunting
• Krypos Logic: Trickbot masrv Module

Tools and Tips

• Netscout: Plex Media SSDP (PMSSDP) Reflection/Amplification DDoS Attack Mitigation Recommendations
• IBM: A Look at HTTP Parameter Pollution and How To Prevent It
• CrowdStrike: 7 Common Microsoft AD Misconfigurations that Adversaries Abuse
• red canary: Detecting Windows Management Instrumention: Your questions answered
• CISA: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments
• Deep Instinct: LSASS Memory Dumps Are Stealthier Than Ever Before
• Kostas: How to start a career in cyber threat intelligence
• Josh Brunty: Writing DFIR Reports- A Primer
• Hexacorn: Blog Recoll – a perfect tool for Threat Intelligence Analysts and other Report Readers
• Applied Network Defense: CyberChef for Security Analysts
• Optiv: Endpoint Detection and Response: How Hackers Have Evolved
• Lares: Hunting in the Sysmon Call Trace
• Jamie: XLSB: Analyzing a Microsoft Excel Binary Spreadsheet
• Domain Tools: Formulating a Robust Pivoting Methodology
• Elastic: How to build a malware analysis sandbox with Elastic Security
• BlackFr0g: [Reverse Engineering Tips] — Strings Deobfuscation with FLOSS

Breaches, Government, and Law Enforcement 

• US DOJ: Founder Of $90 Million Cryptocurrency Hedge Fund Charged With Securities Fraud And Pleads Guilty In Federal Court
• Stormshield: Security Incident concerning Stormshield
• Recorded Future: Indonesia and China Face Off Over Increasing Maritime Intrusions
• Krebs: ‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered
• Threatpost: Ransomware Attacks Hit Major Utilities
• Europol: 105 arrested for stealing over €12 million from US-based banks

Vulnerabilities and Exploits

• CIS: Multiple Vulnerabilities in Cisco VPN Routers Could Allow for Arbitrary Code Execution
• Trustwave: Full System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities
• SonicWall: Urgent Patch Available for SMA 100 Series 10.x Firmware Zero-Day Vulnerability
• CISA: Vulnerability Summary for the Week of January 25, 2021
• Project Zero: 0day Exploit Root Cause Analyses