Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- RiskIQ: RiskIQ Threat Intelligence Roundup: Phishing, Botnets, and Hijacked Infrastructure
- IBM: X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021
- Malwarebytes: Ransomware: April 2022 review
- Dragos: Dragos ICS/OT Ransomware Analysis: Q1 2022
- Digital Shadows: ALPHV: The First Rust-Based Ransomware
- Data Breach Today: Apple, Google, Microsoft Unite to Make Passwordless Easier
- Google: Update on cyber activity in Eastern Europe
- Coveware: Ransomware Threat Actors Pivot from Big Game to Big Shame Hunting
Threat Research
- CrowdStrike: Compromised Docker Honeypots Used For Pro-Ukrainian DoS Attack
- Netskope: Emotet: New Delivery Mechanism to Bypass VBA Protection
- NCC Group: North Korea’s Lazarus: their initial access trade-craft using social media and social engineering
- Zscaler: Analyzing BlackByte Ransomware’s Go-Based Variants
- Recorded Future: SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse
- Red Canary: Raspberry Robin gets the worm early
- Mandiant: Old Services, New Tricks: Cloud Metadata Abuse by UNC2903
- Mandiant: UNC3524: Eye Spy on Your Email
- Kaspersky: A new secret stash for “fileless” malware
- Malwarebytes: Nigerian Tesla: 419 scammer gone malware distributor unmasked
- Cisco Talos: Mustang Panda deploys a new wave of malware targeting Europe
- Cisco Talos: Conti and Hive ransomware operations: What we learned from these groups’ victim chats
- Cybereason: Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive
- Blackberry: Threat Thursday: ZingoStealer – The Cost of “Free”
- SentinelOne: Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad
- Trend Micro: AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
- SteveD3: Fake AV phishing spikes in Q1 2022
- Security Onion: Quick Malware Analysis: Trickbot pcap from 2020-05-28
Tools and Tips
- SpecterOps: Learning Machine Learning Part 3: Attacking Black Box Models
- CIS: Establishing Essential Cyber Hygiene
- Fortinet: Unpacking Python Executables on Windows and Linux
- SANS ISC: Finding the Real “Last Patched” Day (Interim Version)
- HP: Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware
- VMWare: Infographic – Exposing Malware in Linux-Based Multi-Cloud Environments
- PAN Unit42: Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding
- SANS: Vulnerability Management Resources
- Sucuri: Manually Identifying an X-Cart Credit Card Skimmer
- TrustedSec: ELFLoader: Another In Memory Loader Post
- TrustedSec: g_CiOptions in a Virtualized World
- Ch33r10: International Cybersecurity Incidents for In-House CTI Analysts
- OALABS: Syscall Reversing: Helper scripts for statically reversing malware with syscalls
- Jeffrey Appel: Detect and block Credential Dumps with Defender for Endpoint & Attack Surface Reduction
- Exploit Reversing: Malware Analysis Series (MAS) – Article 3
- Sophos: Attacking Emotet’s Control Flow Flattening
Breaches, Government, and Law Enforcement
- U.S. DOT: US Treasury Issues First-Ever Sanctions on a Virtual Currency Mixer, Targets DPRK Cyber Threats
- The White House: Executive Order on Enhancing the National Quantum Initiative Advisory Committee
- U.S. DOS: Reward Offers for Information to Bring Conti Ransomware Variant Co-Conspirators to Justice
- Krebs: Russia to Rent Tech-Savvy Prisoners to Corporate IT?
- Digital Shadows: Colonial Pipeline One Year Later: What’s Changed?
- Intel471: Cybercrime loves company: Conti cooperated with other ransomware gangs
- The Record: Nakasone has been asked to remain at helm of NSA, Cyber Command
- Lawfare: What Does the 2022 NDS Fact Sheet Imply for the Forthcoming Cyber Strategy?
- Data Breach Today: Illuminate Education Mega-Breach Affects K-12 Students