Weekly News Roundup — June 9 to June 15


— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source, but simply a collection of items I found interesting throughout my weekly research. The summaries are provided with links for the reader to drill down into particular topics according to their own interests. Thank you to all of the contributors for this great content!

Industry Reports, News, and Miscellany

Whether to Pay Ransomware Demands is Foremost a Business Decision

CrowdStrike Becomes a Publicly Traded Company

SQL Injection Attacks: So Old, but Still So Relevant. Here’s Why (Charts)

The Fight Against Cybercrime and BEC

Project Svalbard: The Future of Have I Been Pwned

Business Email Compromise: A Case Study

China’s Great Cannon

Tools and Tips

A few Ghidra tips for IDA users, part 4 – function call graphs

5 Tips for Improving Employee Security Awareness

How to Automate Phishing Investigations and Remediation

Awesome Incident Response: A curated list of tools for incident response

O365: Hidden InboxRules

Ransomware identification for the judicious analyst

Sysmon 10.0 – New features and changes

HOWTO: Disable account enumeration in Azure Active Directory

Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro (video)

New Tool: amsiscan.py

Demystifying Code Injection Techniques: Part 1 – Shellcode Injection

IDA: What’s new in 7.3

Introducing SEPparser — to parse Symantec’s Endpoint Protection logs into a human readable form

Digital Forensics and Incident Response Cheat Sheet

The Social Engineering Framework

Visualizing BloodHound Data with PowerBI — Part 2

Threat Research – Malware, Phishing, and other Campaigns in the Wild

Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns

New Pervasive Worm Exploiting Linux Exim Server Vulnerability

Hunting COM Objects (Part Two)

Threat Proliferation in ICS Cybersecurity: XENOTIME Now Targeting Electric Sector, in Addition to Oil and Gas

Hide ‘N Seek Botnet Updates Arsenal with Exploits Against Nexus Repository Manager & ThinkPHP

Observations of ITG07 Cyber Operations

Houdini Worm Transformed in New Phishing Attack

Malware Misuses Common Operating System Commands to Perform Targeted Attacks

Threat Spotlight: MenuPass/QuasarRAT Backdoor

New Spam Campaign, Possibly Necurs-based via DNS TXT Records

Vulnerabilities and Exploits

MSFT June 2019 Patch Tuesday

Intel Releases Security Updates, Mitigations for Multiple Products

Sandbox Escaper Publishes Additional CVE-2019-0841 Bypass

Drop the MIC – CVE-2019-1040

“BlueKeep” Vulnerability (CVE-2019-0708) within Cloud/Datacenter Machines: How to Safeguard Yourself?

The Week in Ransomware – June 14th 2019 – pyLocky and GandCrab Cleans Up

Breaches, Government, and Law Enforcement 

IoT Cybersecurity Improvement Act: An Important Step Forward

Telegram CEO Fingers China State Actors for DDoS Attack

Leave a Reply

Your email address will not be published. Required fields are marked *