Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Cybersecurity Quarterly – Spring 2020
- Security and Privacy Implications of Zoom
- Zoom privacy and security issues: Here’s everything that’s wrong (so far)
- Defense Evasion Dominant in Top MITRE ATT&CK Tactics of 2019
- COVID-19 Outbreak Prompts Opportunistic Wave of Malicious Email Campaigns
- Trickbot: A primer
- Coronavirus/COVID-19 Payment Lures on the Rise
- Life Has No Ctrl+Alt+Del – The New DFIR Online Meetup
- Pluralsight Free for Month of April
- Threat Intel Update | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic
- Emotet Leads to Full Operational Shutdown
Threat Research
- Multi-Step Phishing Kit Targeting Credit Union
- Targeted Attack on Indian Financial Institution Delivers Crimson RAT
- Breaking the Ice: A Deep Dive Into the IcedID Banking Trojan’s New Major Version Release
- New Agent Tesla Variant Spreading by Phishing
- Loncom packer: from backdoors to Cobalt Strike
- Raccoon Stealer’s Abuse of Google Cloud Services and Multiple Delivery Techniques
- AZORult brings friends to the party
- Nemty Ransomware – Learning by Doing
- Guloader: The RAT Downloader
- The Dukes of Moscow
- An old enemy – Diving into QBot part 1
- REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation
- It’s Your Money and They Want It Now — The Cycle of Adversary Pursuit
- Nanocore & CypherIT
Tools and Tips
- The ATT&CK Rainbow of Tactics
- Offense and Defense – A Tale of Two Sides: Bypass UAC
- A Matter of Trust: Remote Access for ICS
- Fantastic payloads and where we find them
- FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG
- Analyzing Malicious Emails and Attachments Using safe-mail
- Opnsense and SSL decryption using sslsplit
- Creating & Tracking Threat Hunting Metrics
- Chrome Extension Analysis
- mimikatz Is My New EICAR
- ATT&CK with Sub-Techniques — What You Need to Know
- How to Deploy Your Own Algo VPN Server in the DigitalOcean Cloud
- Parsing unknown protobufs with python
- Master Boot Record – Decoding BPB
- Attack matrix for Kubernetes
Breaches, Government, and Law Enforcement
- Marriott International: Incident Notification
- MakeFrame: Magecart Group 7’s Latest Skimmer Has Claimed 19 Victim Sites
- 42 million Iranian “Telegram” user IDs and phone numbers leaked online: report
- Federal Government Warns of Potential Fraud Scams Surrounding COVID-19 Economic Impact Payments (PDF)
Vulnerabilities and Exploits
- Firefox gets fixes for two zero-days exploited in the wild
- Twitter Data Cache on Mozilla Firefox
- ‘War Dialing’ Tool Exposes Zoom’s Password Problems
- US-CERT Bulletin (SB20-090): Vulnerability Summary for the Week of March 23, 2020
- Windows Debugging & Exploiting Part 5: SMBGhost CVE-2020-0796 Technical Review
- The ‘S’ in Zoom, Stands for Security – uncovering (local) security flaws in Zoom’s latest macOS client
- Attacks Exploiting Vulnerabilities in Pulse Connect Secure