Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- SpecterOps: Hang Fire: Challenging our Mental Model of Initial Access
- Kaspersky: Analysis of dark web posts selling access to corporate networks
- PhishLabs: Hybrid Vishing Attacks Soar YoY, Achieve All-Time High In March
- The DFIR Report: SANS Ransomware Summit 2022, Can You Detect This?
- Trend Micro: State of OT Security in 2022: Big Survey Key Insights
Threat Research
- Zscaler: Resurgence of Voicemail-themed Phishing Attacks Targeting Key Industry Verticals in US
- Zscaler: Technical Analysis of PureCrypter
- Recorded Future: Latin American Governments Targeted By Ransomware
- Fortinet: New IceXLoader 3.0 – Developers Warm Up to Nim
- Check Point: Iranian Spear-Phishing Operation Targets Former Israeli and US High-Ranking Officials
- SANS ISC: Malspam pushes Matanbuchus malware, leads to Cobalt Strike
- Blackberry: Threat Thursday: Unique Delivery Method for Snake Keylogger
- Objective-See: SeaFlower 藏海花 A backdoor targeting iOS web3 wallets
- Trend Micro: Websites Hosting Fake Cracks Spread Updated CopperStealer Malware
- Microsoft: The many lives of BlackCat ransomware
- Volexity: DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
- Sekoia: BumbleBee: a new trendy loader for Initial Access Brokers
Tools and Tips
- CrowdStrike: Capture the Flag: CrowdStrike Intelligence Adversary Quest 2022
- Flashpoint: The Practitioner’s Guide to Vulnerability Management: Implementing a Risk-Based Approach
- Dragos: How Incident Response (IR) Tabletop Exercises Strengthen OT Security Posture
- SANS ISC: Video: Decoding Obfuscated BASE64 Statistically
- Red Canary: Everything’s a file: Securing the Linux VFS
- Binary Defense: Detecting Follina Exploits Using a Remote Answer File
- Mandiant: Enhancing Digital Threat Monitoring with Machine Learning
- Huntress: Triangulation
- Data Breach Today: Unexpected Pairings: Wine Tasting and Threat Intelligence
- OALABS: Diceloader Triage Notes
- EricaZelic: Guide to Self-Learning Windows and Active Directory: Part II
- Kostas: Threat Hunting Series: The Basics
- Daniel Parker: Windows Registry Internal finding
- SANS: Power Up Memory Forensics with Memory Baseliner
- NtQuerySystemInformation: A reverse engineer primer on Qakbot DLL Stager: From initial execution to multithreading
- Malware Hell: KVM Malware Lab Guide
- erichutchins: geoipsed: Fast, inline geolocation decoration of IPv4 and IPv6 addresses written in Rust
Breaches, Government, and Law Enforcement
- Interpol: Hundreds arrested and millions seized in global INTERPOL operation against social engineering scams
- Krebs: Ransomware Group Debuts Searchable Victim Data
- CISA: CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case
- Intel471: Cybercriminals preying on travel surge with a host of different scams
- US DOJ: Russian Botnet Disrupted in International Cyber Operation
- The Record: House Democrats propose major funding increase for CISA
- Lawfare: European Security Officials Double Down on Automated Moderation and Client-Side Scanning
- Daily Sabah: Turkish intelligence cracks down on Russian spy network
- The Daily Swig: Security researcher receives legal threat over patched Powertek data center vulnerabilities
Vulnerabilities and Exploits
- Hertzbleed: Hertzbleed Attack
- CIS: End-of-Support Software Report List – May 2022
- Cisco Talos: Microsoft Patch Tuesday for June 2022 — Snort rules and prominent vulnerabilities
- SANS ISC: Microsoft June 2022 Patch Tuesday
- CISA: Vulnerability Summary for the Week of June 6, 2022
- Trustwave: The Importance of White-Box Testing: A Dive into CVE-2022-21662
- Cyberark: That Pipe is Still Leaking: Revisiting the RDP Named Pipe Vulnerability
- PAN Unit42: Why Are My Junctions Not Followed? Exploring Windows Redirection Trust Mitigation