Summary
— Welcome to Security Soup’s continuing news coverage of highlights from the previous week. This list is not intended to be an exhaustive source, but simply a collection of items I found interesting throughout my weekly research. The summaries are provided with links for the reader to drill down into particular topics according to their own interests. Thank you to all of the contributors for this great content!
General Industry News
- Microsoft announces Defender ATP for Mac
- Norwegian aluminum producer Norsk Hydro impacted by ransomware
- https://www.reuters.com/article/us-norsk-hydro-cyber/aluminum-producer-hydro-hit-by-cyber-attack-shuts-some-plants-idUSKCN1R00NJ
- https://www.nozominetworks.com/blog/breaking-research-lockergoga-ransomware-impacts-norsk-hydro/
- https://blogs.cisco.com/security/talos/lockergoga-straddles-the-line
- https://doublepulsar.com/how-lockergoga-took-down-hydro-ransomware-used-in-targeted-attacks-aimed-at-big-business-c666551f5880
- Dragos announces acquisition of NexDefense
Industry Reports
- Trend Micro/Europol Global Telecom Crime Report 2019
- Spear Phishing: Top Threats and Trends (email registration required for access)
- The Business of Organized Cybercrime Collaboration in 2018
- Positive Technologies: Cybersecurity threatscape 2018
- Red Canary’s 2019 Threat Detection Report (email registration required for access)
Tools and Tips
- Introduction to analyzing Go binaries
- SilkETW: Simple interface to record trace data
- IPv6 unmasking via UPnP
- BHIS Webcast: Py2k20 – Transitioning from Python2 to Python3
- Attacking an internal network from the public Internet
- Dragos releases community ICS tools following its acquisition of NexDefense
- Google open-sources Sandboxed API
- Pepper MalwareBlog: a quick analysis of TrickBot with Ghidra
- A twitter thread explaining how to extract X.509 certificates from incomplete PCAP
- Mitre pilots “ATT&CK Sightings”
- References for FIRST CTI 2019 Symposium presentation
- DOGE: Darknet Osint Graph Explorer
- hecfblog: How to stream your own test kitchen
- DFIR Resources from Attackd0gz blog
- Red Team Telemetry: Empire Edition
- Ghidra Online Courses
- Flare-VM: updated to Version 2.0
- The Social-Engineer Toolkit v8.0 codename “Maverick” beta released
- ForensicMania S01E02
- Mordor from @Cyb3rWard0g — “A repo of pre-recorded security events generated by emulated adversarial techniques in the form of JSON files”
- The OSINT Puppeteer
- The FIRST Cyber Threat Intelligence SIG (CTI-SIG) curriculum
Vulnerabilities and Exploits
- Analysis of a Chrome Zero Day: CVE-2019-5786
- Top Vulnerabilities in 2018
- Extracting Bitlocker keys from a Trusted Platform Module (TPM)
- PuTTY client patched after key exchange vulnerability was identified
Threats in the Wild – Malware, Phishing, and other campaigns
- Phishing Campaign spoffs CDC Warning
- More Boeing 737-themed lures push malware
- US-Cert warned of New Zealand Tragedy-themed campaigns
- AZORult rewritten in C++
- Fin7 threat group using a new SQLRat malware
- New Crowdstrike research highlights collaboration between BokBot and TrikBot Operators
- Spelevo EK: a new Exploit Kit identified using CVE-2018-15982
- The Document that Eluded AppLocker and AMSI
- Mirai Botnet Upgraded
- Dissecting a NETWIRE Phishing Campaign’s Usage of Process Hollowing
- BEC fraud goes mobile with SMS
- Enterprise Malware-as-a-Service: Lazarus Group and the Evolution of Ransomware
Breaches, Government, and Law Enforcement
- More than 100,000 GitHub repos exposed API tokens and cryptographic keys
- 277,000 Patients Impacted in Medical Device Vendor Breach
- Perpetrator of Google and Facebook BEC $100 million BEC scams pleads guitly
- More credential dumps up for sale from “Gnosticplayers” threat group
Interesting post , keep up the good work. Have a great day.