Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Qualys: Assess Your Risk From Ransomware Attacks
- Microsoft: Russian cyberattacks pose greater risk to governments and other insights from our annual report
- Google: Delivering 10,000 security keys to high risk users
- IBM: Phishing Attacks Are Top Cyber Crime Threat, Easier Than Ever to Create and Deploy
- Recorded Future: Illegal Activities Endure on China’s Dark Web Despite Strict Internet Control
- Fidelis: Fidelis Vulnerability Report – Third Quarter 2021
- Fortinet: Ransomware Impact on the Education Sector
- Kaspersky: Roundup of ransomware in the CIS
- BleepingComputer: Microsoft is disabling Excel 4.0 macros by default to protect users
- Cloudflare: Understanding How Facebook Disappeared from the Internet
- VirusTotal: Ransomware Activity Report: Ransomware in a global context
- InfoSecSherpa: InfoSecSherpa’s News Round Up for Friday, October 8, 2021
Threat Research
- Mandiant: FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets
- Netskope: SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot
- Proofpoint: Mobile Malware: TangleBot Untangled
- Sophos: Python ransomware script targets ESXi server for encryption
- Zscaler: New Trickbot and BazarLoader delivery vectors
- RiskIQ: Mana Tools: A Malware C2 Panel with a Past
- Flashpoint: REvil Continues Its Reemergence, Joins Groove-led RAMP Forum
- ESET: UEFI threats moving to the ESP: Introducing ESPecter bootkit
- ESET: FontOnLake: Previously unknown malware family targeting Linux
- Cybereason: Operation GhostShell: Novel RAT Targets Global Aerospace and Telecoms Firms
- Blackberry: Drawing a Dragon: Connecting the Dots to Find APT41
- Blackberry: Threat Thursday: BluStealer Infostealer
- Cyberint: Vidar Stealer Abuses Mastadon Social Network
- JP-CERT: Malware Gh0stTimes Used by BlackTech
- PAN Unit42: SilverTerrier – Nigerian Business Email Compromise
- The DFIR Report: BazarLoader and the Conti Leaks
- NVISO Labs: Phish, Phished, Phisher: A Quick Peek Inside a Telegram Harvester
- Anomoli: Inside TeamTNT’s Impressive Arsenal
- CounterCraft: Five Cool TTPs for Autumn
- 0xjxd: SquirrelWaffle – From Maldoc to Cobalt Strike
- Team Cymru: Collaborative Research on the CONTI Ransomware Group
Tools and Tips
- SpecterOps: Life is Pane: Persistence via Preview Handlers
- Facebook: Open-sourcing Mariana Trench: Analyzing Android and Java app security in depth
- Dragos: How to Align to New Federal Control Systems Performance Goals and Objectives
- Cisco Talos: Threat hunting in large datasets by clustering security events
- SANS ISC: Sorting Things Out – Sorting Data by IP Address
- SANS ISC: Looking Glasses: Debugging Network Connectivity Issues
- CISA: NSA Releases Guidance on Avoiding the Dangers of Wildcard TLS Certificates and ALPACA Techniques
- Nasreddine Bencherchali: Windows 11 “New” ETW Providers — Overview
- Active Countermeasures: What Is This TCP or UDP Port
- Uptycs: The Best Vulnerability Management Tool for your environment? Good Asset Management
- TrustedSec: Persistence Through Service Workers—Part 1: Introduction and Target Application Setup
- N1ght-W0lf: N1ght-W0lf/WinDbgCheatSheet
- mattreduce: cti-self-study – Track progress and keep notes while working through @likethecoins Cyber Threat Intelligence Self Study Plan
- Censys: Advanced Persistent Infrastructure Tracking
- Cyb3rSn0rlax: A Primar to Detection Engineering Dimensions in a SOC Universe
- nullteilerfrei: Using Windows Sandbox for Malware Analysis
- 0xinfection: Offensive WMI – Reconnaissance & Enumeration (Part 4)
- AndrewRathbun: SANS Memory Forensics Cheat Sheet 2.0 Mind Map
- IstroSec: Malware Analysis Tools, Part 2
Breaches, Government, and Law Enforcement
- The White House: A Proclamation on Cybersecurity Awareness Month, 2021
- ZDNet: Twitch source code, business data, gamer payouts leaked in massive hack
- Reuters: U.S. Justice Dept launches new initiatives on cryptocurrencies, contractor hacks
- Reuters: White House plans 30-country meeting on cyber crime and ransomware -official
- The Record: TSA to issue new cyber regulations for rail, aviation sectors
- The Standard: UK to build £5bn digital warfare centre to mount ‘offensive’ cyber attacks
- U.S.-EU Trade and Technology Council: US-EU Trade and Technology Council Inaugural Joint Statement | United States Trade Representative
- Engadget: US Justice Department forms a cryptocurrency enforcement team
- Intezer: Misconfigured Airflows Leak Credentials from Popular Services
- BleepingComputer: Cox Media Group confirms ransomware attack that took down broadcasts
- Data Breach Today: Data Breach Reports Rise as Supply Chain Attacks Surge
Vulnerabilities and Exploits
- CIS: A Vulnerability in Apache HTTP Server Could Allow for a Path Traversal Attack
- Cisco Talos: Threat Advisory: Apache HTTP Server zero-day vulnerability opens door for attackers
- SANS ISC: Apache 2.4.49 Directory Traversal Vulnerability (CVE-2021-41773)
- CISA: Vulnerability Summary for the Week of September 27, 2021
- CISA: Apache Releases HTTP Server version 2.4.51 to Address Vulnerabilities Under Exploitation
- Juniper Networks: CVE-2021-22005 VMware vCenter Analytics Service Arbitrary File Upload
- F-Secure: Analysis of CVE-2021-1810 Gatekeeper bypass