Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Netskope: Microsoft’s Macro Reversal Invites a Resurgence of Office Malware
- CIS: Breaking Down the BlackCat Ransomware Operation
- CIS: Cybersecurity Quarterly Summer 2022
- ZDNet: Apple previews Lockdown Mode, a new extreme security feature
- CISA: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector
- CISA: Prepare for a New Cryptographic Standard to Protect Against Future Quantum-Based Threats
- Sucuri: SiteCheck Malware Trends Report – Q2 2022
- Daniel Miessler: The Cybersecurity Skills Gap is Another Instance of Late-stage Capitalism
- Risky Business: Risky Biz News: China faces its first truly mega-leak
- Cofense: Phishing The Phishers: This is How the Number One Cybercrime Works
Threat Research
- IBM: Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine
- Fortinet: Notable Droppers Emerge in Recent Threat Campaigns
- Fortinet: From Follina to Rozena – Leveraging Discord to Distribute a Backdoor
- ReversingLabs: Update: IconBurst NPM software supply chain attack grabs data from apps and websites
- Cybereason: THREAT ANALYSIS REPORT: LockBit 2.0 – All Paths Lead to Ransom
- SANS ISC: Emotet infection with Cobalt Strike
- Inquest Labs: From Automated Twitter Post to Decoded Shellcode
- Morphisec: Infostealer Comparison: Top Stealers in 2022
- JP-CERT: YamaBot Malware Used by Lazarus
- PAN Unit42: Brute Ratel C4 Red Teaming Tool Being Abused by Malicious Actors
- Trend Micro: Unpacking Cloud-Based Cryptocurrency Miners That Abuse GitHub Actions and Azure Virtual Machines
- Microsoft: Hive ransomware gets upgrades in Rust
Tools and Tips
- SpecterOps: Koh: The Token Stealer
- Flashpoint: The Pyramid of Pain and Cyber Threat Intelligence
- SANS ISC: 7-Zip Editing & MoW
- Mandiant: Fuzzing Image Parsing in Windows, Part Four: More HEIF
- NVISO Labs: Investigating an engineering workstation – Part 4
- SANS: Month of PowerShell – String Substitution
- TrustedSec: A Diamond in the Ruff
- OALABS: Lockbit 3.0 Ransomware Triage
- Kroll: Anti-Forensic Techniques – Timestomping with NewFileTime
- Mayfly: Game Of Active Directory v2
- Jonathan Johnson: WMI Internals Part 1
- Malware Hell: Handling Malware Samples
- Chad Warner: “Mastering Cyber Intelligence” Notes
Breaches, Government, and Law Enforcement
- Flashpoint: Killnet: Russian DDoS Group Claims Attack on US Congress Website
- Recorded Future: Russian Information Operations Aim to Divide the Western Coalition on Ukraine
- G Data: The Psychology of Cybercrime
- Digital Shadows: Market differentiation: Cybercriminal forums’ unusual features designed to attract users
- SentinelOne: Targets of Interest | Russian Organizations Increasingly Under Attack By Chinese APTs
- BleepingComputer: Massive Rogers outage disrupts mobile service, payments in Canada
- The Record: Arrested Russian hacker Pavel Sitnikov looks to start a new chapter
- Lawfare: Taking the Elf Off the Shelf: Why the US Should Consider a Civilian Cyber Defense