Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Kids on the Web in 2020
- Coronavirus campaigns lead to surge in malware threats, Labs report finds
- Hurricane-Related Scams
- Insights and Observations: U.K. Threat Intelligence Spotlight
- Lastline to be Acquired by VMware
Threat Research
- Threat Spotlight: Tycoon Ransomware Targets Education and Software Sectors
- New Campaign Abusing StackBlitz Tool to Host Phishing Pages
- Cycldek: Bridging the (air) gap
- New LNK attack tied to Higaisa APT discovered
- Retread Ransomware
- New Cyber Operation Targets Italy: Digging Into the Netwire Attack Chain
- NetWalker Ransomware: No Respite, No English Required
- URSNIF/GOZI Delivery — Old School Excel Macro 4.0 Utilization Uptick and the OCR Heuristics Bypass
- Evolution of Excel 4.0 Macro Weaponization
- TAU Threat Analysis: Medusa Locker Ransomware
Tools and Tips
- Covenant v0.5
- Stackstrings, type 2
- Spotting suspicious logins at scale: (Alert) pathways to success
- Flipper Zero – Tamagochi For Hackers
- What Is YARA? Get To Know This Malware Research Tool
- Tiny SHell Under the Microscope
- Shodan Dojo – Katas for learning the basics of Shodan search
- 2020-05-28 – TRAFFIC ANALYSIS EXERCISE – CATBOMBER
- Invoking System Calls and Windows Debugger Engine
- Malware Traffic Analysis Walkthrough
- Hunting Malicious Macros
- Understanding and Abusing Process Tokens — Part I
- sysmon-modular | A Sysmon configuration repository for everybody to customise
- Advance your Microsoft Defender ATP hunting skills using the Atomic execution framework
- Zero2Auto – Netwalker Walk through
- kitphishr – Hunts for Phishing Kit source code by traversing URL folders
Breaches, Government, and Law Enforcement
- Joomla Announces JRD Security Incident
- Minneapolis Hit with DDoS Attack amid Social Unrest
- REvil Ransomware Gang Starts Auctioning Victim Data
- US aerospace services provider breached by Maze Ransomware
- Ongoing eCh0raix ransomware campaign targets QNAP NAS devices
Vulnerabilities and Exploits
- A Vulnerability in Zoom Client Could Allow for Arbitrary Code Execution
- June 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication
- Russian Actors Are Targeting Vulnerable Exim Mail Servers. Patching Is Up, but More Than 900k Remain Online
- US-CERT Bulletin (SB20-153) – Vulnerability Summary for the Week of May 25, 2020
- System Takeover Through New SAP ASE Vulnerabilities
- Unpatched Microsoft Systems Vulnerable to CVE-2020-0796
- SMBGhost_RCE_PoC
- Apache Tomcat RCE by deserialization (CVE-2020-9484) – write-up and exploit