Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Fortinet: The Convergence of the Threat Landscape is Here
- Red Canary: Intelligence Insights: October 2022
- CISA: #StopRansomware: Daixin Team
- Digital Shadows: Ransomware In Q3 2022
- Trend Micro: Attack Surface Management 2022 Midyear Review Part 1
- Curated Intelligence: REvil Ransomware on Darknet Diaries
- Spamhaus: Quarterly Domain Reputation Update — Q3 2022
Threat Research
- Mandiant: From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind
- Zscaler: WarHawk: the New Backdoor in the Arsenal of the SideWinder APT Group
- Flashpoint: Combining Cybersecurity with Gaming: Cheats, Insider Threats, Ransomware and More
- ESET: Domestic Kitten campaign spying on Iranian citizens with new FurBall malware
- Securelist: DiceyF deploys GamePlayerFramework in online casino development studio
- Symantec: Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool
- Symantec: Spyder Loader: Malware Seen in Recent Campaign Targeting Organizations in Hong Kong
- Check Point: Black Basta and the Unnoticed Delivery
- Cybereason: THREAT ANALYSIS REPORT: DLL Side-Loading Widely (Ab)Used
- McAfee: New Malicious Clicker found in apps installed by 20M+ users
- CISA: 10398871-1.v2 Zimbra October Update
- PAN Unit42: Trends in Web Threats: Old Web Skimmer Still Active Today
- Trend Micro: TeamTNT Returns – or Does It?
Tools and Tips
- SpecterOps: Ghostwriter v3.1 Now Available
- CIS (Podcast): Episode 41: A Blueprint for Ransomware Defense
- IBM: How to keep your secrets safe: A password primer
- Dragos: Operationalizing Cyber Threat Intelligence (CTI): Key Components to Consider
- Cisco Talos: The benefits of taking an intent-based approach to detecting Business Email Compromise
- SANS ISC: Forensic Value of Prefetch
- SANS ISC: Analysis of a Malicious HTML file (QBot)
- Red Canary: Persistent pests: A taxonomy of computer worms
- PAN Unit42: Detecting Emerging Network Threats From Newly Observed Domains
- Microsoft: Defenders beware: A case for post-ransomware investigations
- TrustedSec: The Curious Case of the Password Database
- pop3ret: AWSome-Pentesting/AWSome-Pentesting-Cheatsheet
- Microsoft 365 Security: Investigating Ransomware Deployments that happened via Group Policy
- randomaccess3: List of suspicious Chromium extensions
Breaches, Government, and Law Enforcement
- ZDNet: FBI warning: Beware of student loan forgiveness scammers
- Flashpoint: Russia-Ukraine War Timeline: Cyber and Physical Intel
- Krebs: How Card Skimming Disproportionally Affects Those Most In Need
- BleepingComputer: Google sued over biometric data collection without consent
- Intel471: Pro-Russian Hacktivism and Its Role in the War in Ukraine
- Lawfare: The Fallout From the First Trial of a Corporate Executive for ‘Covering Up’ a Data Breach
- BBC: Germany fires cybersecurity chief ‘over Russia ties’
Vulnerabilities and Exploits
- CrowdStrike: Playing Hide-and-Seek with Ransomware, Part 2
- IBM: Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1
- Zscaler: Security Advisory: Apache Commons Text Remote Code Execution Vulnerability (CVE-2022-42889)
- Fortinet: Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability
- CISA: Vulnerability Summary for the Week of October 10, 2022
- Devcore: A New Attack Surface on MS Exchange Part 4 – ProxyRelay!