Weekly News Roundup — July 21 to July 27


— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio.

I am once again including my top picks from the material from each category below, but adding brief quotes from the pieces for added context. I hope this highlights certain bits and helps readers identify content to consume, since there is so much great information and so little time. Happy Reading!

Highlights (my top picks):

News/Reports: The Annual Cost of Data Breach Report by the Ponemon Institute.

“average total cost of a data breach is the U.S. at $8.19 million, more than twice the global average. Healthcare was again the most expensive industry for data breach costs, with the total cost of a data breach in 2019 averaging $6.45 million.”

By Larry Ponemon

Threat Research: Gigamon Takes a Detailed Look at FIN8’s Tooling

“FIN8 is a financially-motivated threat group originally identified by FireEye in January of 2016, with capabilities further reported on by Palo Alto Networks’ Unit 42 and root9B….we aim to show how FIN8 continues to evolve and adapt their tooling….to enable defenders to better prevent, discover, or disrupt FIN8’s operations.”

by Kristina Savelesky, Ed Miles, Justin Warner

Tools and Tips: Analysis of the AmCache — DFIR Summit 2019

“Frequently overlooked and understudied, this database is rarely fully exploited when doing incident response. Indeed, its correct interpretation is complex: a lot of special cases can occur that have to be taken into account when performing an analysis. However, the information collected by the AmCache is extremely useful and the lack of awareness about this artifact makes it very valuable, since it is easily overlooked by attackers erasing their tracks.”

Author Blanche Lagny

Government: Report of the Senate Intelligence Committee on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election

“From 2017 to 2019, the Committee held hearings, conducted interviews, and
reviewed intelligence related to Russian attempts in 2016 to access election infrastructure. The Committee sought to determine the extent of Russian activities, identify the response of the U.S. Government at the state, local, and federal level to the threat, and make recommendations on how to better prepare for such threats in the future.”


Vulns/Exploits: #Bluekeep POC Exploit Research Presented and Incorporated into Commercial Pentesting Tool

“on Tuesday, July 23, Immunity Inc. announced it included a fully-working BlueKeep exploit inside CANVAS v7.23, the company’s pen-testing toolkit.”

By Catalin Cimpanu

Industry Reports, News, and Miscellany

Threat Research – Malware, Phishing, and other Campaigns in the Wild

Tools and Tips

Breaches, Government, and Law Enforcement 

Vulnerabilities and Exploits

Leave a Reply

Your email address will not be published. Required fields are marked *