Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- CIS: Cybersecurity Quarterly Fall 2022
- Microsoft: Microsoft publishes new report on holistic insider risk management
- ESET: ESET Threat Report T2 2022
- Securelist: Ten most mysterious APT campaigns that remain unattributed
- Secureworks: Key Findings from the State of the Threat Report
Threat Research
- CrowdStrike: How Threat Actors Can Use GitHub Repositories to Deploy Malware
- Proofpoint: Exploiting COVID-19: how threat actors hijacked a pandemic
- Netskope: RedLine Stealer Campaign Abusing Discord via PDF Links
- CIS: Top 10 Malware August 2022
- Zscaler: Analysis of LilithBot Malware and Eternity Threat Group
- Fortinet: Delivery of Malware: A Look at Phishing Campaigns in Q3 2022
- Securelist: Kaspersky crimeware report: infection and propagation methods
- Check Point: Bumblebee: increasing its capacity and evolving its TTPs
- Cisco Talos: Developer account body snatchers pose risks to the software supply chain
- Blackberry: Mustang Panda Abuses Legitimate Apps to Target Myanmar Based Victims
- CISA: MAR-10365227-3.v1 China Chopper Webshells
- CISA: Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
- Inquest: Hiding in the XML
- Trustwave: HTML File Attachments: Still A Threat
- Trellix: Evolution of BazarCall Social Engineering Tactics
- Team Cymru: A Visualizza into Recent IcedID Campaigns:
- Sophos: Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse
Tools and Tips
- SpecterOps: Prioritization of the Detection Engineering Backlog
- Microsoft: Detecting and preventing LSASS credential dumping attacks
- Dragos: Using Threat Intelligence to Build a Mature OT Network Defense
- Cybereason: Blue Teaming on macOS with eslogger
- Red Canary: Cloud coverage: Detecting an email payroll diversion attack
- Atomic Matryoshka: Meeting the 3 Headed Dog: Kerberos Authentication Basics
- TrustedSec: Common Conditional Access Misconfigurations and Bypasses in Azure
- OALABS: ISFB / GOZI / RM3 Config Extraction
Breaches, Government, and Law Enforcement
- IBM: Why Do Ransomware Gangs Keep Coming Back From the Dead?
- Malwarebytes: Romance scammer given 25 years of alone time
- Krebs: Report: Big U.S. Banks Are Stiffing Account Takeover Victims
- Digital Shadows: The Optus Breach: If I Could Turn Back Time
- Lawfare: Don’t Assume China’s AI Regulations Are Just a Power Play
- Data Breach Today: President Biden to Sign Order for Trans-Atlantic Data Flows
- Risky Biz News: Risky Biz News: Good news for the Capital One hacker, bad news for the former Uber CSO
Vulnerabilities and Exploits
- Zscaler: Coverage Advisory For Microsoft Exchange Server 2019, 2016, 2013 Vulnerabilities
- Flashpoint: Analysis of CISA releases Advisory on Top CVEs Exploited Chinese State-Sponsored Groups
- Flashpoint: What We Know About the Zero-Day Vulnerability Affecting Zimbra Collaboration and cpio
- Cybereason: Container Escape: All You Need is Cap (Capabilities)
- SANS ISC: Critical Fortinet Vulnerability Ahead
- Blackberry: Microsoft Exchange Server Zero-Day Mitigation Proves Insufficient
- CISA: Vulnerability Summary for the Week of September 26, 2022
- CISA: Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors
- PAN Unit 42: Threat Brief: CVE-2022-41040 and CVE-2022-41082: Microsoft Exchange Server (ProxyNotShell)