Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Agari: Inside a Compromised Account: How Cybercriminals Use Them
- RiskIQ: Microsoft Exchange is a Global Vulnerability. Patching Efforts Reveal Regional Inconsistencies
- Flashpoint: Compromised Credentials: Analyzing the 2021 Verizon DBIR
- Recorded Future: Threats to Asian Communities in North America, Europe, and Oceania
- Talos: Quarterly Report: Incident Response trends from Spring 2021
- PhishLabs: 47% Phishing Increase in Q1
- CISA: CISA Addresses the Rise in Ransomware Targeting Operational Technology Assets
- Intel471: The blurry boundaries between nation-state actors and the cybercrime underground
- GData: Naming malware: Why this jumbled mess is our own fault
- Kevin Beaumont: The hard truth about ransomware: we aren’t prepared, it’s a battle with new rules, and it hasn’t reached peak impact
- APWG: Phishing Activity Trends Reports — Summary — 4th Quarter 2020
Threat Research
- CrowdStrike: Another Brick in the Wall: eCrime Groups Leverage an SonicWall VPN Vulnerability
- Proofpoint: Ransom DDoS Extortion Actor “Fancy Lazarus” Returns
- TrendMicro: Modern Ransomware’s Double Extortion Tactics and How to Protect Enterprises Against Them
- ESET: BackdoorDiplomacy: Upgrading from Quarian to Turian
- ESET: Gelsemium: When threat actors go gardening
- Kaspersky: Gootkit: the cautious Trojan
- Kaspersky: Email spoofing: how attackers impersonate legitimate senders
- Check Point: SharpPanda: Chinese APT Group Targets Southeast Asian Government With Previously Unknown Backdoor
- Blackberry: Threat Thursday: SystemBC – a RAT in the Pipeline
- GData: SteamHide: Hiding Malware in Plain Sight
- Objective-See: Objective-See’s Blog
- Group IB: Big airline heist: APT41 likely behind massive supply chain attack
- SentinelLabs: ThunderCats Hack the FSB | Your Taxes Didn’t Pay For This Op
- JP-CERT: PHP Malware Used in Lucky Visitor Scam
- Palo Unit42: Prometheus Ransomware Gang: A Group of REvil?
- The DFIR Report: WebLogic RCE Leads to XMRig
- Advanced-Intel: From QBot…with REvil Ransomware: Initial Attack Exposure of JBS
Tools and Tips
- SpecterOps: Proxy Windows Tooling via SOCKS
- SpecterOps: BloodHound versus Ransomware: A Defender’s Guide
- CrowdStrike: How to Defend Against Conti, DarkSide, REvil and Other Ransomware
- Proofpoint: BEC Taxonomy: Extortion
- Dragos: Asset Visibility – Understanding Normal in ICS Environments
- SANS: BloodHound – Sniffing Out the Path Through Windows Domains
- SANS ISC: Russian Dolls VBS Obfuscation
- Red Canary: What is normal? Profiling System32 binaries to detect DLL Search Order Hijacking
- Expel: How to measure SOC quality
- Intezer: Top 10 Linux Server Hardening and Security Best Practices
- AhmedS Kasmani (Video): Malware Analysis: Agent Tesla Part 2/2 Final Payload Analysis
- MalwareAficionado: Malware Analysis Fundamentals: Hashing Algorithms
- Varonis: YARA Rules Guide: Learning this Malware Research Tool
- Nasreddine Bencherchali: Understanding & Detecting C2 Frameworks — BabyShark
- NCC Group Research: Detecting Rclone – An Effective Tool for Exfiltration
- MatyoshkaHax: Basic Security Log Analysis on Windows
- Open Source Society University: Path to a free self-taught education in Computer Science!
- Mehmet Ergene: Detecting Initial Access: HTML Smuggling and ISO Images — Part 1
- Splunk: EO, EO, It’s Off to Work We Go! (Protecting Against the Threat of Ransomware with Splunk)
- namazso: IDAShell is a shell extension for launching IDA from the context menu of executables
Breaches, Government, and Law Enforcement
- Bleeping Computer: Network security firm COO charged with medical center cyberattack
- DOJ: Slilpp Marketplace Disrupted in International Cyber Operation
- JBS Foods: JBS USA Cyberattack Media Statement – June 9
- DOJ: Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside
- Malwarebytes: Russia accused of hacking Dutch police during MH17 investigation
- FBI: FBI Targets Encrypted Platforms Used by Criminal Groups
- Reuters: Exclusive: U.S. to give ransomware hacks similar priority as terrorism
- DOJ: Latvian National Charged for Alleged Role in Transnational Cybercrime Organization
- Threatpost: REvil Hits US Nuclear Weapons Contractor: Report
- Threatpost: Hackers Steal FIFA 21 Source Code, Tools in EA Breach
- TrendMicro: How to Act on the Executive Order to Tackle Ransomware
- The Record: Avaddon ransomware operation shuts down and releases decryption keys
- DOJ: Justice Department Announces Court-Authorized Seizure of Domain Names Used in Furtherance of Spear-Phishing Campaign Posing as U.S. Agency for International Development
- Bleeping Computer: Computer memory maker ADATA hit by Ragnar Locker ransomware
- Homeland Security & Governmental Affairs Committee: Threats to Critical Infrastructure: Examining the Colonial Pipeline Cyber Attack
- DOJ: Five Arrested for Allegedly Laundering Nearly $1 Million from Business Email Compromise Fraud
Vulnerabilities and Exploits
- CIS: Multiple Vulnerabilities in VMware vCenter Server Could Allow for Remote Code Execution
- CrowdStrike: June 2021 Patch Tuesday: Updates and Analysis
- Symantec: Breaking SSL Locks: App Developers Behaving Badly
- Check Point: Fuzzing the Office Ecosystem
- Talos: Microsoft Patch Tuesday for June 2021 — Snort rules and prominent vulnerabilities
- SANS ISC: Microsoft June 2021 Patch Tuesday
- CISA: Vulnerability Summary for the Week of May 31, 2021
1 comment / Add your comment below