Weekly News Roundup — July 28 to August 3

Summary

— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio.

Even here, there is a lot of material, so I included my top picks from each category below, and added brief quotes for additional context. I hope this highlights certain bits and helps readers identify content to consume. Happy Reading!

Highlights:

News/Reports/Papers: ATT&CKing Threat Management: A Structured Methodology for Cyber Threat Analysis

“This analysis aids decision makers in their commission to balance risk management with resource management. By leveraging the MITRE Adversarial Tactics Techniques & Common Knowledge (ATT&CK) framework as a quantitative data model, analysts can bridge the gap between strategic, operational, and tactical intelligence”

by Andy Piazza

Threat Research: LookBack Malware Targets the United States Utilities Sector

“distinct delivery methodology coupled with unique LookBack malware highlights the continuing threats posed by sophisticated adversaries to utilities systems and critical infrastructure providers”

by Michael Raggi and Dennis Schwarz with the Proofpoint Threat Insight Team

Tools and TipsTen Tips for Thriving at Infosec Cons

“With Hacker Summer Camp starting in just days, I thought this would be a good time to share my tips for making the most of infosec conferences. Whether it’s Black Hat, DEF CON, or your local BSides, infosec cons are an awesome way to meet people and learn, and that can be crucial to your career advancement.”

by Katie Nickels

Breaches: Capital One Data Theft Impacts 106M People

“On July 29, FBI agents arrested Paige A. Thompson on suspicion of downloading nearly 30 GB of Capital One credit application data from a rented cloud data server. Capital One said the incident affected approximately 100 million people in the United States and six million in Canada.”

Krebs on Security

Vulns/Exploits: Project Zero’s Vulnerability Disclosure FAQ

“over the total lifetime of Project Zero, 95.8% of issues have been fixed under deadline.”

Google Project Zero

Industry Reports, News, and Miscellany

Threat Research – Malware, Phishing, and other Campaigns in the Wild

Tools and Tips

Breaches, Government, and Law Enforcement 

Vulnerabilities and Exploits

Leave a Reply

Your email address will not be published. Required fields are marked *