Summary
— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source, but simply a collection of items I found interesting throughout my weekly research. The summaries are provided with links for the reader to drill down into particular topics according to their own interests. Thank you to all of the contributors for this great content!
Industry Reports and Miscellany
- Rapid7 Quarterly Threat Report: 2019 Q1
- FireEye acquires Verodin for $250 million
- Palo Alto Networks to acquire Twistlock, PureSec
- Recorded Future acquired for $780 million by venture firm
- Proofpoint Q1 2019 Threat Report: Emotet carries the quarter with consistent high-volume campaigns
- Web-based Threats-2018 Q4: France Rises to #1 for Malicious URL Hosting, US #1 for Phishing
- Year-End Review: Business Email Compromise in 2018
- Top exploit kit activity roundup – Spring 2019
- Mimecast: The State of Email Security Report 2019
- Cyberint: Legit remote admin tools turn into threat actors’ tools
- Back Into The Web of Profit: Going Undercover in the Dark Net, Uncovering Threats to the Enterprise
- Chinese APTs Rising: Key Takeaways from the Intezer Analyze Community in May
- 10 years of virtual dynamite: A high-level retrospective of ATM malware
- Recent Ransomware Attacks Against Governments and Critical Infrastructure
- ITProPortal: CrowdStrike Discusses Life Beyond Malware
- Information Security Mental Models
- A lesson in journalism vs. cybersecurity | Baltimore is not EternalBlue
- Improving Infosec (or any Community/Industry) in One Simple but Mindful Step
Tools and Tips
- A Straw-by-Straw Analysis: The Zero-Trust Approach for your Alert Haystack
- Behavioural Malware Analysis with Microsoft ASA
- Learning to Rank Strings Output for Speedier Malware Analysis
- Analyzing First Stage Shellcode
- Demystifying Password Hash Sync
- Hidden Helpers: Security-Focused HTTP Headers
- Security baseline (FINAL) for Windows 10 v1903 and Windows Server v1903
- Persistence: “the continued or prolonged existence of something”: Part 2 – COM Hijacking
- New Version of ATT&CK View
- Yara rules for weaponized Office maldoc files
- New Features in Sigma2SplunkAlert
- A Debugging Primer with CVE-2019–0708
- Forensic Artifact Database
- testmynids.org: A website and framework for testing NIDS detection
- Threat Hunting with Jupyter Notebooks— Part 1: Your First Notebook
- RESim – Reverse engineering using a full system simulator. Based on IDAPython, gdb, Simics.
- The Art of Command Line
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- Assessing risk in Office documents – Part 3: Exploited “weaponized” RTFs
- Overview of Proton Bot, another loader in the wild!
- Network of Social Media Accounts Impersonates U.S. Political Candidates, Leverages U.S. and Israeli Media in Support of Iranian Interests
- Medical industry struggles with PACS data leaks
- Emissary Panda Attacks Middle East Government Sharepoint Servers
- HawkEye Malware Operators Renew Attacks on Business Users
- Return to the City of Cron – Malware Infections on Joomla and WordPress
- How to build a home IT security lab: Episode 1
- The Emotet-ion Game (Part 3)
- ETERNALBLUE | THE NSA-DEVELOPED EXPLOIT THAT JUST WON’T DIE
- Directed attacks against MySQL servers deliver ransomware
- Detecting and Analyzing Microsoft Office Online Video
- TA505 is Expanding its Operations
- PHP Backdoor Evaluates XOR Encrypted Requests
- The Nanshou Campaign – Hackers Arsenal Grows Stronger
- A dive into Turla PowerShell usage
- New Rocke Variant Ready to Box Any Mining Challengers
- HiddenWasp Malware Stings Targeted Linux Systems
- Infected Cryptocurrency-Mining Containers Target Docker Hosts With Exposed APIs, Use Shodan to Find Additional Victims
- Framing the Problem: Cyber Threats and Elections
- How Hackers Use Social Media to Profile Targets
- Hidden Bee: Let’s go down the rabbit hole
- Unraveling the Spiderweb: Timelining ATT&CK Artifacts Used by GRIM SPIDER
- New Phishing Attacks Use PDF Docs to Slither Past the Gateway
- LokiBot via abusing the ngrok proxy service
- Sodinokibi Ransomware Poised to Impact Larger Enterprises
Vulnerabilities and Exploits
- Malicious JavaScript injected into WordPress sites using the latest plugin vulnerability
- Analysis of CVE-2019-0708 (BlueKeep)
- Patch or Pass? CVE-2017-11882 Is a Security Conundrum
- Using Firepower to defend against encrypted RDP attacks like BlueKeep
- CVE-2019-0708: A COMPREHENSIVE ANALYSIS OF A REMOTE DESKTOP SERVICES VULNERABILITY
- Remote code execution vulnerability in most recent versions of the nginx web server
Breaches, Government, and Law Enforcement
- Attackers hacked Flipboard databases and compromised users’ account details
- POS Malware Found at 102 Checkers Restaurant Locations
- Over 185,000 Payment Card Details Stolen by MageCart
- Digital Shadows Reveals a 50% Increase in Exposed Data in One Year
- First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records
- Snapchat Privacy Blunder Piques Concerns About Insider Threats
- Chinese military to replace Windows OS amid fears of U.S. hacking
- Russia’s Would-Be Windows Replacement Gets a Security Upgrade
- Cyber Command’s latest VirusTotal upload has been linked to an active attack
- Baltimore estimates cost of ransomware attack at $18.2 million as government begins to restore email accounts