Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- CISA: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control
- CISA: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388
- RiskIQ: Skimming for Sale: Commodity Skimming and Magecart Trends in Q1 2022
- Securelist: Evaluation of cyber activities and the threat landscape in Ukraine
- Red Canary: Intelligence Insights: May 2022
- Expel: Expel Quarterly Threat Report: Cybersecurity data, trends, and recs from Q1 2022
- Curated Intelligence: Threat Group Naming Schemes In Cyber Threat Intelligence
- PRODAFT: Wizard Spider Group In-Depth Analysis
- Cornell University: [2205.07759] Software Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats
Threat Research
- Zscaler: Vidar distributed through backdoored Windows 11 downloads and abusing Telegram
- Nisos: Fronton: A Botnet for Creation, Command, and Control of Coordinated Inauthentic Behavior
- IBM: ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups
- Fortinet: Chaos Ransomware Variant Sides with Russia
- Securelist: Overview of phishing HTML attachments in e-mail
- Check Point: Twisted Panda: Chinese APT espionage operation against Russian’s state-owned defense institutes
- Cisco Talos: The BlackByte ransomware group is striking users all over the globe
- SANS ISC: Bumblebee Malware from TransferXL URLs
- HP: PDF Malware Is Not Yet Dead
- Blackberry: .NET Stubs: Sowing the Seeds of Discord
- Digital Shadows: Advanced persistent threat group feature: Mustang Panda
- Trustwave: Interactive Phishing: Using Chatbot-like Web Applications to Harvest Information
- SentinelOne: CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware
- JP-CERT: Analysis of HUI Loader
- PAN Unit42: Dridex Infection Chain Case Studies
- PAN Unit42: Emotet Summary: November 2021 Through January 2022
- Trend Micro: Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware
- Trend Micro: Uncovering a Kingminer Botnet Attack Using Trend Micro Managed XDR
- Microsoft: Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
- Microsoft: In hot pursuit of ‘cryware’: Defending hot wallets from attacks
- Jamf: UpdateAgent malware adapts again
- AdvIntel: Hydra with Three Heads: BlackByte & The Future of Ransomware Subsidiary Groups
- PC’s Xcetra Support: Pealing back the layers of a batch script ransomware
Tools and Tips
- CISA: Weak Security Controls and Practices Routinely Exploited for Initial Access
- Agari: Email Spoofing Explained: What It Is and How to Protect Against It
- Flashpoint: Insider Threats: Recruitment Tactics and TTPs You Should Prepare For
- Dragos: How to Build a Roadmap for ICS/OT Cybersecurity: 3 Steps to a Sustainable Program
- Dragos: Improving ICS/OT Security Perimeters with Network Segmentation
- Cisco Talos: Ransomware: How executives should prepare given the current threat landscape
- NVISIO: Detecting & Preventing Rogue Azure Subscriptions
- Atomic Matryoshka: Emotet DLL Part 2: Dynamic Analysis
- TrustedSec: Splunk SPL Queries for Detecting gMSA Attacks
- DFIR Science: Linux Forensics on Linux – Cyber5W CTF Walkthrough
- Tony Lambert: Analyzing a Pirrit adware installer
- OALABS: Emotet x64 Stack Strings Config Emulation
- Stack Overflow: Stack under attack: what we learned about handling DDoS attacks
- Isovalent: Tetragon – eBPF-based Security Observability & Runtime Enforcement
- Intezer: How to Write YARA Rules That Minimize False Positives
Breaches, Government, and Law Enforcement
- U.S. DOJ: Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act
- Mandiant: The IO Offensive: Information Operations Surrounding the Russian Invasion of Ukraine
- Cybereason: Cyber Defenders Council Report: Defend Forward – A Proactive Model for Cyber Deterrence
- Krebs: Senators Urge FTC to Probe ID.me Over Selfie Data
- BleepingComputer: Conti ransomware shuts down operation, rebrands into smaller units
- The Record: ‘Multi-tasking doctor’ was mastermind behind ‘Thanos’ ransomware builder, DOJ says
- Lawfare: President Biden’s Policy Changes for Offensive Cyber Operations
- Data Breach Today: Feds Warn Health Sector of Top Russia-Backed APT Groups
- Newsweek: US Needs New ‘Manhattan Project’ to Avoid Cyber Catastrophe | Opinion