Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- CrowdStrike: 2021 Threat Hunting Report: OverWatch Once Again Leaves Adversaries with Nowhere to Hide
- RiskIQ: Flowspec Bulletproof Services Enable Cybercrime Worldwide
- Recorded Future: Connections Between the Russian State and Criminal Actors
- Flashpoint: REvil Is Back on Exploit and Trying to Restore Its Reputation
- IBM: LockBit 2.0: Ransomware Attacks Surge After Successful Affiliate Recruitment
- Kaspersky: ICS threat report for H1 2021 – key statistics
- HP: Rebellions and Rejections Report Uncovers Remote Workforce Security Trends
- PhishLabs: Social Media Attacks Increase 47%
- SANS: A Visual Summary of SANS Blue Team Summit 2021
Threat Research
- Netskope: Hive Ransomware: Actively Targeting Hospitals
- Proofpoint: Advance Fee Fraud: The Emergence of Elaborate Crypto Schemes
- Zscaler: CloudFall Targets Researchers and Scientists Invited to International Military Conferences in Central Asia and Eastern Europe
- Fortinet: New Dridex Variant Being Spread By Crafted Excel Document
- Symantec: Grayfly: Chinese Threat Actor Uses Newly-discovered Sidewalk Malware
- SANS ISC: “Stolen Images Evidence” Campaign Continues Pushing BazarLoader Malware
- expel: The top phishing keywords in the last 10k+ malicious emails we investigated
- Blackberry: Threat Thursday: Get Your Paws Off My Data, Raccoon Infostealer
- SentinelLabs: EGoManiac | An Unscrupulous Turkish-Nexus Threat Actor
- Juniper: Muhstik Botnet targeting Confluence servers with CVE-2021-26084
- Sucuri: Multistage WordPress Redirect Kit
- Segurança Informática: The new maxtrilha trojan is being disseminated and targeting several banks
Tools and Tips
- Netskope: A Real-World Look at AWS Best Practices: Networking
- CIS: Hack the Human: End-User Training and Tips to Combat Social Engineering
- Dragos: New Knowledge Pack Released (KP-2021-007-E)
- TrustedSec: Obsidian, Taming a Collective Consciousness
- JPCERT: How to Use Volatility 3 Offline
- PAN Unit42: Detect JavaScript-Based Phishing With Deep Learning
- Walmart: Decoding SmartAssembly strings, a Haron ransomware case study
- Huntress: Malware Deep Dive: Investigating a Foothold and Uncovering the Payload
- Michael Koczwara: Cobalt Strike C2 Hunting with Shodan
- FalconForce: FalconFriday — Detecting ASR Bypasses
- 0xinfection: Offensive WMI – Exploring Namespaces, Classes & Methods (Part 2)
- StrangerealIntel: Deobfuscating FIN7 JavaScript Implants
- OWASP: OWASP Top 10:2021 (DRAFT FOR PEER REVIEW)
- tylabs: QuickSand document and PDF malware analysis tool written in Python
- Counter Craft: Shellcode Detection Using Real-Time Kernel Monitoring
- steved3: Kit Hunter 2.0 – Getting Started
Breaches, Government, and Law Enforcement
- Flashpoint: 20 Years After 9/11: Tracking the Evolution of Jihadism
- Fortinet: Malicious Actor Discloses FortiGate SSL-VPN Credentials
- FBI: FBI Warns about an Increase in Sextortion Complaints
- Nextgov: Biden Administration Releases Draft Zero-Trust Guidance
- Krebs: “FudCo” Spam Empire Tied to Pakistani Software Firm
- BleepingComputer: New Mēris botnet breaks DDoS record with 21.8 million RPS attack
- threatpost: Stolen Credentials Led to Data Theft at United Nations
- Intel471: How Groove Gang is shaking up the Ransomware-as-a-Service market to empower affiliates
- The Record: ProtonMail forced to collect an activist’s IP address in police investigation
- The Record: TrickBot gang member arrested after getting stuck in South Korea due to COVID-19 pandemic
- Zetter: Hacking Team Customer in Turkey Was Arrested for Spying on Police Colleagues [or: The Spy Story That Spun a Tangled Web]
Vulnerabilities and Exploits
- CISA: Vulnerability Summary for the Week of August 30, 2021
- CISA: Zoho Releases Security Update for ADSelfService Plus
- Microsoft: Coordinated disclosure of vulnerability in Azure Container Instances Service
- PAN Unit42: Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances
- Microsoft: Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444
- CIS: A Vulnerability in Microsoft MSHTML Could Allow for Remote Code Execution
- Zscaler: Security Advisory: Microsoft MSHTML Remote Code Execution Vulnerability (CVE-2021-40444)
- Fortinet: Microsoft MSHTML Remote Code Execution Vulnerability Exploited in the Wild (CVE-2021-40444)
- Cisco Talos: Talos release protection against zero-day vulnerability in Microsoft MSHTML
- Cybereason: THREAT ALERT: Microsoft MSHTML Remote Code Execution Vulnerability
- Trend Micro: Remote Code Execution Zero-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs
- Huntress: Cybersecurity Advisory: Hackers Are Exploiting CVE-2021-40444