Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Microsoft acquires CyberX to accelerate and secure customers’ IoT deployments
- Advisory 2020-008: Copy-paste compromises – tactics, techniques and procedures used to target multiple Australian networks
- Iraq Threat Update: June 2020
- Checkers and Brute Forcers Highlight Dangers of Poor Password Management
- Fidelis Threat Intelligence Report – May 2020
- Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike
- AWS Shield Threat Landscape Report – Q1 2020 (PDF)
Threat Research
- CryptoCore Group: A Threat Actor Targeting Cryptocurrency Exchanges
- Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
- Taurus: The New Stealer in Town
- Magnitude exploit kit – evolution
- Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files
- WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations
- DarkCrewBot – The Return of the Bot Shop Crew
- IndigoDrop spreads via military-themed lures to deliver Cobalt Strike
- GuLoader: Peering Into a Shellcode-based Downloader
- Hakbit Ransomware Campaign Against Germany, Austria, Switzerland
- Details on BRONZE VINEWOOD, Implicated in Targeting of the U.S. Election Campaign
- The Golden Tax Department and the Emergence of GoldenSpy Malware
- Inside a TrickBot Cobalt Strike Attack Server
- Obfuscated VBScript Drops ZLOADER, URSNIF, QAKBOT, DRIDEX
- Evolution of Malware LODEINFO
- The eagle eye is back: old and new backdoors from APT30
- zloader: VBA, R1C1 References, and Other Tomfoolery
- A close look at the advanced techniques used in a Malaysian-focused APT campaign
Tools and Tips
- Defending Exchange servers under attack
- Solving a Mailing List “Gap Spam” Problem
- Using Shell Links as zero-touch downloaders and to initiate network connections
- Pi Zero HoneyPot
- Process Injection: a primer
- How to create and maintain Jupyter threat hunting notebooks
- Analyzing IoT Security Best Practices
- Libcloudforensics and Cloud Logs
- Introducing Evasor: A New Pen Test Tool for WindowAppLocker
- AutoIt-Ripper: short python script that allows for extraction of “compiled” AutoIt scripts from PE executables
- Beyond the Edge: How to Secure SMB Traffic in Windows
- What’re you telling me, Ghidra? An introduction to Ghidra’s primary components
- Vicarious trauma and OSINT – a practical guide
- HuntLib: A Python library to help with some common threat hunting data analysis operations
- Free Mac & iOS Resources for the DFIR Community
- CTI is Better Served with Context: Getting better value from IOCs
- How to Start in #PowerShell
- How to avoid falling down the rabbit hole while analyzing malware
- Investigating Infrastructure Links with Passive DNS and Whois Data
Breaches, Government, and Law Enforcement
- WikiLeaks founder charged with conspiring with Anonymous and LulzSec hackers
- US Local Government Services Targeted by New Magecart Credit Card Skimming Attack
- Hack Brief: Anonymous Stole and Leaked a Megatrove of Police Documents
- Russian Cybercrime Boss Burkov Gets 9 Years
- Russian National Pleads Guilty for Role in Transnational Cybercrime Organization Responsible for more than $568 Million in Losses
- LG Electronics allegedly hit by Maze ransomware attack
Vulnerabilities and Exploits
- SOHO Device Exploitation
- Multiple Critical Vulnerabilities in Adobe Illustrator and After Effects Products
- A zero-day guide for 2020: Recent attacks and advanced preventive techniques
- Ripple20 Vulnerability Mitigation Best Practices
- US-CERT Bulletin (SB20-174): Vulnerability Summary for the Week of June 15, 2020
- Apache Releases Security Advisory for Apache Tomcat