Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- SANS: A Visual Summary of SANS ICS Security Summit
- FBI/CISA Joint Advisory (PDF): Compromise of Microsoft Exchange Server
- Group-ib: Inside Classiscam
- Threatpost: TrickBot Takes Over, After Cops Kneecap Emotet
- Unit42: Microsoft Exchange Server Attack Timeline: Discoveries and Mitigations
- Rapid7: Introducing Rapid7’s 2020 Vulnerability Intelligence Report
- The Record: Attacks on Exchange servers expand from nation-states to cryptominers
- Bleeping Computer: Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits
- Journal of Strategic Studies: Full article: Publicly attributing cyber attacks: a framework
Threat Research
- IBM: Dridex Campaign Propelled by Cutwail Botnet and Poisonous PowerShell Scripts
- Fortinet: Whitelist Me, Maybe? “Netbounce” Threat Actor Tries A Bold Approach To Evade Detection
- Kaspersky: Good old malware for the new Apple Silicon platform
- Proofpoint: NimzaLoader: TA800’s New Initial Access Malware
- Intezer: Linux Backdoor RedXOR Likely Operated by Chinese Nation-State
- CISA: Multiple Malware Analysis Reports – Chin Chopper
- Secureworks: SUPERNOVA Web Shell Deployment Linked to SPIRAL Threat Group
- Binary Defense: IcedID GZIPLOADER Analysis
- Morphisec: MineBridge Is on the Rise, With a Sophisticated Delivery Mechanism
- Bitdefender: Fin8 Group is Back in Business with Improved BADHATCH Kit
- CyberArk: Kinsing: The Malware with Two Faces
- Unit42: Threat Assessment: DearCry Ransomware
- The DFIR Report: Bazar Drops the Anchor
Tools and Tips
- CIS: International Women’s Day: Career Advice from Women in Tech
- Recorded Future: Introduction to Sigma Rules and Detection of Credential Harvesting
- Check Point: Playing in the (Windows) Sandbox
- Talos: Comprehensive Threat Intelligence: Domain dumpster diving
- SANS ISC: SharpRDP – PSExec without PSExec, PSRemoting without PowerShell
- Digital Shadows: Mapping MITRE ATT&CK to the Microsoft Exchange Zero-Day Exploits
- Talos: Hafnium Update: Continued Microsoft Exchange Server Exploitation
- Red Canary: Microsoft Exchange exploitation: how to detect, mitigate, and stay calm
- Sentinel Labs: Top 15 Essential Malware Analysis Tools
- Blue Team Blog: Microsoft Exchange Zero Day’s – Mitigations and Detections.
- Eric Capuano: HAFNIUM IIS Log Search Patterns
- Andreas Sfakianakis: Top 25 CTI Presos for 2020 (pandemic version)
- Abuse.ch: Introducing ThreatFox
- Cedric Owens: My Journey In Security
- Selena Larson: How I Moved from Journalism to Cyber Threat Intelligence
- MalwareAnalysis.co: the central hub for Malware Analysis Tools
- Thomas Roccia: [Reverse Engineering Tips] — Name Mangling
- Splunk: Detecting Microsoft Exchange Vulnerabilities – 0 + 8 Days Later…
- DFIR Madness: TRIAGE DISK ANALYSIS CASE 001
Breaches, Government, and Law Enforcement
- ZDNet: Everything you need to know about the Microsoft Exchange Server hack
- Recorded Future: Understanding Accellion’s FTA Appliance Compromise, DEWMODE, and Its Supply Chain Impact
- Krebs: A Basic Timeline of the Exchange Mass-Hack
- Threatpost: Molson Coors Cracks Open a Cyberattack Investigation
- Lawfare: How Should the U.S. Respond to the SolarWinds and Microsoft Exchange Hacks?
Vulnerabilities and Exploits
- F5: BIG-IP and BIG-IQ Vulnerabilities
- F5: K02566623: Overview of F5 critical vulnerabilities (March 2021)
- Bleeping Computer: F5 urges customers to patch critical BIG-IP pre-auth RCE bug Image
- CrowdStrike: March 2021 Patch Tuesday: Updates and Analysis
- IBM: Top 10 Cybersecurity Vulnerabilities of 2020
- CISA: Vulnerability Summary for the Week of March 1, 2021
- Microsoft: Investigating the Print Spooler EoP exploitation
- GitHub: Git clone vulnerability announced
- Praetorian: Reproducing the Microsoft Exchange Proxylogon Exploit Chain
- SANS ISC: Microsoft March 2021 Patch Tuesday
1 comment / Add your comment below