Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Top 10 Malware February 2020
- How Criminals Profit from the COVID-19 Pandemic
- The Logic Behind Russian Military Cyber Operations (registration required)
- Remote Threats to Remote Employees: How Working From Home Increases the Attack Surface
- Situational Awareness: Cyber Threats Heightened by COVID-19 and How to Protect Against Them
- Threat Snapshot: Coronavirus-related Lures Comprise More Than 80 Percent of the Threat Landscape
- MONTHLY THREAT ACTOR GROUP INTELLIGENCE REPORT, JANUARY 2020
- Identifying vulnerabilities and protecting you from phishing
Threat Research
- Assemble the Cookies
- TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany
- iOS exploit chain deploys LightSpy feature-rich malware
- WildPressure targets industrial-related entities in the Middle East
- Breaking through Windows’ defenses: Analyzing mLNK Builder
- Recent Dridex activity
- Ransomware Maze
- Evasion Techniques Dissected: A Mirai Case Study
- This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
- Unpacking the Kwampirs RAT
- New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong
- Latest Astaroth living-off-the-land attacks are even more invisible but not less observable
- Trickbot to Ryuk in Two Hours
Tools and Tips
- MS-ISAC Ryuk Ransomware Primer Educates States
- Considerations for Updating Near-Term Intelligence Requirements in Response to COVID-19
- Dragos Threat Intelligence – OSINT Primer at RSA Conference
- Covid19 Domain Classifier
- 7 habits of highly effective (remote) SOCs
- Exposing Ryuk Variants Using YARA
- CoolAcid’s MISP Docker images
Breaches, Government, and Law Enforcement
- Criminals hack Tupperware website with credit card skimmer
- Hacker selling data of 538 million Weibo users
- Russians Shut Down Huge Card Fraud Ring
- FBI: Hackers Sending Malicious USB Drives & Teddy Bears via USPS
Vulnerabilities and Exploits
- Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
- VMware patches privilege escalation vulnerability in Fusion, Horizon
- Fortinet Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop
- US-CERT Bulletin (SB20-083): Vulnerability Summary for the Week of March 16, 2020
- Analysis Of Exploitation: CVE-2020-10189
- CVE-2020-0729: REMOTE CODE EXECUTION THROUGH .LNK FILES
- Two zero days are Targeting DrayTek Broadband CPE Devices