Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- CISA: Business Email Compromise: Cosmic Lynx
- CISA: Windows Server Vulnerability Requires Immediate Attention
- NY Times: Backlash Grows to TikTok-Oracle Deal
- Crowdstrike: Highlights From 2020 Threat Hunting Report
- Intezer: Looking Back on the Last Decade of Linux APT Attacks
- digital shadows: With the Empire falling, who will take over the throne?
- Bleeping Computer: Ransomware attack at German hospital leads to death of patient
- Paloalto Unit42: Network Attack Trends: Attackers Leveraging High Severity and Critical Exploits
- Journal of Cybersecurity: Public attribution of cyber intrusions
- US-CERT: Iran-Based Threat Actor Exploits VPN Vulnerabilities
- Intel471: Partners in crime: North Koreans and elite Russian-speaking cybercriminals
Threat Research
- Trustwave: Evasive URLs in Spam
- zscaler: Malware exploiting XML-RPC vulnerability in WordPress | blog
- IBM X-Force: A New Botnet Attack Just Mozied Into Town
- Check Point: Rampant Kitten – An Iranian Espionage Campaign – Check Point Research
- Sophos: Maze attackers adopt Ragnar Locker virtual machine technique
- US-CERT: MAR-10297887-1.v1 – Iranian Web Shells
- Morphisec: Trickbot/Emotet Delivery through Word Macro
- VinCSS: [RE016] Malware Analysis: ModiLoader
- Click All the Things!: Trickbot: ActiveDocument.Words is the word!
Tools and Tips
- SpecterOps: Detections of Past, Present, and Future | by Robby Winchester | Sep, 2020
- SANS ISC: Traffic Analysis Quiz: Oh No… Another Infection!
- Fireeye: A “DFUR-ent” Perspective on Threat Modeling and Application Log Forensic Analysis
- Smarter Forensics: Rotten to the Core? Nah, iOS14 is Mostly Sweet
- CyberArk: An Introduction to Hardware Hacking
- BushidoToken: OSINT Challenge: Key West
- FalconForce: FalconFriday — Detecting Certutil and suspicious code compilation- 0xFF02
- CERT-Polska: CERT-Polska/hfinger: Hfinger – fingerprinting HTTP requests
- VoidSec: VoidSec/CVE-2020-1472: Exploit Code for CVE-2020-1472 aka Zerologon
- MITRE: FIN6 Adversary Emulation
- D20 Forensics: iOS 14 – First Thoughts and Analysis
- BC-Security: BC-SECURITY/Invoke-ZeroLogon
- Recon InfoSec: Mapping Adversary Emulation Plans
- Microsoft: Windows Sysinternals – Update adds support for capturing clipboard
Breaches, Government, and Law Enforcement
- US DOC: Commerce Department Prohibits WeChat and TikTok Transactions to Protect the National Security of the United States
- United States DOT: Treasury Sanctions Cyber Actors Backed by Iranian Intelligence Ministry
- US DOVA: VA notifies Veterans of compromised personal information
- Staples: Staples discloses data breach exposing customer info
- US DOJ: Former Employee At Los Alamos National Laboratory Sentenced To Probation For Making False Statements About Being Employed By China
- US DOJ: Seven International Cyber Defendants, Including “Apt41” Actors, Charged In Connection With Computer Intrusion Campaigns Against More Than 100 Victims Globally
- US DOJ: Two Iranian Nationals Charged in Cyber Theft Campaign Targeting Computer Systems in United States, Europe, and the Middle East
- ZDnet: US charges two Russians for stealing $16.8m via cryptocurrency phishing sites
Vulnerabilities and Exploits
- Purdue University: BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy [PDF]
- Stevens Institute of Technology: Speculative Probing: Hacking Blind in the Spectre Era
- Cisco Talos: Vulnerability Spotlight: Remote code execution vulnerability Apple Safari
- US-CERT: Vulnerability Summary for the Week of September 7, 2020
- Trustwave: Hijacking a Domain Controller with Netlogon RPC (aka Zerologon: CVE-2020-1472)
- zecOps: From a comment to a CVE: Content filter strikes again!
- Palo: Threat Brief: Microsoft Vulnerability CVE-2020-1472 “Zerologon”
- NVISO: Sentinel Query: Detect ZeroLogon (CVE-2020-1472)
- John Page (aka hyp3rlinx) – Windows TCPIP Finger Command “finger.exe” C2 Channel and Bypassing Security Software
1 comment / Add your comment below