Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- IBM: X-Force Report: No Shortage of Resources Aimed at Hacking Cloud Environments
- Kaspersky: Incident response analyst report 2020
- CISA: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
- Microsoft: The passwordless future is here for your Microsoft account
- PhishLabs: Top 10 TLDs Abused
- expel: Top Attack Vectors: August 2021
- ACSC: ACSC Annual Cyber Threat Report 2020-21
- Morphisec: Triple Extortion Ransomware: A New Challenge For Defenders
- PAN Unit42: Network Security Trends: May-July 2021
- Trend Micro: Midyear 2021 Cybersecurity Landscape Review: Attacks From All Angles Abound
Threat Research
- Netskope: Microsoft Office Document Triggering New Zero-Day
- RiskIQ: Untangling the Spider Web: The Curious Connection Between WIZARD SPIDER’s Ransomware Infrastructure and a Windows Zero-Day Exploit
- ESET: Numando: Count once, code twice
- Fortinet: More ProxyShell? Web Shells Lead to ZeroLogon and Application Impersonation Attacks
- Malwarebytes: The many tentacles of Magecart Group 8
- Cisco Talos: Operation Layover: How we tracked an attack on the aviation industry to five years of compromise
- SANS ISC: Hancitor campaign abusing Microsoft’s OneDrive
- Blackberry: Threat Thursday: NetWire RAT is Coming Down the Line
- Group-iB: Scamdemic outbreak – Scammers attack users in Middle Eastern countries
- SentinelLabs: Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms
- PAN Unit42: Travel Themed Phishing URLs Set to Prey on Eager Travelers
- The DFIR Report: BazarLoader to Conti Ransomware in 32 Hours
- Microsoft: Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
- Active Countermeasures: Malware of the Day – Mythic – Apollo
- Michael Koczwara: Mapping and Pivoting from Cobalt Strike C2 Infrastructure Attributed to CVE-2021-40444
- Telekom: Flubot under the Microscope
Tools and Tips
- CrowdStrike: 4 Popular Defensive Evasion Techniques in 2021
- FireEye: ELFant in the Room – capa v3
- Recorded Future: How to Detect Cobalt Strike: An Inside Look at the Popular Commercial Post-Exploitation Tool
- Dragos: Safety Instruments Testing: Spotting and Stopping Process Attacks
- Bitdefender: Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware
- red canary: Microsoft Identity: An intro to Windows Active Directory
- Trustwave: Missing Critical Vulnerabilities Through Narrow Scoping
- PAN Unit42: Dangling Domains: Security Threats, Detection and Prevalence
- Sucuri: A Cheat-Sheet on Internet Cookies – (Who, What, When, Why & How)
- 0xinfection: Offensive WMI – Interacting with Windows Registry (Part 3)
- Cisco: Managing Cybersecurity Burnout
- Bobby Cooke: Beginners Guide to 0day/CVE AppSec Research
- Teleport: How to attack cloud infrastructure via a malicious pull request
- rootsecdev: Creating your own private pwn lab for OMI Exploitation
Breaches, Government, and Law Enforcement
- FBI: Scammers Defraud Victims of Millions of Dollars in New Trend in Romance Scams
- Flashpoint: The Navalny Leaks: Data, Probiv, and Russian Political Influence
- Krebs: Trial Ends in Guilty Verdict for DDoS-for-Hire Boss
- BleepingComputer: US to sanction crypto exchanges, wallets used by ransomware
- The Record: Man who bribed AT&T employees to install malware on the company’s network gets 12 years in prison
- The Record: US fines former NSA employees who provided hacker-for-hire services to UAE
Vulnerabilities and Exploits
- CrowdStrike: September 2021 Patch Tuesday: A Malicious MSHTML Zero-Day and Ongoing Critical CVEs
- SANS ISC: Microsoft September 2021 Patch Tuesday
- CISA: Vulnerability Summary for the Week of September 6, 2021
- WIZ: “Secret” Agent Exposes Azure Customers To Unauthorized Code Execution
- Microsoft: Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions
- Cado Security: Azure OMI Vulnerability OMIGOD (CVE-2021-38647) Now Under Exploitation
- PAN Unit42: Threat Brief: OMI Vulnerabilities (CVE-2021-38645, CVE-2021-38647, CVE-2021-38648 and CVE-2021-38649)
- SentinelLabs: CVE-2021-3437 | HP OMEN Gaming Hub Privilege Escalation Bug Hits Millions of Gaming Devices
- Objective-See: Analysis of CVE-2021-30860
- ZecOps: The Recent iOS 0-Click, CVE-2021-30860, Sounds Familiar. An Unreleased Write-up: One Year Later
- TrendMicro: Analyzing Pegasus Spyware’s Zero-Click iPhone Exploit ForcedEntry
- Kaspersky: Exploitation of the CVE-2021-40444 vulnerability in MSHTML