Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- ZDNet: Microsoft acquires cybersecurity company RiskIQ
- ZScaler: ThreatLabZ June 2021 Report: Deconstructing Kaseya Supply-Chain Attack and the Minebridge RAT Campaign
- Flashpoint: REvil Ransomware Is Down, But It’s Far From Out
- Recorded Future: Threats to the 2020 Tokyo Olympic Games: Insikt Group Report
- Talos: Following the Money: Comparing cryptocurrency value to illicit mining activity
- Digital Shadows: Why Domains Matter: Impersonations and Your Brand
- Facebook: Taking Action Against Hackers in Iran
- Domain Tools: The Most Prolific Ransomware Families: A Defenders Guide
Threat Research
- Proofpoint: Operation SpoofedScholars: A Conversation with TA453
- Prodaft: [TODDLER] Mobile Banking Botnet Analysis Report
- RiskIQ: Bulletproof Hosting Services: Investigating Media Land LLC, Part 2
- ZScaler: Targeted Attack on Government Organizations Delivers Netwire RAT
- IBM: RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
- Eset: Bandidos at large: A spying campaign in Latin America
- Fortinet: DLL Side-Loading Technique Used in the Recent Kaseya Ransomware Attack
- Kaspersky: LuminousMoth APT: Sweeping attacks for the chosen few
- Cybereason: Cybereason vs. Prometheus Ransomware
- McAffee: Hancitor Making Use of Cookies to Prevent URL Scraping
- Intezer: Targeted Phishing Attack against Ukraine Government Expands to Georgia
- CISA: MAR-10337802-1.v1: DarkSide Ransomware
- Binary Defense: Mars-Deimos: SolarMarker/Jupyter Infostealer (Part 1)
- Group iB: The Brothers Grim: The reversing tale of GrimAgent malware used by Ryuk
- Sentinel One: Conti Unpacked | Understanding Ransomware Development As a Response to Detection
- JP CERT: Attack Exploiting XSS Vulnerability in E-commerce Websites
- VMWAre: IcedID: Analysis and Detection
- Bitdefender: Trickbot Activity Increases; new VNC Module On the Radar
- Palo Unit42: Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, “MagicSocks” Tools
- Reversing Labs: Data Exfiltrator A New Tactic for Ransomware Adversaries
- Walmart: TA505 adds GoLang crypter for delivering miners and ServHelper
- Microsoft: Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
- Kryptos Logic: Adjusting the Anchor
Tools and Tips
- Agari: Catching Lookalike Domains with Image-Based Analysis
- CrowdStrike: CrowdStrike Services Releases AutoMacTC 1.2.0
- Dragos: Correcting Prevention Bias in Your OT Cyber Incident Response
- SANS ISC: BASE85 Decoding With base64dump.py
- Red Canary: Atomic Red Team adds tests for cloud and containers
- Expel: Swimming past 2FA, part 1: How to spot an Okta MITM phishing attack
- CISA: CISA Insights: Guidance for MSPs and Small- and Mid-sized Businesses
- Deep Instinct: Stopping PrintNightmare
- Secureworks: Threat Hunting Principles
- Open Source DFIR: Windows Container Forensics
- AhmedS Kasmani: Analysis of AppleJeus Malware by Lazarus Group
- MalwareAficianado: Malware Analysis Fundamentals: Process Monitoring
- Atomic Matryoshka: PROCESS INJECTION: MALWARE LURKING IN THE SHADOWS OF LEGITIMATE PROGRAMS (PART 1)
- Synthesis: Automation in Reverse Engineering: String Decryption
- Scorpio Software: Processes, Threads, and Windows
- Default Credentials: PowerShell for Rapid Incident Response – Process Enumeration (Part One)
- Just Another Geek: Detecting Golden Ticket attacks
- Any Run: Introduction to Malware Analysis
Breaches, Government, and Law Enforcement
- US DOS: Rewards for Justice – Reward Offer for Information on Foreign Malicious Cyber Activity Against US Critical Infrastructure
- US DOJ: Nigerian National Sentenced for Role in Fraud Scheme
- Kaspersky: Arrests of members of Tetrade seed groups Grandoreiro and Melcoz
- Dragos: TSA Pipeline Security Guideline Update
- Politico: Senate confirms Jen Easterly as head of U.S. cyber agency
- The Record: Chinese government lays out new vulnerability disclosure rules
Vulnerabilities and Exploits
- CIS: A Vulnerability in SolarWinds Serv-U Could Allow for Remote Code Execution
- CrowdStrike: July 2021 Patch Tuesday: Updates and Analysis
- Microsoft: Windows Print Spooler Elevation of Privilege Vulnerability CVE-2021-34481
- Sonicwall: Urgent Security Notice: Critical Risk to Unpatched End-of-Life SRA & SMA 8.x Remote Access Devices
- Kaspersky: Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare)
- SANS ISC: Microsoft July 2021 Patch Tuesday
- CISA: Vulnerability Summary for the Week of July 5, 2021
- ZecOps: Meet WiFiDemon – iOS WiFi RCE 0-Day Vulnerability, and a Zero-Click Vulnerability That Was Silently Patched