Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- ESET: ESET Threat Report T2 2021
- Symantec: The Ransomware Threat in 2021
- Cisco Talos: A wolf in sheep’s clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus
- Morphisec: Unwanted Gift: Ransomware, Supply Chain Attacks, and How to Prevent Them
- Trend Micro: Midyear 2021 Cybersecurity Landscape Review: Attacks From All Angles Abound
- Microsoft: How nation-state attackers like NOBELIUM are changing cybersecurity
- InfoSecSherpa: InfoSecSherpa’s News Round Up for Friday, October 1, 2021
- Phil Venables: Cyber Deterrence : A Simple Perspective
Threat Research
- Proofpoint: TA544 Targets Italian Organizations with Ursnif Malware
- Zscaler: Squirrelwaffle: New Loader Delivering Cobalt Strike
- Recorded Future: 4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan
- Fortinet: Ranion Ransomware – Quiet and Persistent RaaS
- Kaspersky: GhostEmperor: From ProxyLogon to kernel mode
- Kaspersky: Tomiris backdoor and its connection to Sunshuttle and Kazuar
- Kaspersky: FinSpy: unseen findings
- Check Point: PixStealer: a new wave of Android banking Trojans abusing Accessibility Services
- Cybereason: Threat Analysis Report: Inside the Destructive PYSA Ransomware
- Blackberry: Threat Thursday: xLoader Infostealer
- Inquest: Rechnung Financial Malspam
- SentinelLabs: New Version Of Apostle Ransomware Reemerges In Targeted Attack On Higher Education
- PAN Unit42: Email Credential Harvesting at Scale Without Malware
- Positive Technologies: Masters of Mimicry: new APT group ChamelGang and its arsenal
- Trend Micro: FormBook Adds Latest Office 365 0-Day Vulnerability CVE-2021-40444 to Its Arsenal
- Microsoft: FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
- Threat Fabric: ERMAC – another Cerberus reborn
- Cynet: A Virtual Baffle to Battle Squirrelwaffle
- Proferosec: RansomEXX, Fixing Corrupted Ransom
- Objective-See: Made In America: Green Lambert for OS X
Tools and Tips
- red canary: So you’re thinking about starting a cyber threat intelligence team…
- G DATA: All Your Hashes Are Belong To Us – an Overview of Hashing Algorithms
- CISA: CISA and NSA Release Guidance on Selecting and Hardening VPNs
- PAN Unit42: Wireshark Tutorial: Wireshark Workshop Videos Now Available
- Rapid7: The 2021 OWASP Top 10 Have Evolved: Here’s What You Should Know
- SANS: Introduction to ICS Security Part 3
- Microsoft: A guide to combatting human-operated ransomware: Part 2
- DFIR dIVA: DFIR Related Events for Beginners – October 2021
- Michael Koczwara: THM: Windows Server Attack Analysis: Part One
- FalconForce: FalconFriday — Stealing and detecting Azure PRT cookies — 0xFF18
- Anomoli: The Need for Savvy Sharing of Threat Intelligence
- AWS: Introducing the Ransomware Risk Management on AWS Whitepaper
- TrustedSec: They’re Watching You! Protecting Yourself From Hidden Cameras
- Yoroi: Hunting the LockBit Gang’s Exfiltration Infrastructures
- CoreLight (Youtube Video): RDP Forensics without endpoint visibility
- Cloudflare: Tackling Email Spoofing and Phishing
- Pookie Bear: Can’t Contain Poop — Container Security CTF
- c99.sh: Hunting ngrok Activity
Breaches, Government, and Law Enforcement
- The Record: Hackers bypass Coinbase 2FA to steal customer funds
- The Record: US arrests 33 BEC scammers linked to Nigerian crime syndicate
- The White House: Statement by President Joe Biden on Cybersecurity Awareness Month
- ZDnet: Chief exec of cybersecurity Group-IB arrested on treason charge
- Flashpoint: REvil’s “Cryptobackdoor” Con: Ransomware Group’s Tactics Roil Affiliates, Sparking a Fallout
- Recorded Future: The Business of Fraud: Laundering Funds in the Criminal Underground
- Malwarebytes: The FCC moves to curb SIM swap attacks
- Bleeping Computer: US Congress asks FBI to explain delay in helping Kaseya attack victims
- ThreatPost: Baby’s Death Alleged to Be Linked to Ransomware
- Data Breach Today: Neiman Marcus Says 4.6M Affected by Data Breach
- Data Breach Today: Anonymous Leaks Epik Data – Again
- US DOJ: United States Citizen Pleads Guilty To Conspiring To Assist North Korea In Evading Sanctions
- RadioFreeEurope RadioLiberty: Report: US Extradites Convicted Russian Hacker Back Home
Vulnerabilities and Exploits
- Fortinet: Fortinet Security Researcher Discovers Multiple Vulnerabilities Across Multiple Corel Products
- Bleeping Computer: New Microsoft Exchange service mitigates high-risk bugs automatically
- Google: Chrome 0-days: Stable Channel Update for Desktop
- Ars Technica: New Azure Active Directory password brute-forcing flaw has no fix
- Secureworks: Undetected Azure Active Directory Brute-Force Attacks
- CISA: Bulletin (SB21-270) Vulnerability Summary for the Week of September 20, 2021
- F-Secure: Analysis of CVE-2021-1810 Gatekeeper bypass