Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- CISA: Ransomware Activity Targeting the Healthcare and Public Health Sector
- Zoom: Zoom Launches End-to-End Encryption for Free and Paid Users Globally
- Kaspersky: Life of Maze ransomware
- Proofpoint: 2020 Election Threats: An Overview of Our Research
- BleepingComputer: Maze ransomware is shutting down its cybercrime operation
- Palo Unit42: Highlights from the Unit 42 Cloud Threat Report, 2H 2020
- enisa: ENISA Threat Landscape 2020: Cyber Attacks Becoming More Sophisticated, Targeted, Widespread and Undetected
Threat Research
- FireEye: Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser
- Sucuri: PAS Fork v. 1.0 — A Web Shell Revival
- RiskIQ: Released Its Corpus of Infrastructure and IOCs Related to Ryuk Ransomware
- zscaler: APT-31 Leverages COVID-19 Vaccine Theme
- Recorded Future: Insikt Group Discovers Global Credential Harvesting Campaign Using FiercePhish Open Source Framework
- Kaspersky: On the trail of the XMRig miner
- Symantec: Seedworm: Iran-Linked Group Continues to Target Organizations in the Middle East
- CISA: MAR-10310246-2.v1 – PowerShell Script: ComRAT
- CISA: MAR-10310246-1.v1 – ZEBROCY Backdoor
- Deep Instinct: The Hasty Agent: Agent Tesla Attack Uses Hastebin
- SentinelLabs: Anchor Project for Trickbot Adds ICMP
- SentinelLabs: An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques
- Bitdefender: An Overview of WMI Hijacking Techniques in Modern Malware
- F-Secure: Catching Lazarus: Threat Intelligence to Real Detection Logic – Part Two
- Trend Micro: Operation Earth Kitsune A Dance of Two New Backdoors
Tools and Tips
- Agari: BEC Scams: What to Look For, What to Do
- Cybereason: Ryuk Ransomware: Mitigation and Defense Action Items
- red canary: A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak
- red canary: Testing Threat Technique Variation with AtomicTestHarnesses
- expel: Performance metrics, part 2: Keeping things under control
- Interzer: TrickBot or Treat 2.0 – yara sigs for Trickbot and Emotet
- FireEye: Welcome to ThreatPursuit VM: A Threat Intelligence and Hunting Virtual Machine
- Secureworks: Capture-the-Flag Walk-Through: 8ES_Rock
- Compass Security: Burp Extension: Copy Request & Response
- JP-CERT: LogonTracer v1.5 Released
- Open Source DFIR: Deploying GRR to Kubernetes for Incident Response
- FalconForce: FalconFriday — DCOM & SCM Lateral Movement — 0xFF05
- Mitre: Defining ATT&CK Data Sources, Part II: Operationalizing the Methodology
- CERT-PL: Set up your own malware repository with MWDB Core
- Nasreddine Bencherchali: Windows System Processes — An Overview For Blue Teams
- TheEvilbit Blog: Getting started in macOS security
- Lares: Endpoint Hunting for UNC1878/KEGTAP TTPs
Breaches, Government, and Law Enforcement
- US DOT: Treasury Sanctions Russian Government Research Institution Connected to the Triton Malware
- Malwarebytes: Vastaamo psychotherapy data breach sees the most vulnerable victims extorted
- PhishLabs: $2.3M Stolen from Wisconsin GOP via BEC Attack
- CISA: Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data
- Trustwave: Massive US Voters and Consumers Databases Circulate Among Hackers
Vulnerabilities and Exploits
- Google Project Zero: Windows Kernel zero-day exploited in the wild
- Microsoft: Attacks exploiting Netlogon vulnerability (CVE-2020-1472)
- Fortinet: FortiGuard Labs Discovers Multiple Critical Vulnerabilities in Multiple Adobe Products
- Checkpoint: Exploit Developer Spotlight: The Story of PlayBit
- SANS ISC: PATCH NOW: CVE-2020-14882 Weblogic Actively Exploited Against Honeypots
- CISA: Vulnerability Summary for the Week of October 19, 2020
- Objective-See: Property List Parsing Bug(s) crashing macOS via malformed binary plists
- NCC Group: Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Gzip Extraction (CVE-2020-8260)
1 comment / Add your comment below