Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Black Hat and DEF CON security conferences to take place in a virtual format
- Zoom Acquires Keybase and Announces Goal of Developing the Most Broadly Used Enterprise End-to-End Encryption Offering
- DDoS attacks in Q1 2020
- Cybercriminals Target U.S. Citizens for COVID-19 Stimulus Fraud
- US-CERT Alert (AA20-126A): APT Groups Target Healthcare and Essential Services
- ATT&CK Evaluations Expands to Industrial Control Systems
- Operational Thoughts in Trying Times
- Wrong Turn or Right Lane? Defending Forward Against Cybercriminals Abroad
Threat Research
- Naikon APT: Cyber Espionage Reloaded
- Resurgence of the QakBot Stealer from Newly Registered Domains
- New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app
- Targeted Ransomware Attack Hits Taiwanese Organizations
- Nazar: Spirits of the Past
- Kaiji: New Chinese Linux malware turning to Golang
- Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents
- ZLoader 4.0 Macrosheets Evolution
- ClodCore: A malware family that delivers mining modules through cloud control
- Meet NEMTY Successor, Nefilim/Nephilim Ransomware
- Excel 4.0 macro Trojan Downloader – Malware Analysis
- SilverTerrier: New COVID-19 Themed Business Email Compromise Schemes
Tools and Tips
- Detection in Depth
- Bugs on the Windshield: Fuzzing the Windows Kernel
- Sysmon and File Deletion
- Detecting COR_PROFILER manipulation for persistence
- Blue Team: A Defensive Perspective on CVE-2019-19781
- Integrating COVID (or Any) Threat Indicators with MISP and Splunk Enterprise Security
- Security Onion 16.04.6.6 ISO image now available featuring Zeek 3.0.5, Suricata 4.1.8, Elastic 6.8.8, CyberChef 9.20.3, and more!
- Privilege Escalation in Google Cloud Platform – Part 1 (IAM)
- Malwoverview is a first response tool to perform an initial and quick triage in a directory containing malware samples
- Nexphisher – Advanced Phishing Tool For Linux & Termux
- The Hive in Docker
- Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory
- Project TJ-JPT: pentesting template used in PWK and for assessments
Breaches, Government, and Law Enforcement
- Cognizant expects to lose between $50m and $70m following ransomware attack
- Report: Microsoft’s GitHub Account Gets Hacked
- Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware
- Hacker Group Selling Databases with Millions of User Credentials Busted in Poland and Switzerland
- Rail vehicle manufacturer Stadler hit by cyberattack, blackmailed
- Russian hackers accessed emails from Merkel’s constituency office: Der Spiegel
- IFalconZero v1.0 – a stealthy, targeted Windows Loader for delivering second-stage payloads
Vulnerabilities and Exploits
- Multiple Vulnerabilities in Cisco Adaptive Security Appliance and Firepower Threat Defense Could Allow for Directory Traversal Attacks
- Samsung Android multiple interactionless RCEs and other remote access issues
- FortiGuard Labs Discovers Multiple Critical Vulnerabilities in Adobe Illustrator CC 2020
- VMWare vRealize Critical vulnerabilities due to SaltStack – VMSA-2020-0009
- US-CERT Bulletin (SB20-125): Vulnerability Summary for the Week of April 27, 2020
- Attacking SCADA: Vulnerabilities in Schneider Electric SoMachine and M221 PLC (CVE-2017-6034 and CVE-2020-7489)