Summary
— Welcome to Security Soup’s continuing news coverage of highlights from the previous week. This list is not intended to be an exhaustive source, but simply a collection of items I found interesting throughout my weekly research. The summaries are provided with links for the reader to drill down into particular topics according to their own interests. Thank you to all of the contributors for this great content!
Industry News and Reports
- FireEye Integrates Malware Protection Engine in VirusTotal
- Red Canary: 2019 Threat Detection Report
- 2019 Sonicwall Cyber Threat Report (email registration required)
- UK: Huawei cyber security evaluation centre oversight board: annual report 2019
- Healthcare Phishing Statistics: 2019 HIMSS Survey Results
- Threat Landscape for Industrial Automation Systems in H2 2018
- The Cyber Threat Landscape: Confronting Challenges to the Financial System
- “Operation ShadowHammer” ASUS compromised in Supply-Chain Attack
- https://securelist.com/operation-shadowhammer/89992/
- https://www.symantec.com/blogs/threat-intelligence/asus-supply-chain-attack
- https://skylightcyber.com/2019/03/28/unleash-the-hash-shadowhammer-mac-list/
- https://www.cyberfox.blog/dissecting-shadowhammer/
- https://www.vkremez.com/2019/03/lets-learn-dissecting-operation.html
Tools and Tips
- Karta – Matching Open Sources in Binaries
- Running your Own Passive DNS Service
- Commando VM: Windows Offensive Distribution
- Free Tools: Potential APT Detection
- Beagle: A DFIR tool which transforms data sources and logs into graphs
- Incident Forensics Lifecycle
- Ghidra updated to v9.0.1 with several fixes
- Excel4-DCOM: PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros
- Perfect is the Enemy: Learning to embrace “good enough”
- A theoretical coverage of MITRE ATT&CK by Sysmon
- The Struggle between Self-Promotion and Humility
- mkYARA – Writing YARA rules for the lazy analyst
- Developing a Security Use Case with Sigma and Atomic Red Team
- Lurking threat actors and targets with VT
- The Journey to Try Harder: TJNull’s Preparation Guide for PWK/OSCP
- pestudio updated to v8.91
- Blue ATT&CK: Mapping your blue team to ATT&CK
Threat Research – Malware and Phishing in the Wild
- LockerGoga ransomware – how it works and other coverage
- The odd case of a Gh0stRAT variant
- Anubis II – malware and afterlife
- Interception: Dissecting BokBot’s “Man in the Browser”
- Plugin vulnerabilities exploited in traffic monetization schemes
- Elfin (APT33) — Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
- Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole
- Emotet Update: New C2 Communication Followed by New Infection Chain
- Apple Phishing Bait Has a Lot of Hooks
- Emotet-Distributed Ransomware Loader for Nozelesn ransomware
- The return of the Byte Order Mark (BOM)
- 2019 NCAA Madness – Phishing and Streaming Scams
- Decrypting the Qrypter Payload
- Trickbot: Technical Analysis of a Banking Trojan Malware
- Kaspersky Lab: Bots and botnets in 2018
Breaches, Government, and Law Enforcement
- U.S. Government agency FEMA leaks data of 2.3 million people
- Global coordinated law enforcement operation arrests dozens in dark web sting
- Insurer refuses payout to DLA Piper over NotPetya cyberattack
- Office Depot Pays $25 Million To Settle Deceptive Tech Support Lawsuit
Vulnerabilities and Exploits
- CVE-2019-0192: Mitigating Unsecure Deserialization in Apache Solr
- Abuse of hidden “well-known” directory in HTTPS sites
- VMware ESXi, Workstation and Fusion updates address multiple security issues