Summary
*Note: Security Soup is back following a vacation to rest and recharge! As always, thanks for reading…
— A collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- COFENSE Q3 2019 MALWARE TRENDS (Report requires registration)
- Ransomware: The Nightmare Before Cyber Monday
- Oracle launches Internet Intelligence IXP Filter Check – a free tool to designed for secure routing
- Advisory: Turla group exploits Iranian APT to expand coverage of victims
- RiskIQ’s Q2 2019 Mobile Threat Landscape Report (Report requires registration)
- A Look at the Pricing of Cybercrime Goods and Services (Report requires registration)
- Joker’s Stash Upgrades With Large SSN Offering and Support Infrastructure
- APT trends report Q3 2019
- Claims of a Cyber Attack on Iran’s Abadan Oil Refinery and the Need for Root Cause Analysis
- Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform
- Week in OSINT #2019–42
- Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground
- Burning and bridges — Insights into NSA and NCSC Joint Report on Turla Group
Threat Research – Malware, Phishing, and other Campaigns in the Wild
- Warning of Serious DDoS Blackmail Campaigns Attributed to Fancy Bear Group
- New Variant of Remcos RAT Observed In the Wild
- Exploring a link between Magecart Group 5 and the Carbanak APT
- Winnti Group’s skip‑2.0: A Microsoft SQL Server backdoor
- Peeling the Netwire Onion
- AutoIT-compiled Negasteal/Agent Tesla, Ave Maria Delivered via Malspam
- Pony’s C&C servers hidden inside the Bitcoin blockchain
- Gustuff return, new features for victims
- Hunting Raccoon: The New Masked Bandit on the Block
- Ransomware Goes Fileless, Uses Malicious Documents and PowerShell to Encrypt Files
- Shikata Ga Nai Encoder Still Going Strong
- Emotet, an Analysis of TTP’s: Part II For the Watch
- Emotet_network_protocol
- Exploring Emotet, and Elaborate Everyday Enigma
Tools and Tips
- Detecting SharePoint attacks via worker process activity
- Best Practices for Defanging Social Media Phishing Attacks
- Understanding APIs: SOAP
- Blue Hands On Bloodhound
- Web Browser Forensics: Investigating The Browser For Evidence
- Unpacking Malware Series – Maze Ransomware
- The ThreatHunting Project: Hunting for adversaries in your IT environment
Breaches, Government, and Law Enforcement
- Second Ransomware Attack Strikes Johannesburg
- Czech authorities dismantle alleged Russian cyber-espionage network
- NordVPN Confirms 3rd-party Breach
- Chinese National Sentenced to 40 Months in Prison for Conspiring to Illegally Export Military- and Space-Grade Technology from the United States to China
- Democrats offer cybersecurity bill for ‘internet of things’
- Ransomware Hits B2B Payments Firm Billtrust
- In a rare move, Moody’s says it’s paying close attention to Pitney Bowes ransomware attack
Vulnerabilities and Exploits
- NGINX + CIS Hardened Images Provide Security at Maximum Efficiency
- Nasty PHP7 remote code execution bug exploited in the wild
- Throwback Threat Thursday: JCE Vulnerability
- TCP SACK Security Issue in OpenBSD – CVE-2019-8460
- Bulletin (SB19-294): Vulnerability Summary for the Week of October 14, 2019