Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- CISA: People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
- IBM: Countdown to Ransomware: Analysis of Ransomware Attack Timelines
- Recorded Future: Chinese Cybercrime in Neighboring Countries
- Malwarebytes: ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat
- PhishLabs: Social Media Attacks Targeting Businesses Increase 105%
- ReversingLabs: A (Partial) History of Software Supply Chain Attacks
- Trellix: Growling Bears Make Thunderous Noise
- Risky Business News: Risky Biz News: LockBit-Mandiant drama, explained
Threat Research
- Netskope: GoodWill Ransomware? Or Just Another Jasmin Variant?
- CIS: Top 10 Malware April 2022
- Proofpoint: How Cyber Criminals Target Cryptocurrency
- SetinelOne: Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years
- Blackberry: Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
- Zscaler: Lyceum .NET DNS Backdoor
- Fortinet: Threat Actors Prey on Eager Travelers
- Securelist: WinDealer dealing on the side
- Uptycs: Black basta Ransomware Goes Cross-Platform, Now Targets ESXi Systems
- Symantec: Clipminer Botnet Makes Operators at Least $1.7 Million
- SANS ISC: TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
- HP: SVCReady: A New Loader Gets Ready
- McAfee: Phishing Campaigns featuring Ursnif Trojan on the Rise
- PAN Unit42: Exposing HelloXD Ransomware and x4k
- PAN Unit42: Understanding REvil: REvil Threat Actors May Have Returned (Updated)
- PAN Unit42: LockBit 2.0: How This RaaS Operates and How to Protect Against It
- The DFIR Report: Will the Real Msiexec Please Stand Up? Exploit Leads to Data Exfiltration
- Microsoft: Exposing POLONIUM activity and infrastructure targeting Israeli organizations
- Atomic Matryoshka: From the User Perspective – TrickBot Phish
- OALABS: Cobalt Strike Analysis Taking a look at Cobalt Strike config extraction and emulation
Tools and Tips
- SpectreOps: Managed Identity Attack Paths, Part 1: Automation Accounts
- CIS: Cyber-Safe Travel
- Dragos: Minimizing the Consequences of Shared Credentials Across IT and OT Environments
- Red Canary: Detecting suspicious email forwarding rules in Office 365
- Expel: Incident report: Spotting an attacker in GCP
- Binary Defense: 4 Tactics To Detect & Contain Emotet’s Latest Evolution
- SANS: Searching SMB Share Files
- Michael Koczqara: Diamond Model of Intrusion Analysis in Practice
- Google: GitHub – google/cloud-forensics-utils: Python library to carry out DFIR analysis on the Cloud
- Romaissa Adjailia: Spelunking with the fundamental concepts of Splunk
- Thomas Roccia: 10 Python Libraries for Malware Analysis and Reverse Engineering
- Salil Jain: Detecting DNS Tunneling using Spark Structured Streaming
- Glue: Leveraging Threat Intel for Event Enrichment In Security Onion
Breaches, Government, and Law Enforcement
- IBM: World’s Largest Darknet Market Shut Down, $25 Million in Bitcoin Seized
- Flashpoint: US Seizes SSNDOB Market, Which Sold PII of 24 Million People
- Krebs: Adconion Execs Plead Guilty in Federal Anti-Spam Case
- Trend Micro: Trend Micro Partners With Interpol and Nigeria EFCC for Operation Killer Bee, Takes Down Nigerian BEC Actors