Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- CIS: Top 10 Malware September 2022
- IBM: What Drives Incident Responders: Key Findings from the 2022 Incident Responder Study
- Flashpoint: Advanced Persistent Threat (APT) Groups: What Are They and Where Are They Found
- Fortinet: Ransomware Roundup: New FBI, Wise Guys, and “Pyschedelic” Ransomware
- Dragos: Dragos Industrial Ransomware Analysis: Q3 2022
- Cisco Talos: Quarterly Report: Incident Response Trends in Q3 2022
- PAN Unit42: Trends in Web Threats in CY Q2 2022: Malicious JavaScript Downloaders Are Evolving
- Trend Micro: Attack Surface Management 2022 Midyear Review Part 2
- Risky Biz: Risky Biz News: GitHub aflood with fake and malicious PoCs
- CERT-EU: CERT-EU – Threat Landscape Report – The 10 Years Edition
Threat Research
- CIS: Cyber Threat Actors Evading MOTW for Malware Delivery
- CrowdStrike: CrowdStrike Identifies New Kiss-a-Dog Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Infrastructure
- Proofpoint: Broken Dreams and Piggy Banks: Pig Butchering Crypto Fraud Growing Online
- Microsoft: Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
- Microsoft: DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
- Zscaler: WarHawk: the New Backdoor in the Arsenal of the SideWinder APT Group
- Fortinet: Fake Hungarian Government Email Drops Warzone RAT
- Symantec: Cranefly: Threat Actor Uses Previously Unseen Techniques and Tools in Stealthy Campaign
- CISA: 10398871-1.v2 Zimbra October Update
- Trustwave: Insta-Phish-A-Gram
- VMware: ESXi-Targeting Ransomware: Tactics and Techniques (Part 2)
- VMware: Threat Analysis: Active C2 Discovery Using Protocol Emulation Part3 (ShadowPad)
Tools and Tips
- Dragos: Analyzing PIPEDREAM: Results from Runtime Testing
- Check Point: Attacking Very Weak RC4-Like Ciphers the Hard Way
- Cybereason: THREAT ANALYSIS REPORT: DLL Side-Loading Widely (Ab)Used
- SANS ISC: Quickie: CyberChef & Microsoft Script Decoding
- Expel: Three Kubernetes events worth investigating
- PAN Unit42: Defeating Guloader Anti-Analysis Technique
- NVISO Labs: The dangers of trust policies in AWS
- SANS: Geolocation OSINT Resources
- Walmart: Brute Ratel Config Decoding update
- TrustedSec: How to Get the Most Out of Your Pentest
- OALABS: BitRat Exposed: Taking a closer look at this C++ paster RAT
- chainguard-dev: osquery-defense-kit: Production-ready detection & response queries for osquery
- Tony Lambert: Malware Weight Loss the Fast Way with Foremost
- InverseCos: Recovering Cleared Browser History – Chrome Forensics
- Elastic: EMOTET Dynamic Configuration Extraction
Breaches, Government, and Law Enforcement
- Flashpoint: Xi’s Rules: Key Takeaways From China’s National Party Congress
- Intel471: Russian-speaking actors offer unique perspectives on Putin’s military mobilization
- The Record: Arrested Ukrainian national charged with running Raccoon Infostealer malware
- Lawfare: What Impact, if Any, Does Killnet Have?
- US DOJ: Chinese Intelligence Officers Charged with Using Academic Cover to Target Individuals in United States
- Heimdal Security: Microsoft Data Breach Exposes Customers’ Sensitive Information
Vulnerabilities and Exploits
- Zscaler: [CVE-2022-37969] | [Windows CLFS Zero-Day]
- CISA: Vulnerability Summary for the Week of October 17, 2022
- Digital Shadows: Q3 2022 Vulnerability Roundup
- BleepingComputer: ConnectWise fixes RCE bug exposing thousands of servers to attacks
- F5 Labs: Sensor Intel Series: Top CVEs in September 2022
- Sucuri: WordPress Vulnerability & Patch Roundup October 2022
- Apple: Towards the next generation of XNU memory safety: kalloc_type