Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- VMware to acquire Kubernetes security platform Octarine
- The state of ransomware 2020
- What the Data Is Telling Us About the Current Rise in Security Threats During the COVID-19 Pandemic
- How The Carding Landscape Has Evolved: From Key Collections to Pandemic Implications
- Sodinokibi drops greatest hits collection, and crime is the secret ingredient
- Ready-made COVID-19 Themed Phishing Templates Copy Government Websites Worldwide
- HP-Bromium Threat Insights Report, May 2020
- 2019 Application Protection Report
- The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey
- How Facebook Could Use Giphy to Collect Your Data
Threat Research
- Zeus Sphinx Back in Business: Some Core Modifications Arise
- Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks
- COMpfun authors spoof visa application with HTTP status-based Trojan
- Threat Spotlight: Astaroth — Maze of obfuscation and evasion reveals dark stealer
- Analyzing Dark Crystal RAT, a C# backdoor
- Vendetta-new threat actor from Europe
- ATT&CKing ProLock Ransomware
- Deep Dive Into TrickBot Executor Module “mexec”: Reversing the Dropper Variant
- InfoStealers Weaponizing COVID-19
Tools and Tips
- Building a FreeIPA Lab
- X-Force IRIS Overcomes Broken Decryption Mechanism in Jest Ransomware
- Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments
- Oh No! My Data Science Is Getting Rust-y
- Excel 4 Macro Analysis: XLMMacroDeobfuscator
- A practical approach to threat modeling
- Using Real-Time Events in Investigations
- Making MITRE ATT&CK Actionable
- COVID-19 Free Autopsy Training
- Script to perform some hardening of Windows OS
- Evading Detection with Excel 4.0 Macros and the BIFF8 XLS Format
- RATicate: an attacker’s waves of information-stealing malware
- Open-sourcing new COVID-19 threat intelligence
Breaches, Government, and Law Enforcement
- State and local cyber aid could find home in defense bill, congressman says
- FBI-CISA PSA PRC TARGETING OF COVID-19 RESEARCH ORGANIZATIONS
- Texas courts slammed by ransomware attack
- Package delivery giant Pitney Bowes confirms second ransomware attack in 7 months
- U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs
- Ransomware Hit ATM Giant Diebold Nixdorf
- Magellan Health warns ransomware attack exposed PII
Vulnerabilities and Exploits
- Multiple Vulnerabilities in Palo Alto PAN-OS Could Allow for Session Fixation Attacks
- How CVSS works: characterizing and scoring vulnerabilities
- May Patch Tuesday: More Fixes for SharePoint, TLS, Runtime, and Graphic Components Released
- Reverse RDP – The Path Not Taken
- Microsoft Patch Tuesday — May 2020: Vulnerability disclosures and Snort coverage
- Microsoft May 2020 Patch Tuesday
- PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth (CVE-2020-1048 & more)
- CVE-2020-1015 Analysis