Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Netskope: Threat Labs Report – September 2021
- ENISA: Hackers-for-Hire drive the Evolution of the New ENISA Threat Landscape
- Microsoft: NOBELIUM targeting delegated administrative privileges to facilitate broader attacks
- Microsoft: Microsoft Digital Defense Report shares new insights on nation-state attacks
- Kaspersky: APT trends report Q3 2021
- Kaspersky: Russian-speaking cybercrime evolution: What changed from 2016 to 2021
- Cisco Talos: Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: Quarterly Report: Incident Response trends from Q3 2021
- Red Canary: Intelligence Insights: October 2021
- Digital Shadows: Ransomware Q3 Roll Up
- Mandiant: Portable Executable File Infecting Malware Is Increasingly Found in OT Networks
- Interpol: INTERPOL report identifies top cyberthreats in Africa
Threat Research
- CrowdStrike: LightBasin: A Roaming Threat to Telecommunications Companies
- Netskope: DBatLoader: Abusing Discord to Deliver Warzone RAT
- Proofpoint: TA575 Uses ‘Squid Game’ Lures to Distribute Dridex malware
- Proofpoint: New Threat Actor Spoofs Philippine Government, COVID-19 Health Data in Widespread RAT Campaigns
- Fortinet: Black Friday Scams are Coming—Online Shoppers Should Approach with Caution
- Abnormal: New Quishing Campaign Shows How Security Can Be Bypassed
- Zscaler: How a Phishing Campaign Targeting Indian Banking Users is Distributing an SMS Stealer
- Recorded Future: Termination of Federal Unemployment Programs Represents Turning Point for Fraudsters
- ESET: Wslink: Unique and undocumented malicious loader that runs as a server
- Symantec: Almost 100 Organizations in Brazil Targeted with Banking Trojan
- Cisco Talos: SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
- Cybereason: THREAT ANALYSIS REPORT: Snake Infostealer Malware
- Blackberry: Threat Thursday: Jennlog Malicious Loader
- Binary Defense: Solarmarker: By Any Other Name (Mars-Deimos part 3)
- Group-iB: Cannibal Carders Group-IB uncovers largest networks of fake shops – phishing websites disguised as card shops
- Sentinel Labs: Spook Ransomware | Prometheus Derivative Names Those That Pay, Shames Those That Don’t
- Morphisec: DECAF Ransomware: A New Golang Threat Makes Its Appearance
- JPCERT: Malware WinDealer used by LuoYu Attack Group
- PAN Unit42: WatchDog Using TeamTNT Operations and TTPs in Cryptojacking
- Rapid7: Sneaking Through Windows: Infostealer Malware Masquerades as Windows App
- Curated Intelligence: Conti Leaked Playbook TTPs
- Curated Intelligence: Initial Access Broker Landscape
- 0xthreatintel: Static Analysis of Bluelight Malware
- nccgroup: Detecting and Protecting when Remote Desktop Protocol (RDP) is open to the Internet
Tools and Tips
- SpecterOps: Formalized Curiosity. I grew up as an insanely curious kid…
- CrowdStrike: 2021 Cryptojacking Trends + Investigation Recommendations
- IBM: Detections That Can Help You Identify Ransomware
- Flashpoint: The Flashpoint Guide to Card Fraud: How Financial Institutions Can Better Detect, Mitigate, and Prevent Fraud
- Recorded Future: How to Investigate Typosquats
- Kaspersky: Trickbot banking Trojan modules overview
- SANS ISC: Hunting for Phishing Sites Masquerading as Outlook Web Access
- SANS ISC: Decrypting Cobalt Strike Traffic With a “Leaked” Private Key
- Inquest: How Email Works
- Binary Defense: The Inside Scoop: Binary Defense Employees’ Advice To Cybersecurity Newbs
- Open Source DFIR: Common misconceptions about Windows EventLogs
- CyberArk: Cracking WiFi at Scale with One Simple Trick
- Bushido Token: Ransomware Decryption Intelligence
- Atomic Matryoshka: AUTORUN MALWARE: WHY YOUR COMPUTER IS SUMMONING DARK LORDS AFTER YOU PLUGGED IN THAT PARKING LOT USB
- Mandiant: Flare-On 8 Challenge Solutions
- Ali Aqeel: Zloader Reversing
- Dark Reading: From Help Desk to Head of SOC: Building a Cybersecurity Career on Empathy and Candor
- ThinkDFIR: Introducing Awesome BEC
- Cyb3rSn0rlax: Detecting Remote Credentials Dumping via comsvcs.dll
- DFIRScience: Android logical acquisition with android_triage
- BlackPerl (Video): EASY Creation of Malware Analysis and Digital Forensics Lab
Breaches, Government, and Law Enforcement
- Europol: 12 targeted for involvement in ransomware attacks against critical infrastructure
- Reuters: EXCLUSIVE Governments turn tables on ransomware gang REvil by pushing it offline
- BleepingComputer: TrickBot malware dev extradited to US faces 60 years in prison
- US DOJ: Russian National Extradited to United States to Face Charges for Alleged Role in Cybercriminal Organization
- ZDNet: Schreiber Foods back to normal after ransomware attack shuts down milk plants
- CISA: CISA Awards $2 Million to Bring Cybersecurity Training to Rural Communities and Diverse Populations
- Commerce Department: Commerce Tightens Export Controls on Items Used in Surveillance of Private Citizens and other Malicious Cyber Activities
- NPR: The Facebook Papers: What you need to know about the trove of insider documents
- ThreatPost: Grief Ransomware Targets NRA
- The Record: Industry group warns of coordinated DDoS extortion campaign against VoIP providers
- Lawfare: After a Year of Silence, Are EU Cyber Sanctions Dead?
- Gov Info Security: US State Department to Create Dedicated Cyber Office
- Data Breach Today: Federal CISO DeRusha Named Deputy National Cyber Director
Vulnerabilities and Exploits
- CIS: A Vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense Could Allow for Security Bypass
- CIS: Oracle Quarterly Critical Patches Issued October 19, 2021
- Microsoft: Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection
- Cybereason: THREAT ALERT: Malicious Code Implant in the UAParser.js Library
- SANS ISC: Multiple Apple Patches for October 2021
- CISA: Vulnerability Summary for the Week of October 18, 2021
- ZecOps: Use-After-Free in Voice Control: CVE-2021-30902 Write-up
- Juniper Networks: Apache HTTP Server CVE-2021-42013 and CVE-2021-41773 Exploited