Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Recorded Future: Insider Trading Threats on Dark Web and Underground Sources
- FBI: IC3 Releases 2020 Internet Crime Report — FBI
- DNI: Intelligence Community Assessment on Foreign Threats to the 2020 US Federal Elections
- Dragos: New ICS Threat Activity Group: VANADINITE
- HP-Bromium: Threat Insights Report, Q4 2020
- Vice: A Hacker Got All My Texts for $16
- Krebs: Can We Stop Pretending SMS Is Secure Now?
- Unit42: Highlights from the 2021 Unit 42 Ransomware Threat Report
- Strategic Studies Quarterly (PDF): Corporate Hackers: Outsourcing US Cyber Capabilities
Threat Research
- CrowdStrike: INDRIK SPIDER: WastedLocker Superseded by Hades Ransomware
- Prodaft (PDF): SilverFish Group Threat Actor Report
- Sentinel Labs: New macOS malware XcodeSpy Targets Xcode Developers with EggShell Backdoor – SentinelLabs
- Cybereason: Campaign Targeting US Taxpayers with NetWire and Remcos Malware
- Flashpoint: Mobile Apps and Chat Key to Flourishing Chinese Cybercrime
- Recorded Future: RESEARCH China-linked TA428 Continues to Target Russia and Mongolia IT Companies
- Kaspersky: Convuster: macOS adware now in Rust
- Proofpoint: Now You See It, Now You Don’t: CopperStealer Performs Widespread Theft
- McAfee: Operation Dianxun
- Trustwave: HAFNIUM, China Chopper and ASP.NET Runtime
- Group-IB: JavaScript sniffers’ new tricks: Analysis of the E1RB JS sniffer family
- Morphisec: Tracking HCrypt: An Active Crypter as a Service
- Area1: Blog Sophisticated Microsoft Spoof Targets Financial Departments
- VinCSS Blog: Qakbot analysis – Dangerous malware has been around for more than a decade
Tools and Tips
- SpecterOps: Abstracting Scheduled Tasks
- CISA: Using CHIRP to Detect Post-Compromise Threat Activity in On-Premises Environments
- CISA: TTP Table for Detecting APT Activity Related to SolarWinds and Active Directory/M365 Compromise
- CISA: CISA Alert AA21-076A: TrickBot Malware
- Microsoft: One-Click Microsoft Exchange On-Premises Mitigation Tool
- SANS ISC: Finding Metasploit & Cobalt Strike URLs
- Objective-See: Creating Shield – An app to protect against process injection on macOS
- 0xc0decafe: Detect API hashing with YARA
- Bushido Token: Connecting the dots with Virus Total
- Digit Oktavianto: Malicious Powershell Deobfuscation Using CyberChef
- bohops: Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion
- Elastic: Detecting Cobalt Strike with memory signatures
- Elastic: Detecting Lateral Movement techniques with Elastic
Breaches, Government, and Law Enforcement
- Reuters: Exclusive: Microsoft could reap more than $150 million in new U.S. cyber spending, upsetting some lawmakers
- ZDNet: Largest ransomware demand now stands at $30 million as crooks get bolder
- Malwarebytes: FBI warns of increase in PYSA ransomware attacks targeting education – Malwarebytes Labs
- arsTechnica: I was a teenage Twitter hacker. Graham Ivan Clark gets 3-year sentence
- Washington Post: Analysis | The Cybersecurity 202: Senate panel delves into SolarWinds hack
- Binary Defense: Proposed Homeland and Cyber Threat Act Would Allow Claims Against Foreign State Actors
- Bleeping Computer: Computer giant Acer hit by $50 million ransomware attack
- DOJ: Cypriot hacker sentenced to federal prison for extorting website operators with stolen personal information
- DOJ: Russian National Pleads Guilty to Conspiracy to Introduce Malware into a U.S. Company’s Computer Network
Vulnerabilities and Exploits
- CIS: Multiple Vulnerabilities in F5 BIG-IP and BIG-IQ Products Could Allow for Arbitrary Code Execution
- CISA: Vulnerability Summary for the Week of March 8, 2021
- Digital Shadows: Smeltdown 2.0: Revisiting the Spectre and Meltdown Vulnerabilities
- Infosec Matter: InfosecMatter Top 20 Microsoft Azure Vulnerabilities and Misconfigurations
- NCC Group Research: RIFT: Detection capabilities for recent F5 BIG-IP/BIG-IQ iControl REST API vulnerabilities CVE-2021-22986
- Google: In-the-Wild Series: October 2020 0-day discovery
1 comment / Add your comment below