Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Verizon 2020 Data Breach Investigations Report (DBIR)
- The 2020 verizon data breach investigations report: one ciso’s view
- IT threat evolution Q1 2020
- Ann Mitchell, Bletchley Park codebreaker who helped change course of World War II dies aged 97
- Counter Threat Unit Researchers Publish Threat Group Definitions
- SCAM ALERT: Sophistication, Law Enforcement, And Money – Beware
- Phishing in The Time of Pandemic
- The Nigerian Fraudsters Ripping Off the Unemployment System
Threat Research
- Ragnar Locker ransomware deploys virtual machine to dodge security
- Update on JavaScript Skimmer Enhancements
- No “Game over” for the Winnti Group
- TrickBot BazarLoader In-Depth
- Shining a light on “Silent Night” Zloader/Zbot
- Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers
- Sophisticated Espionage Group Turns Attention to Telecom Providers in South Asia
- The wolf is back…
- AgentTesla Delivered via a Malicious PowerPoint Add-In
- ZLoader Loads Again: New ZLoader Variant Returns
- Threat Spotlight: The Andromeda Botnet
- The Evolution of APT15’s Codebase 2020
- Cyber-Criminal espionage Operation insists on Italian Manufacturing
- Sarwent Malware Continues to Evolve With Updated Command Functions
- New Attack Combines TinyPOS With Living-off-the-Land Techniques for Scraping Credit Card Data
- Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia
- Eleethub: A Cryptocurrency Mining Botnet with Rootkit for Self-Hiding
- Looking Back at LiteDuke
Tools and Tips
- Employing FeatureUsage for Windows 10 Taskbar Forensics
- Engineering Process Injection Detections — Part 2: Data Modeling
- Offense and Defense – A Tale of Two Sides: (Windows) OS Credential Dumping
- Some Strings to Remember
- Securing SSH: What To Do and What Not To Do
- Unlocking BitLocker: Can You Break That Password?
- PSHero: Powershell scripts for DFIR and automation
- PlumHound: bloodhound for Blue and Purple Teams
- Hunting CurrentVersion Run Key and Startup events
- Dissecting a Detection: An Analysis of ATT&CK Evaluations Data (Sources) Part 1 of 2
- Introducing Shuffle — an Open Source SOAR platform part 1
- Update: oledump.py Version 0.0.50
Breaches, Government, and Law Enforcement
- Hacker arrested in Ukraine for selling billions of stolen credentials
- EasyJet: Nine million customers’ details ‘accessed’ by hackers
- Going dark: encryption and law enforcement
- Cyber-Attack Hits a Large Number of Websites in Israel
- Riding the State Unemployment Fraud ‘Wave’
- Alleged Hacker Behind Massive ‘Collection 1’ Data Dump Arrested
Vulnerabilities and Exploits
- A Vulnerability in Cisco Unified Contact Center Express Could Allow for Remote Code Execution
- Docker Desktop for Windows PrivEsc (CVE-2020-11492)
- Safe-Linking – Eliminating a 20 year-old malloc() exploit primitive
- US-CERT Bulletin (SB20-139) Vulnerability Summary for the Week of May 11, 2020
- QNAP Pre-Auth Root RCE Affecting ~312K Devices on the Internet