Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Fortinet: Ransomware Roundup: Protecting Against New Variants
- HP: The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back
- Red Canary: Intelligence Insights: July 2022
- Digital Shadows: Q2 2022 Vulnerability Roundup
- ENISA: Threat Landscape Methodology Methodology
- Trustwave: Decade Retrospective: The State of Vulnerabilities
- BleepingComputer: Massive Microsoft 365 outage caused by faulty ECS deployment
- PAN Unit42: Unit 42 Threat Group Naming Update
Threat Research
- Mandiant: Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities
- Proofpoint: Buy, Sell, Steal, EvilNum Targets Cryptocurrency, Forex, Commodities
- Zscaler: Joker, Facestealer and Coper banking malwares on Google Play store
- ESET: I see what you did there: A look at the CloudMensis macOS spyware
- Fortinet: New Variant of QakBot Being Spread by HTML File Attached to Phishing Emails
- SecureList: Kaspersky report on Luna and Black Basta ransomware
- Akamai: Akamai Blog | The Kit That Wants It All: Scam Mimics PayPal’s Known Security Measures
- Symantec: LockBit: Ransomware Puts Servers in the Crosshairs
- Cisco Talos: Attackers target Ukraine using GoMet backdoor
- Intezer: Lightning Framework: New Undetected “Swiss Army Knife” Linux Malware
- SentinelOne: LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques
- Securonix: Securonix Threat Labs Initial Coverage Advisory: STIFF#BIZON Detection Using Securonix – New Attack Campaign Observed Possibly Linked to Konni/APT37 (North Korea)
- VMware: How Push Notifications are Abused to Deliver Fraudulent Links
- Bitdefender: Under Siege for Months: the Anatomy of an Industrial Espionage Operation
- Google: Continued cyber activity in Eastern Europe observed by TAG
- VirusTotal: Threat-landscape of Financial attacks
Tools and Tips
- SpecterOps: On Detection: Tactical to Functional
- CIS: Threat Integration: Lessons of Indicator & Incident Exchange
- Flashpoint: What is E-Skimming? Detecting and Defending Against Digital Fraud
- SANS ISC: Maldoc: non-ASCII VBA Identifiers
- Secureworks: Prep Like a Pro: Penetration Testing Steps To Get You Hack-Ready
- Mandiant: Preventing and Remediating External Asset Exposures
- SentinelOne: Inside Malicious Windows Apps for Malware Deployment
- Trend Micro: Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data
- SANS: Month of PowerShell: Process Threat Hunting, Part 1
- Sophos: OODA: X-Ops Takes On Burgeoning SQL Server Attacks
- Kostas: Threat Hunting Series: The Threat Hunting Process
- Developer-Y: cs-video-courses: List of Computer Science courses with video lectures.
- Axelarator: Malware Analysis Homelab
- AhmedS Kasmani (video): Qakbot Dropper Analysis
- Shinigami: Empathy: The Way to Win Hearts and Minds in CTI
- NVISO Labs: Analysis of a trojanized jQuery script: GootLoader unleashed
- Anton Chuvakin: The Best Way to Detect Threats In the Cloud?
- Erick Rudiak: xkcd 1205 inverted (or, what if it wasn’t so hard to be FAIR)
- Thinkst: Creating REST API Canary endpoints
Breaches, Government, and Law Enforcement
- Recorded Future: Amid Rising Magecart Attacks on Online Ordering Platforms, Recent Campaigns Infect 311 Restaurants
- US DOJ: Justice Department Seizes and Forfeits Approximately $500,000 from North Korean Ransomware Actors and their Conspirators
- US DOJ: Three Charged In First Ever Cryptocurrency Insider Trading Tipping Scheme
- Krebs: Massive Losses Define Epidemic of ‘Pig Butchering’
- Restore Privacy: Verified Twitter Vulnerability Exposes Data from 5.4 Million Accounts
- The Record: TSA unveils updated cybersecurity regulations of oil and gas pipelines
- Lawfare: Cybersecurity, the ECPA, Carpenter, and Government Transparency
- Data Breach Today: $350 Million Settlement of T-Mobile Breach Lawsuits Proposed
Vulnerabilities and Exploits
- Malwarebytes: Vulnerabilities in GPS tracker could have “life-threatening” implications
- Dragos: Six Months Later: Assessing the OT and ICS Risks of the Log4j Vulnerability
- SANS ISC: Apple Patches Everything Day
- CISA: Vulnerability Summary for the Week of July 11, 2022
- Sonicwall: Security Notice: SonicWall GMS SQL Injection Vulnerability
- Atlassian: Questions For Confluence Security Advisory 2022-07-20
- US HHS: Web Application Attacks in Healthcare
- Octavia Johnston: TTP Tuesday: Is CVE-2022-26134 patched on Confluence?