Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Fortinet: The Ghosts of Mirai
- McAfee: McAfee Labs Report Highlights Ransomware Threats
- PhishLabs: Breaking Down Phishing Site TLDs and Certificate Abuse in Q1
- The Record: Cyber insurance market faces a reckoning as losses pile up
- Kaspersky: Malicious spam campaigns delivering banking Trojans
- CrowdStrike: How Falcon Complete Disrupts eCrime Operators (WIZARD SPIDER)
Threat Research
- Proofpoint: JSSLoader: Recoded and Reloaded
- Blackberry: PYSA Loves ChaChi: a New GoLang RAT
- IBM: Ursnif Leverages Cerberus Android Malware to Automate Fraudulent Bank Transfers in Italy
- Symantec: Ransomware: Growing Number of Attackers Using Virtual Machines
- Talos: Attackers in Executive Clothing – BEC continues to separate orgs from their money
- GData: Microsoft signed a malicious Netfilter rootkit
- Trustwave: Yet Another Archive Format Smuggling Malware
- Sentinel One: Evasive Maneuvers | Massive IcedID Campaign Aims For Stealth with Benign Macros
- Avast: Crackonosh: A New Malware Distributed in Cracked Software
- The DFIR Report: From Word to Lateral Movement in 1 Hour
- Squibydoo.blog: Mars-Deimos: From Jupiter to Mars and Back again (Part Two)
- Microsoft: New Nobelium activity
Tools and Tips
- SpecterOps: Learning from our Myths
- CrowdStrike: The Myth of Part-time Hunting, Part 1: The Race Against Ever-diminishing Breakout Times
- Proofpoint: BEC Taxonomy: Lures and Tasks
- Flashpoint: Facing Five Types of Ransomware and Cyber Extortion
- NSA: NSA Funds Development, Release of D3FEND
- SANS ISC: Video: oledump Cheat Sheet
- FalconForce: FalconFriday — Certified Pre-Owned— 0xFF12
- AhmedS Kasmani: Analysis of malware dropped by Nobelium.
- Eli Salem: Dissecting and automating Hancitor’s config extraction
- MalwareAficionado: Walkthrough – HackyBird.exe
- hlldz: hlldz/Phant0m: Windows Event Log Killer
- Atomic Matryoshka: WINDOWS AUTHENTICATION BYPASS VIA ACCESSIBILITY BINARIES
- DFIR Review: Upgrade From NULL—Detecting iOS Wipe Artifacts
Breaches, Government, and Law Enforcement
- Zyxel: Security Incident Alert – Firewall Series
- Malwarebytes: Atomic research institute breached via VPN vulnerability
- Politico: EU, US launch initiative against ransomware
- Krebs: MyBook Users Urged to Unplug Devices from Internet
- NATO: Russia’s Strategy in Cyberspace
- DOJ: High-Level Member of Hacking Group Sentenced to Prison for Scheme that Compromised Tens of Millions of Debit and Credit Cards