— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- CYBERCRIME TACTICS AND TECHNIQUES: the 2019 state of healthcare (PDF)
- Fortinet Releases Threat Landscape Report for Q3 2019
- DDoS attacks in Q3 2019
- The False Choice of IT Vs. OT
- APWG Q3 Phishing Trends Report
- Hey InfoSec, what are you doing to protect your DevOps Team?
- Week in OSINT #2019–45
- Potemkin Pages & Personas: Assessing GRU Online Operations, 2014-2019
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- NetSupport RAT installed via fake update notices
- Double Trouble: RevengeRAT and WSHRAT
- New Emotet Report Details Threats From One of the World’s Most Successful Malware Operations
- Multiple Vulnerabilities in Adobe and Cisco Products
- THE LAZARUS’ GAZE TO THE WORLD: WHAT IS BEHIND THE FIRST STONE ?
- More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
- Custom dropper hide and seek
- An example of malspam pushing Lokibot malware, November 2019
- TA2101 plays government imposter to distribute malware to German, Italian, and US organizations
- PureLocker: New Ransomware-as-a-Service Being Used in Targeted Attacks Against Servers
- Field Notes: Multistage Maldoc Delivers Executable Masked as JPG
- A Look into the Lazarus Group’s Operations in October 2019
- Revenge is a Dish Best Served… Obfuscated?
Tools and Tips
- When Kirbi walks the Bifrost
- How to Implement & Assess Your Cyber Hygiene
- Hunting for LoLBins
- Weeding out WannaMine v4.0: Analyzing and Remediating This Mineware Nightmare
- Some packet-fu with Zeek (previously known as bro)
- ATT&CK T1501: Understanding systemd service persistence
- Use Case Applicability: How to better integrate Continuous Improvement into Security Monitoring
- Windows Event Logs
Breaches, Government, and Law Enforcement
- Orcus RAT Author Charged in Malware Scheme
- 10 Men Involved in Nigerian Romance Scams Indicted for Money Laundering Conspiracy
- Russian National Extradited for Running Online Criminal Marketplace
- Chinese National Pleads Guilty to Committing Theft of Trade Secrets
Vulnerabilities and Exploits
- CVE-2019–12757: Local Privilege Escalation in Symantec Endpoint Protection
- Multiple Vulnerabilities in VMware Products Could Allow for Remote Code Execution
- Intel warning: Critical flaw in BMC firmware affects a ton of server products
- Intel Releases Security Updates
- Microsoft November 2019 Patch Tuesday Reveals 74 Patches Before Major Windows Update
- Microsoft Patch Tuesday – November 2019
- US-CERT Bulletin (SB19-315) Vulnerability Summary for the Week of November 4, 2019
- Ghost Potato