Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Netskope: Threat Labs Report – September 2022
- CIS: Cybersecurity Quarterly Fall 2022
- Fidelis: August/September 2022 Threat Intelligence Summary
- PhishLabs: RedLine Stealer Leads Payloads in Q3
- Huntress: The State of the Dark Web
- Sucuri: SiteCheck Malware Trends Report – Q3 2022
- Spamhaus: Botnet Threat Updates Q3 2022
Threat Research
- CrowdStrike: Playing Hide-and-Seek with Ransomware, Part 1
- Mandiant: The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform
- Microsoft: New “Prestige” ransomware impacts organizations in Ukraine and Poland
- Zscaler: New PHP Variant of Ducktail Infostealer Targeting Facebook Business Accounts
- ESET: POLONIUM targets Israel with Creepy malware
- Fortinet: Ransomware Roundup: Royal Ransomware
- Fortinet: Ukrainian Military-Themed Excel File Delivers Multi-Stage Cobalt Strike Loader
- Symantec: Budworm: Espionage Group Returns to Targeting U.S. Organizations
- Cisco Talos: Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
- HP: Magniber Ransomware Adopts JavaScript, Targeting Home Users with Fake Software Updates
- Blackberry: BianLian Ransomware Encrypts Files in the Blink of an Eye
- SentinelOne: WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware
- VMWare: LockBit 3.0 Also Known as LockBit Black
- PAN Unit42: Ransom Cartel Ransomware: A Possible Connection With REvil
- Trend Micro: Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike
- Sophos: Are threat actors turning to archives and disk images as macro usage dwindles?
- Trellix: 2022 Election Phishing Attacks Target Election Workers
- ASEC: Lazarus Group Uses the DLL Side-Loading Technique (mi.dll)
- Uptycs: Agent Tesla Malware Analysis: WSHRAT Acting As A Dropper
Tools and Tips
- SANS ISC: Vidoe: Analysis of a Malicious HTML File (QBot)
- Red Canary: Cloud coverage: Detecting an email payroll diversion attack
- CISA: CISA Releases RedEye: Red Team Campaign Visualization and Reporting Tool
- SANS: How to Automate Azure Using PowerShell – Part 1
- TrustedSec: Set Up An Android Hacking Lab For $0
- Tony Lambert: Bad Guys Hate This Trick for Malware Weight Loss!
- OALABS: Threat Intel – Building A Simple Botnet Tracker
- embee-research: IcedID Decryptor
- Hexacorn: Blog Dealing with alert fatigue, Part 1
- Splunk: Deliver a Strike by Reversing a Badger: Brute Ratel Detection and Analysis
- Akamai: Cold Hard Cache — Bypassing RPC Interface Security with Cache Abuse
- darkquasar: AzureHunter: A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
- Spamhaus: Dissecting the new shellcode-based variant of GuLoader (CloudEyE)
- Ryan Tomcik (video): A Groundhog’s Day in the Life of a Threat Hunter
- Recon Infosec: Remote Access Done Right
- Samir: 44 Cybersecurity YouTube Channels to Learn IT
- markuskont: pikksilm – Look into EDR events from network
Breaches, Government, and Law Enforcement
- Recorded Future: Malign Influence During the 2022 US Midterm Elections
- Krebs: Anti-Money Laundering Service AMLBot Cleans House
- BleepingComputer: Police tricks DeadBolt ransomware out of 155 decryption keys
- The Record: Indian energy company Tata Power announces cyberattack affecting IT infrastructure
- Lawfare: Clarifying Responsible Cyber Power: Developing Views in the U.K. Regarding Non-intervention and Peacetime Cyber Operations
- Risky Biz: Risky Biz News: White House working on cybersecurity labels for IoT products
- Booz Allen Hamilton: China’s Cyberattack Strategy Explained
Vulnerabilities and Exploits
- CrowdStrike: What is DirtyCred and how can it be mitigated?
- Zscaler: Technical Analysis of Windows CLFS Zero-Day Vulnerability CVE-2022-37969 – Part 1: Root Cause Analysis
- Securelist: Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
- SANS ISC: October 2022 Microsoft Patch Tuesday
- CISA: Vulnerability Summary for the Week of October 3, 2022