Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- IBM: Lessons Learned by 2022 CybeTrends of Reported Phishing Sites and Compromised Domains in 2021 – JPCERT/CC Eyesrattacks: X-Force Threat Intelligence Report
- Flashpoint: The Evolution of Ransomware: Understanding Its Past, Present, and Future
- Securelist: IT threat evolution in Q1 2022. Mobile statistics
- PhishLabs: Vishing Attacks Are at an All-Time High, Report Finds
- NCC Group: NCC Group Monthly Threat Pulse – April 2022
- Verizon: 2022 Data Breach Investigations Report
- Shinigami: Mental Health and Burnout in CTI
Threat Research
- CrowdStrike: How to Hunt for DecisiveArchitect and Its JustForFun Implant
- IBM: Black Basta Besting Your Network?
- Fortinet: Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT / BitRAT / PandoraHVNC – Part II
- Red Canary: ChromeLoader: a pushy malvertiser
- Blackberry: Yashma Ransomware, Tracing the Chaos Family Tree
- Trustwave: Grandoreiro Banking Malware Resurfaces for Tax Season
- SentinelOne: Use of Obfuscated Beacons in ‘pymafka’ Supply Chain Attack Signals a New Trend in macOS Attack TTPs
- JP-CERT: Trends of Reported Phishing Sites and Compromised Domains in 2021
- VMware: Emotet Config Redux
- Trend Micro: New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
- Walmart: SocGholish Campaigns and Initial Access Kit
- Team Cymru: Bablosoft; Lowering the Barrier of Entry for Malicious Actors
- XJunior: Deep Analysis of Mars Stealer
Tools and Tips
- SpecterOps: Automating Azure Abuse Research — Part 1
- Recorded Future: 5 Ways to Take Your Vulnerability Management Program to the Next Level
- Dragos: Managing External Connections to Your Operational Technology (OT) Environment
- SANS ISC: Using NMAP to Assess Hosts in Load Balanced Clusters
- Intezer: How to Analyze Phishing Email Files
- Intezer: SOC Level Up: Threat Hunting and Detection With Sigma
- Mandiant: Introducing the Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies Framework
- Open Source DFIR: Investigating a GKE Container
- NVISO Labs: Detecting BCD Changes To Inhibit System Recovery
- SANS: How to Use Phishing Benchmarks Effectively to Assess Your Program – Part 3
- Microsoft: Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)
- TrustedSec: Intro to Web App Security Testing: Burp Suite Tips & Tricks
- OALABS: Triage Amadey Loader
- Hexacorn: Not installing the installers
- Poncho: FlareVM Tips and Tricks
- Aaron Stephens: Talk – Aaron Stephens: Python for Threat Intelligence
Breaches, Government, and Law Enforcement
- Malwarebytes: Twitter fined $150M after using 2FA phone numbers for marketing
- INTERPOL: Online scamming fraud: three Nigerians arrested in INTERPOL Operation Killer Bee
- The Record: FBI warns US colleges of widespread VPN credential leaks on Russian cybercrime forums
- US DOJ: IT Specialist Charged in Cyber Intrusion of Suburban Chicago Health Care Company
- The Spectator: How our pro-Brexit group was hacked by Russia
Vulnerabilities and Exploits
- CISA: Vulnerability Summary for the Week of May 23, 2022
- Recorded Future: Vulnerability Spotlight: Dirty Pipe
- Horizon3: VMware Authentication Bypass Vulnerability (CVE-2022-22972) Technical Deep Dive
- SANS ISC: New Microsoft Office Attack Vector via “ms-msdt” Protocol Scheme
- BleepingComputer: New Microsoft Office zero-day used in attacks to execute PowerShell
- Huntress: Rapid Response: Microsoft Office RCE – “Follina” MSDT Attack
- Data Breach Today: Microsoft Office: Attackers Injecting Code via Zero-Day Bug
- SySS: Abusing the MS Office protocol scheme
- Kevin Beaumont: Follina — a Microsoft Office code execution vulnerability