Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- ZDNet: The malware that usually installs ransomware and you need to remove right away
- Kaspersky: IT threat evolution Q3 2020
- Malwarebytes: Chris Krebs, director of Cybersecurity and Infrastructure Security Agency, fired by President
- Cisco Talos: Back from vacation: Analyzing Emotet’s activity in 2020
- CrowdStrike: Hacking Farm to Table: Uncovering Threats to Agriculture
- SANS: SANS Threat Analysis Rundown Recap: The Return of UNC1878
- GData: COVID19 pandemic is a field day for cybercriminals
- digital shadows: Holiday Cybercrime: Retail Risks and Dark Web Kicks
- Bleeping computer: TrickBot turns 100: Latest malware released with new features
- F5 Labs: 2020 Phishing and Fraud Report
Threat Research
- Morphisec: The introduction of the Jupyter InfoStealer/Backdoor
- RiskIQ: A New Grelos Skimmer Reflects the Depth and Murkiness of the Magecart Ecosystem
- eset: Lazarus supply‑chain attack in South Korea
- Symantec: Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign
- FireEye: Purgalicious VBA: Macro Obfuscation With VBA Purging
- 360: File-less Attack Protection Intercepts the Banker Trojan BBtok Active in Mexico
- GroupIB: The Locking Egregor
- Sentinel Labs: Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative
- Bitdefender: A Detailed Timeline of a Chinese APT Espionage Attack Targeting…
- NCC Group: TA505: A Brief History Of Their Time
Tools and Tips
- SpeecterOps: Introducing BloodHound 4.0: The Azure Update
- CIS: New CIS Hardened Images for Windows STIG, SUSE, and Ubuntu
- NSA: Latest version of Ghidra
- Open Source DFIR: Sigma in Timesketch – let’s rule the sketch
- NVISO Labs: Dynamic Invocation in .NET to bypass hooks
- Falcon Force: FalconFriday —Parent-child relationships & impersonation with RunAs— 0xFF07
- F-Secure: Detecting Cobalt Strike Default Modules via Named Pipe Analysis
- Jumpsec Labs: Detecting known DLL hijacking and named pipe token impersonation attacks with Sysmon
- Fox-IT: Decrypting OpenSSH sessions for fun and profit
- solemnwarning: /rehex: Reverse Engineers’ Hex Editor
- Newton Paul: Malware Analysis: Memory Forensics with Volatility 3
- x0r19x91: UnAutoIt: The Cross Platform AutoIt Extractor
Breaches, Government, and Law Enforcement
- Europol: Romanian duo arrested for running malware encryption service to bypass antivirus software
- GCHQ: National Cyber Force transforms country’s cyber capabilities to protect the UK
- CAPCOM: Update Regarding Data Security Incident Due to Unauthorized Access
1 comment / Add your comment below