Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Cost of a Data Breach Report 2020
- ESET Threat Report Q2 2020
- APT trends report Q2 2020
- Adversarial use of current events as lures
- US-CERT Alert (AA20-209A): Potential Legacy Risk from Malware Targeting QNAP NAS Devices
- ‘Ghostwriter’ Influence Campaign: Unknown Actors Push Narratives Aligned With Russian Security Interests
Threat Research
- Watch Your Containers: Doki Infecting Docker Servers in the Cloud
- Chinese State-Sponsored Group ‘RedDelta’ Targets the Vatican and Catholic Organizations
- WastedLocker: technical analysis
- Lazarus on the hunt for big game
- Malspam campaign caught using GuLoader after service relaunch
- Operation (노스 스타) North Star A Job Offer That’s Too Good to be True?
- New infection chain of njRAT variant
- Threat Assessment: WastedLocker Ransomware Activities
- Hasbro.com Drive-By-Download Analysis
- Certutil download artefacts
- DEEP DIVE INTO CAZANOVA MORPHINE PHISHING KIT
- An Analysis of Emotet Malware: PowerShell Unobfuscation
- LOLSnif Malware
Tools and Tips
- Sparkling Payloads: Leveraging Notarized Payloads and Sparkle for Initial Access
- SkyArk is a cloud security project to detect shadow Admin accounts in Azure and AWS
- Offense and Defense – A Tale of Two Sides: Group Policy and Logon Scripts
- Memorizing Behavior: Experiments with Overfit Machine Learning Models
- Best practice for SQL statements in Python
- Cracking Maldoc VBA Project Passwords
- Breaking into infosec and learning new skills with Atomic Red Team
- Behavioural Analysis Tools & Techniques – Emotet as Case Study (Video)
- Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates
- Behind the scenes in the Expel SOC: Alert-to-fix in AWS
- Hunting And Defeating Evasive Threats
- Make the most out of BloodHound
- Set up a development environment for Timesketch
- Dll Injection Explained (Video)
- Purple Team Exercise Framework (PTEF) (Registration Required)
- PE Tree – Python module for viewing Portable Executable (PE) files in a tree-view
- Jiu Jitsu vs InfoSec: Defense in Depth
- Thycotic Secret Server: offline Decryption Methodology
- Covert Channel Chronicles: Astaroth’s ADS Forking Techniques
- 20 CentOS Server Hardening Security Tips – Part 1
Breaches, Government, and Law Enforcement
- Athens ISD pays $50K for release of data in ransomware attack
- Three Individuals Charged for Alleged Roles in Twitter Hack
- Malware Author Pleads Guilty for Role in Transnational Cybercrime Organization Responsible for more than $568 Million in Losses
- First-ever EU cyber sanctions hit Russian, Chinese, NKoreans
- Garmin Begins Recovery Following Ransomware Incident
- FBI warns of Netwalker ransomware targeting US government and orgs
- GandCrab ransomware operator arrested in Belarus
- ‘Payment sent’ – travel giant CWT pays $4.5 million ransom to cyber criminals
Vulnerabilities and Exploits
- A Vulnerability in F5 BIG-IP Edge Client for Windows Could Allow for Remote Code Execution
- THERE’S A HOLE IN THE BOOT
- Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902
- Hacker, 22, seeks LTR with your data: vulnerabilities found on popular OkCupid dating app
- US-CERT Bulletin (SB20-209): Vulnerability Summary for the Week of July 20, 2020
- CVE-2020–9934: Bypassing TCC…for unauthorized access to sensitive user data!
2 comments / Add your comment below