Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Red Canary: Unwrapping the 2022 Threat Detection Report
- FBI (pdf download): 2021 INTERNET CRIME REPORT
- Recorded Future: 2021 Third-Party Intelligence Threat Landscape
- Fortinet: Bad Actors Trying to Capitalize on Current Events via Shameless Email Scams
- CISA: Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector
- PAN Unit 42: Threat Brief: Lapsus$ Group
Threat Research
- Proofpoint: Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain
- Zscaler: Conti Ransomware Attacks Persist With an Updated Version Despite Leaks
- Zscaler: Domain Fronting, Abuse and Hiding
- Recorded Future: IsaacWiper Continues Trend of Wiper Attacks Against Ukraine
- ESET: Mustang Panda’s Hodur: Old tricks, new Korplug variant
- Fortinet: MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part II
- Cisco Talos: Threat Advisory: DoubleZero
- SANS ISC: Arkei Variants: From Vidar to Mars Stealer
- Blackberry: Threat Thursday: SunSeed Malware Targets Ukraine Refugee Aid Efforts
- Secureworks: GOLD ULRICK leaks reveal organizational structure and relationships
- Trustwave: Vidar Malware Launcher Concealed in Help File
- Mandiant: Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations
- SentinelOne: Chinese Threat Actor Scarab Targeting Ukraine
- Juniper Networks: Muhstik Gang targets Redis Servers
- Google: Countering threats from North Korea
- ASEC: Distribution of ClipBanker Disguised as Malware Creation Tool
- Morphisec: New JSSLoader Trojan Delivered Through XLL Files
- VMware: SysJoker – An Analysis of a Multi-OS RAT
- The DFIR Report: APT35 Automates Initial Access Using ProxyShell
- BushidoToken: One Way Or Another: Initial Access Vectors
- Trend Micro: Purple Fox Uses New Arrival Vector and Improves Malware Arsenal
- Microsoft: DEV-0537 criminal actor targeting organizations for data exfiltration and destruction
- Volexity: Storm Cloud on the Horizon: GIMMICK Malware Strikes at macOS
- Chuong Dong: LockBit Ransomware v2.0
- Team Cymru: Raccoon Stealer – An Insight into Victim “Gates”
- Avast: Operation Dragon Castling: APT group targeting betting companies
- JFrog: Large-scale npm attack targets Azure developers with malicious packages
- NCCGroup: Mining data from Cobalt Strike beacons
Tools and Tips
- CIS: New Guidance for Securing Cloud Environments
- Kaspersky: What are phishing kits (phWhat to look for when reviewing a company’s infrastructure – Marco Lanciniishkits)?
- SANS ISC: XLSB Files: Because Binary is Stealthier Than XML
- PhishLabs: Understanding the What, How, and Why of DMARC
- Secureworks: Penetration Testing with Azure Cloud Shell
- Trustwave: Dissecting a Phishing Campaign with a Captcha-based URL
- SentinelOne: The Art and Science of macOS Malware Hunting with radare2 | Leveraging Xrefs, YARA and Zignatures
- NVISO Labs: Cobalt Strike: Overview – Part 7
- SANS: Cyber Kill Chain, MITRE ATT&CK, and Purple Team
- Sucuri: The Mystery Admin User
- Sucuri: What are the Best Security Testing Tools (Open Source)?
- TrustedSec: TrustedSec Okta Breach Recommendations
- ForensicITGuy: Formbook Distributed Via VBScript, PowerShell, and C# Code
- OALABS: Analysis of Pandora ransomware including some fun unpacking
- MalwareMayCry: My Malware Analysis Journey and eCMAP
- Hats Off Security: Improving Technical Interviews
- DarkOperator (video): Sysmon for Linux PowerShell Module – SysmonLinux.Util
- Varonis: How to Use Ghidra to Reverse Engineer Malware
- The Hacker News: How to Build a Custom Malware Analysis Sandbox
- Marco Lancini: What to look for when reviewing a company’s infrastructure
Breaches, Government, and Law Enforcement
- ZDNet: UK police arrest seven individuals suspected of being hacking group members
- Flashpoint: All About LAPSUS$: What We Know About the Extortionist Group
- Recorded Future: Russian State-Sponsored Amplification of Bio Lab Disinformation Amid War in Ukraine
- SANS ISC: Statement by President Biden: What you need to do (or not do)
- Krebs: Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison
- Krebs: A Closer Look at the LAPSUS$ Data Extortion Group
- Intel471: Conti puts the ‘organized’ in organized crime
- The Record: Ending DoJ’s China Initiative was ‘misguided and dangerous,’ 8 senators say
- Lawfare: The 2022 Cyber Incident Reporting Law: Key Issues to Watch
- The White House: Statement by President Biden on our Nation’s Cybersecurity
- Data Breach Today: UK Police Arrest 7 Allegedly Tied to Lapsus$ Hacking Group
- US DOJ: Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide
- GOV.UK: UK exposes Russian spy agency behind cyber incidents
Vulnerabilities and Exploits
- CISA: Vulnerability Summary for the Week of March 14, 2022
- CISA: CISA Adds 66 Known Exploited Vulnerabilities to Catalog
- Digital Shadows: Vulnerability Intelligence Round-up: Russia-Ukraine War
- Connor McGarr: Exploit Development: Browser Exploitation on Windows – CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 1)
- Daniel Stenberg: Anatomy of a ghost CVE