Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Randori: 2021 Randori Attack Surface Management Report: The Internet’s Most Tempting Targets
- Ars Tehnica: “Hacker X”—the American who built a pro-Trump fake news empire—unmasks himself
- HP: HP Wolf Security Threat Insights Report Q3 2021
- Phish Labs: BazaLoader Leads Payloads as Families Fluctuate, Players Broaden
- expel: Top Attack Vectors: September 2021
- CISA: Ongoing Cyber Threats to US Water and Wastewater Systems
- Google: Countering threats from Iran
- VMware: Moving Left of the Ransomware Boom
- InfoSecSherpa: InfoSecSherpa’s News Round Up for Friday, October 15, 2021
- Duo: Scanning Activity for Apache Flaw Began Before Public Disclosure
Threat Research
- CrowdStrike: ECX: Big Game Hunting on the Rise Following a Notable Reduction in Activity
- Proofpoint: EMEA Spotlight: Germany
- Avast: The King is Dead, Long Live MyKings! (Part 1 of 2)
- Zscaler: AtomSilo Ransomware Enters the League of Double Extortion
- IBM: Trickbot Rising — Gang Doubles Down on Infection Efforts to Amass Network Footholds
- ESET: FontOnLake: Previously unknown malware family targeting Linux
- Kaspersky: MysterySnail attacks with Windows zero-day
- Symantec: New Yanluowang ransomware used in targeted attacks
- Check Point: Check Point Research Prevents Theft of Crypto Wallets on OpenSea, the World’s Largest NFT Marketplace
- Blackberry: Threat Thursday: STRRat Malware
- Deep Instinct: Do Not Exchange! It has a Shell Inside.
- Trustwave: BlackByte Ransomware – Pt. 1 In-depth Analysis
- Morphisec: Explosive New MirrorBlast Campaign Targets Financial Companies
- PAN Unit42: Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes
- Juniper Networks: Necro Python Botnet Goes After Vulnerable VisualTools DVR
- Trend Micro: Ransomware Operators Found Using New Franchise Business Model
- Walmart: Investigation into the state of NIM malware Part 2
- Microsoft: Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors
- Virus Bulletin (PDF): VB2021 paper: The Baffling Berserk Bear: A Decade’s Activity Targeting Critical Infrastructur
Tools and Tips
- SpecterOps: Azure Privilege Escalation via Service Principal Abuse
- Dragos: Developing a Cybersecurity Plan of Action: Lessons Learned From Our Pipeline Customers
- SANS ISC: Port-Forwarding with Windows for the Win
- SentinelLabs: Techniques for String Decryption in macOS Malware with Radare2
- F5: Prioritizing Vulnerability Management Using Machine Learning
- Mehmet Ergene: Reducing Alert Fatigue by Lightning Fast Alert Prioritization with Microsoft Defender for Endpoint
- FalconForce: Sysmon vs Microsoft Defender for Endpoint, MDE Internals 0x01
- TrustedSec: Creating a Malicious Azure AD OAuth2 Application
- CounterCraft: Don’t Toss the Phish! Gathering Tailored Threat Intel from Spear Phishing
- Mandiant: Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis
- Cyb3rSn0rlax: Detecting CONTI CobaltStrike Lateral Movement Techniques – Part 1
- OpenSource Intelligence: Open Source Intelligence Bibliography
- nasbench: nasbench/SIGMA-Resources: Resources To Learn And Understand SIGMA Rules
- philhagen: sof-elk/VM: details for the SOF-ELK® (Security Operations and Forensics Elasticsearch, Logstash, Kibana) VM.
- Olaf Hartong: Sysmon for Linux
- OALabs: OALabs/hashdb-ida: HashDB API hash lookup plugin for IDA Pro
- Microsoft: Automating the deployment of Sysmon for Linux 🐧 and Azure Sentinel in a lab environment 🧪
- The Mitten Mac: The ESF Playground
- Volatility Labs: Memory Forensics R&D Illustrated: Detecting Mimikatz’s Skeleton Key Attack
Breaches, Government, and Law Enforcement
- ZDNet: $5.2 billion in BTC transactions tied to top 10 ransomware variants: US Treasury
- Treasury Department: Treasury Continues Campaign to Combat Ransomware As Part of Whole-of-Government Effort
- The White House: FACT SHEET: Ongoing Public US Efforts to Counter Ransomware
- The White House: Statement of President Joe Biden on Signing the K-12 Cybersecurity Act Into Law
- US Senate: Warren & Ross Introduce Bill to Require Disclosures of Ransomware Payments
- Reuters: Hackers of SolarWinds stole data on U.S. sanctions policy, intelligence probes
- FedScoop: OMB provides agencies with guidance on accelerating endpoint detection and response
- ThreatPost: Navy Warship’s Facebook Page Hacked to Stream ‘Age of Empires’ Gaming
- Krebs: Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability
- Bleeping Computer: US government discloses more ransomware attacks on water plants
- Data Breach Today: Teenage Cybercrime: Giving Young Hackers A Second Chance
Vulnerabilities and Exploits
- CIS: Critical Patches Issued for Microsoft Products, October 12, 2021
- Flashpoint: China’s Hackers to Showcase Zero-Day Exploits at Tianfu Cup
- Malwarebytes: Update now! Apple patches another privilege escalation bug in iOS and iPadOS
- Dragos: Positive Train Control (PTC) Expands Cyber Attack Surface for Rail Systems
- Cisco Talos: Vulnerability Spotlight: Use-after-free vulnerability in Microsoft Excel could lead to code execution
- SANS ISC: Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
- SANS ISC: Microsoft October 2021 Patch Tuesday
- CISA: Vulnerability Summary for the Week of October 4, 2021
- CISA: Apache Releases Security Advisory for Tomcat
- Trustwave: A Handshake with MySQL Bots
- The Record: Academics find Meltdown-like attacks on AMD CPUs, previously thought to be unaffected