Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- CrowdStrike: A Sneak Peek at the 2022 Falcon OverWatch Threat Hunting Report
- IBM: Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments
- Fortinet: Ransomware Roundup: Ragnar Locker Ransomware
- Securelist: Threat landscape for industrial automation systems for H1 2022
- Malwarebytes: A first look at the builder for LockBit 3.0 Black
- Dragos: New Dragos Report Highlights Threats Targeting Water & Wastewater Systems in the GCC
- Red Canary: Intelligence Insights: September 2022
- PhishLabs: Chat-Based Services, Finance, Heavily Abused on the Dark Web in Q2
- PAN Unit42: Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime
- CSET: Downrange: A Survey of China’s Cyber Ranges
Threat Research
- Mandiant: GRU: Rise of the (Telegram) MinIOns
- Proofpoint: Look What You Made Me Do: TA453 Uses Multi-Persona Impersonation to Capitalize on FOMO
- Microsoft: Malicious OAuth applications used to compromise email servers and spread spam
- Zscaler: Technical Analysis of Crytox Ransomware
- Netskope: Attackers Continue to Abuse Google Sites and Microsoft Azure to Host Cryptocurrency Phishing
- Recorded Future: Chinese State-Sponsored Group TA413 Adopts New Capabilities in Pursuit of Tibetan Targets
- Recorded Future: Russia-Nexus UAC-0113 Emulating Telecommunication Providers in Ukraine
- ESET: You never walk alone: The SideWalk backdoor gets a Linux variant
- Fortinet: Meeting the “Ministrer”
- Securelist: Mass email campaign with a pinch of targeted spam
- Cybereason: PlugX RAT Loader Evolution
- Blackberry: Some Kind of Monster: RaaS Hides Itself Using Traits From Other Malware
- Inquest: What’s your name? … My how you have changed.
- Secureworks: Opsec Mistakes Reveal COBALT MIRAGE Threat Actors
- SentinelOne: Void Balaur | The Sprawling Infrastructure of a Careless Mercenary
- VMware: Threat Report: Illuminating Volume Shadow Deletion
- The DFIR Report: Dead or Alive? An Emotet Story
- Decoder: Giving JuicyPotato a second chance: JuicyPotatoNG
- Avast: Raspberry Robin’s Roshtyak: A Little Lesson in Trickery
- NVISO Labs: Finding hooks with windbg
Tools and Tips
- SpecterOps: WMI Internals Part 3. Beyond COM
- CIS: Hack the Human: End-User Training and Tips to Combat Social Engineering
- Microsoft: The art and science behind Microsoft threat hunting: Part 2
- IBM: A Response Guide for New NSA and CISA Vulnerabilities
- Dragos: Don’t Miss the Dragos Capture the Flag (CTF) Event at DISC 2022
- Checkpoint: Native function and Assembly Code Invocation
- Cisco Talos: Insider Threats: Your employees are being used against you
- SANS ISC: Chainsaw: Hunt, search, and extract event log records
- SANS ISC: Preventing ISO Malware
- Red Canary: Better know a data source: Process creation
- Red Canary: Forward thinking: How adversaries abuse Office 365 email rules
- Expel: Detection and response in action: an end-to-end coverage story
- G Data: Identifying file manipulation in system files
- CISA: Control System Defense: Know the Opponent
- Open Source DFIR: Timesketch, Header Mapping for CSV imports
- CyberArk: Understanding Windows Containers Communication
- Huntress: Unraveling a Reverse Shell with Process Insights
- OALABS: Clipboard Hijacker Detection
- Shinigami: Breaking Into the CTI Field: Demystifying the Interview Process and Practice Interview Questions
- ZENA Forensics: Android Forensics References: a curated list
- Mehmet Ergene: Detecting DLL Hijacking Attacks — Part 1
Breaches, Government, and Law Enforcement
- Flashpoint: What We Know About the ‘Grand Theft Auto VI’ Data Breach
- Flashpoint: ‘Party of War’: How Russians Are Reacting to Putin’s Conscription Gamble
- Krebs: Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.
- CISA: Iranian State Actors Conduct Cyber Operations Against the Government of Albania
- Binary Defense: The war in Ukraine and its impact on how China views Taiwan
- Trustwave: Retaliation by the Pro-Russian Group KillNet
- BleepingComputer: UK Police arrests teen believed to be behind Uber, Rockstar hacks
- Intel471: No Protection Against Nation-State
- Data Breach Today: Australian Telco Optus Investigates Scope of Large Breach
- Risky Biz News: Risky Biz News: US Ransomware Task Force to go after ransomware top dogs
- Chainalysis: $30 Million Seized: How the Cryptocurrency Community Is Making It Difficult for North Korean Hackers To Profit
- AP News: 3 Iranian citizens charged in broad hacking campaign in US
Vulnerabilities and Exploits
- Cisco Talos: Vulnerability Spotlight: Vulnerabilities in popular library affect Unix-based devices
- CISA: Vulnerability Summary for the Week of September 12, 2022
- Digital Shadows: Vulnerability Intelligence Roundup: Five RCE Vulnerabilities To Prioritize In September
- JP-CERT: F5 BIG-IP Vulnerability (CVE-2022-1388) Exploited by BlackTech
- F5 Labs: Sensor Intel Series: Top CVEs in August 2022
- Trend Micro: Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware
- Nucleus: CISA Known Exploited Vulnerabilities Breakdown