Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Malwarebytes: Ransomware rolled through business defenses in Q2 2022
- Phish Labs: Emotet Tops Payload Attack Volume in Q2
- G Data: The real reason why malware detection is hard—and underestimated
- Digital Shadows: RANSOMWARE IN Q2 2022: RANSOMWARE IS BACK IN BUSINESS
- Sucuri: Security Lessons Learned from 2021
Threat Research
- CIS: Top 10 Malware June 2022
- Proofpoint: Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media
- Zscaler: Rise in Qakbot Attacks Traced to Evolving Threat Techniques
- Fortinet: Spoofed Saudi Purchase Order Drops GuLoader – Part 2
- Securelist: Text-based fraud: from 419 scams to vishing
- Malwarebytes: Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign
- Dragos: The Trojan Horse Malware & Password “Cracking” Ecosystem Targeting Industrial Operators
- Check Point: Iranian Spear-Phishing Operation Targets Former Israeli and US High-Ranking Officials
- Cisco Talos: Transparent Tribe begins targeting education sector in latest campaign
- HP: Stealthy OpenDocument Malware Deployed Against Latin American Hotels
- Blackberry: GootLoader, From SEO Poisoning to Multi-Stage Downloader
- SentinelOne: Inside Malicious Windows Apps for Malware Deployment
- PAN Unit42: Digium Phones Under Attack: Insight Into the Web Shell Implant
- The DFIR Report: SELECT XMRig FROM SQLServer
- Microsoft: North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware
- Microsoft: From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
- Team Cymru: An Analysis of Infrastructure linked to the Hagga Threat Actor
- Sophos: BlackCat ransomware attacks not merely a byproduct of bad luck
- Cyjax: Who is Trickbot?
Tools and Tips
- SANS ISC: Excel 4 Emotet Maldoc Analysis using CyberChef
- Expel: Cutting Through the Noise: RIOT Enrichment Drives SOC Clarity
- Mandiant: Abusing Duo Authentication Misconfigurations in Windows and Active Directory Environments
- PAN Unit42: Cobalt Strike Analysis and Tutorial: CS Metadata Encryption and Decryption
- NVISO Labs: Investigating an engineering workstation – Part 4
- Trend Micro: Unpacking Cloud-Based Cryptocurrency Miners That Abuse GitHub Actions and Azure Virtual Machines
- SANS: Month of PowerShell – Working with the Event Log, Part 3 – Accessing Message Elements
- Windows Incident Response: Does “Autostart” Really Mean “Autostart”?
- BSidesCharm 2022 (video): Malware Analysis for the Masses – Shawn Thomas
- The Art of Mac Malware: Volume I: Analysis
- David French: Threat hunting in Okta logs
- Avast: Decoding Cobalt Strike: Understanding Payloads
- Splunk: Introducing Splunk Attack Range v2.0
- FourCore: Genesis – The Birth of a Windows Process (Part 1)
- Black Hills: Impacket Offense Basics With an Azure Lab
- Cyber.WTF: Windows Registry Analysis – Today’s Episode: Tasks
- DFIR Science: Fast password cracking – Hashcat wordlists from RAM
Breaches, Government, and Law Enforcement
- CIS: The Conti Leaks: A Case of Cybercrime’s Commercialization
- Eurogamer: Elden Ring publisher Bandai Namco confirms it was hacked, “investigating” potential customer information leak
- Krebs: Experian, You Have Some Explaining to Do
- Intel471: Why organizations should (and should not) worry about KillNet
- Chainalysis: Mixer Usage Reaches All-time Highs in 2022 With Nation State Actors and Cybercriminals Contributing Significant Volume
- Lawfare: Cyber Operations and Maschmeyer’s “Subversion Trilemma”
- Data Breach Today: At Half-Year Mark, Ransomware, Vendor Breaches Dominate
- US DOJ: Aerojet Rocketdyne Agrees to Pay $9 Million to Resolve False Claims Act Allegations of Cybersecurity Violations in Federal Government Contracts