Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Cybersecurity Quarterly Summer 2020
- US-CERT Alert (AA20-183A): Defending Against Malicious Cyber Activity Originating from Tor
- Elastic Security opens public detection rules repo
Threat Research
- EKANS Ransomware Targeting OT ICS Systems
- New Mac ransomware spreading through piracy
- Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks
- Aggah Campaign’s Latest Tactics: Victimology, PowerPoint Dropper and Cryptocurrency Stealer
- Try2Cry: Ransomware tries to worm
- GoldenSpy Chapter 3: New and Improved Uninstaller
- XMRig variant mining Trojan rampantly doing evil
- Living Off Windows Land – A New Native File “downldr”
Tools and Tips
- Automating DLL Hijack Discovery
- Securing Check Point Firewall
- Into the Rabbit Hole – Offensive DNS Tunneling Rootkits
- Python 2to3: Tips From the CrowdStrike Data Science Team
- Get The Most Out Of Your IoC: The Beginner’s Guide
- Level up your YARA game
- Capture the Flag 101
- Mining DNS MX Records for Fun and Profit
- fvol: Fast volatility script (fvol) is a wrapper script that will run volatility plugins against a memory dump
Breaches, Government, and Law Enforcement
- University of California SF pays ransomware hackers $1.14 million to salvage research
- Australia to spend nearly $1 billion to boost cyber security
- COVID-19 ‘Breach Bubble’ Waiting to Pop?
- NTT Com confirms possible information leak due to unauthorized access
Vulnerabilities and Exploits
- CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication
- K52145254: TMUI RCE vulnerability CVE-2020-5902
- F5 fixes critical vulnerability discovered by Positive Technologies in BIG-IP application delivery controller
- Would you like some RCE with your Guacamole?
- US-CERT Bulletin (SB20-181): Vulnerability Summary for the Week of June 22, 2020