— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- MS-ISAC – Top 10 Malware October 2019
- Business Email Compromise: Putting $26 Billion in Known Losses into Context
- A decade of hacking: The most notable cyber-security events of the 2010s
- Insights from one year of tracking a polymorphic threat
- Palo Alto Networks Announces Intent to Acquire Aporeto
- Black Friday/Cyber Monday Ecommerce Security Threats
- Full(z) House: a digital crime group using a full deck to maximize profits
- A New Wave of Stalkerware Apps: Quick roundup of spyware activity following the US-CERT advisory
- IT threat evolution Q3 2019
- 10 Hackers Hacking: A Holiday Countdown of Retail Cybersecurity Threats
- OPCW, WikiLeaks, and Russian Influence Operations
- Group-IB presents its annual report on global threats to stability in cyberspace
- Unrestricted Release of Offensive Security Tools
- The fall and rise of a spyware empire
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- Stantinko botnet adds cryptomining to its pool of criminal activities
- Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK
- Active TrickBot Campaign Observed Abusing SendGrid and Google Docs
- Threat Spotlight: Machete Info-Stealer
- Studying Donot Team
- TrickBot Trojan Getting Ready to Steal OpenSSH and OpenVPN Keys
- Emotet deep dive analysis
Tools and Tips
- SauronEye is a search tool built to aid red teams in finding files containing specific keywords.
- My Little DoH Setup
- FIDL: FLARE’s IDA Decompiler Library
- How To Build And Run A SOC for Incident Response – A Collection Of Resources
- Chepy is a python library with a handy cli that is aimed to mirror some of the capabilities of CyberChef
- A First Responder Released for the HIVE Project
- ATT&CK Website Docker
Breaches, Government, and Law Enforcement
- International Crackdown on Imminent Monitor RAT
- Adobe Discloses Breach Impacting Magento Marketplace
- $48 million in Ethereum Stolen from Upbit
- Former Executives and Employees of Health Technology Start-Up Charged in a $1 Billion Scheme to Defraud Clients, Lenders and Investors
- Pressure mounts for federal privacy law with second bill
Vulnerabilities and Exploits
- US-CERT Bulletin (SB19-329) – Vulnerability Summary for the Week of November 18, 2019
- Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps
- Long-known Vulnerabilities in High-Profile Android Applications