Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Recorded Future: 2021 Malware and TTP Threat Landscape
- CIS: Top 10 Malware February 2022
- Red Canary: Intelligence Insights: March 2022
- Expel: Top Attack Vectors: February 2022
- CISA: Strengthening Cybersecurity of SATCOM Network Providers and Customers
- CISA: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability
- Aqua: Cloud Native Technologies Used in Russia-Ukraine Cyber Attacks
- RiskIQ: RiskIQ Threat Intelligence Roundup: Campaigns Targeting Ukraine and Global Malware Infrastructure
- Fortinet: A Brief History of The Evolution of Malware
- PhishLabs: PhishLabs Q4 Report Documents Shifts in Dark Web Activity
- Wordfence: Increase In Malware Sightings on GoDaddy Managed Hosting
Threat Research
- CrowdStrike: OverWatch Uncovers Ongoing NIGHT SPIDER Zloader Campaign
- Microsoft: Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
- BlackBerry: New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems
- BlackBerry: Threat Thursday: HermeticWiper Targets Defense Sectors in Ukraine
- IBM: CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations
- ASEC: Gh0stCringe RAT Being Distributed to Vulnerable Database Servers
- Dragos: Suspected Conti Ransomware Activity in the Auto Manufacturing Sector
- Cisco Talos: From BlackMatter to BlackCat: Analyzing two attacks from one affiliate
- Cisco Talos: Threat Advisory: CaddyWiper
- SANS ISC: Qakbot infection with Cobalt Strike and VNC activity
- Trustwave: The Attack of the Chameleon Phishing Page
- OALABS: Analysis of new BlackCat ransomware with encrypted config
- Prevailion: WIZARD SPIDER: What Wicked Webs We Un-weave
- Google: Exposing initial access broker with ties to Conti
Tools and Tips
- IBM: Top 5 Cybersecurity Podcasts to Follow in 2022
- Malwarebytes: How to protect RDP
- Dragos: How Asset Visibility Enables Effective OT Threat Detection
- Cisco Talos: Preparing for denial-of-service attacks with Talos Incident Response
- NSA: NSA, CISA release Kubernetes Hardening Guidance
- JP-CERT: Anti-UPX Unpacking Technique
- PAN Unit42: How the Malleable C2 Profile Makes Cobalt Strike Difficult to Detect
- SANS: Shifting from Penetration Testing to Red Team and Purple Team
- Atomic Matryoshka: What is fuzzy hashing?
- Cobertshell: Attack Simulation (Why it is Important!) Part 1 — Building the foundation
- WTFBins: This project aims to catalogue benign applications that exhibit suspicious behavior
- paladin316: ThreatHunting: This repo is where I store my Threat Hunting ideas/content
- Anton Chuvakin: How to SLO Your SOC Right? More SRE Wisdom for Your SOC!
- APNIC: Threat hunting with Yara: Measuring distance between any three elements
- awslabs: aws-automated-incident-response-and-forensics
- Dissecting Malwa.re: Quick revs: Pandora Ransomware – The Box has been open for a while…
- Claroty: Freely Available Arya Tool for Testing YARA Rules
- Sophos: The Ransomware Threat Intelligence Center
- Nasreddine Bencherchali: LOLBINed — CyberGhost VPN (PeLauncher.exe/Dashboard.exe)
- Security Soup: Decoding a DanaBot Downloader
Breaches, Government, and Law Enforcement
- GOV.UK: World-first online safety laws introduced in Parliament
- Check Point: AirDrop process of ApeCoin cryptocurrency found vulnerable, led to theft of millions of dollars in NFTs
- TechRadar: Israeli government confirms it was hit by huge DDoS attack
- Krebs: Lawmakers Probe Early Release of Top RU Cybercrook
- Digital Shadows: Biden’s Executive Order on Crypto: What you need to know
- The Record: Nigerian authorities arrest alleged scammer on FBI Most Wanted List
- Lawfare: Soldiers, Statesmen and Cyber Crises: Cyberspace and Civil-Military Relations
- Data Breach Today: Russia-Ukraine Updates: Cybersecurity News Amid Conflict
- Reuters: US bars ex-spies from becoming ‘mercenaries,’ following Reuters series
- US DOJ: Five Individuals Charged Variously with Stalking, Harassing and Spying on US Residents on Behalf of the PRC Secret Police
- GOV.PL: GRU agent detained in Poland
Vulnerabilities and Exploits
- CrowdStrike: cr8escape: New Vulnerability in CRI-O Container Engine (CVE-2022-0811)
- Nick Gregory: The Discovery and Exploitation of CVE-2022-25636
- Kaspersky: CVE-2022-0847 aka Dirty Pipe vulnerability in Linux kernel
- Malwarebytes: Update now! Apple fixes several serious vulnerabilities in iOS and macOS
- SANS ISC: Scans for Movable Type Vulnerability (CVE-2021-20837)
- CISA: Vulnerability Summary for the Week of March 7, 2022
- PAN Unit42: CVE-2021-28372: How a Vulnerability in Third-Party Technology Is Leaving Many IP Cameras and Surveillance Systems Vulnerable
- TrustedSec: CVE-2022-24696 – Glance by Mirametrix Privilege Escalation
- The Register: Intel, Arm hit with another data-leaking Spectre chip bug