Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- CrowdStrike: 2022 Global Threat Report: A Year of Adaptability and Perseverance
- SonicWall: 2022 SonicWall Cyber Threat Report
- Recorded Future: Executive Overview of Russian Aggression Against Ukraine
- Check Point: The Death of “Please Enable Macros” and What it Means
- Red Canary: Intelligence Insights: February 2022
- Phish Labs: Social Media Attacks Double in 2021 According to Latest PhishLabs Report
- expel: Top Attack Vectors: January 2022
- Blackberry: “The Year of Living Dangerously”: Details from the BlackBerry 2022 Threat Report
- Digital Shadows: Initial Access Brokers in 2021: An Ever Expanding Threat
Threat Research
- CISA: Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
- Proofpoint: Charting TA2541’s Flight
- Check Point: A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies
- KELA: From Initial Access to Ransomware Attack – 5 Real Cases Showing the Path from Start to End
- Zscaler: FreeCryptoScam – A New Cryptocurrency Scam That Leads to Installation of Backdoors and Stealers
- Fortinet: Guard Your Drive from DriveGuard: Moses Staff Campaigns Against Israeli Organizations Span Several Months
- Malwarebytes: Don’t let scammers ruin your Valentine’s Day
- Cybereason: Cybereason vs. WhisperGate Wiper
- Blackberry: Threat Thursday: Arkei Infostealer Expands Reach Using SmokeLoader to Target Crypto Wallets and MFA
- G Data: Allcome clipbanker is a newcomer in underground forums
- SentinelOne: Log4j2 In The Wild | Iranian-Aligned Threat Actor “TunnelVision” Actively Exploiting VMware Horizon
- PAN Unit42: New Emotet Infection Method
- BushidoToken: Mobile Banking Phishing Campaign
- Walmart: PrivateLoader to Anubis Loader
- Microsoft: ‘Ice phishing’ on the blockchain
- Huntress: Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection
- Sucuri: Attackers Abuse Poorly Regulated Top-Level Domains in Ongoing Redirect Campaign
- Qualys: LolZarus: Lazarus Group Incorporating Lolbins into Campaigns
- NetByteSEC: Technical Malware Analysis: The Return of Emotet
- Eli Salem: Highway to Conti: Analysis of Bazarloader
- AdvIntel: The TrickBot Saga’s Finale Has Aired: Spinoff is Already in the Works
- Avanan: Hackers Attach Malicious .exe Files to Teams Conversations
Tools and Tips
- SANS ISC: Wireshark 3.6.2 Released
- SANS ISC: More packet fu with zeek
- CISA: CISA Compiles Free Cybersecurity Services and Tools for Network Defenders
- DFIRScience: Data Artifacts, Analysis Results, and Reporting in Autopsy
- MalwareAnalysisForHedgehogs: Malware Theory – Overview to Malware Vaccines
- SwiftForensics: Yogesh Khatri’s forensic blog: Reading OneDrive Logs
- Shodan: nrich – shodan-public
- mnrkbys: ma2tl (mac_apt to timeline) This is a DFIR tool for generating a macOS forensic timeline from the analysis result DBs of mac_apt.
- Sids’s Blog: Playing With Cobalt Strike | Sid’s Blog
- FilePhish: A simple OSINT Google query builder for fast and easy document and file discovery.
- MITRE: A Sneak Peek at MITRE Engage V1
- Microsoft: Sysinternals Updates: Autoruns v14.09, ProcMon v3.89, Sysmon v13.33 and ZoomIt v5.10
- YaraDbg: a free web-based Yara debugger to help security analysts to write hunting or detection rules with less effort and more confidence
- Vaticle: Introducing a Knowledge Graph for Cyber Threat Intelligence with TypeDB
- BishopFox: Unredacter Shows you why you should never ever ever use pixelation as a redaction technique
- darkquasar: AzureHunter: A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
Breaches, Government, and Law Enforcement
- Flashpoint: Russia Is Cracking Down on Cybercrime. Here Are the Law Enforcement Bodies Leading the Way
- Recorded Future: The Business of Fraud: Sales of PII and PHI
- The Record: EU privacy watchdog wants Pegasus spyware banned
- EDPS: EDPS Preliminary Remarks on Modern Spyware | European Data Protection Supervisor
- BleepingComputer: NFL’s San Francisco 49ers hit by Blackbyte ransomware attack
- BleepingComputer: BlackCat (ALPHV) claims Swissport ransomware attack, leaks data
- Krebs: Red Cross Hack Linked to Iranian Influence Operation?
- NCSC-NZ: NCSC – General Security Advisory: Understanding and preparing for cyber threats relating to tensions between Russia and Ukraine
- CISA: CISA Insights: Foreign Influence Operations Targeting Critical Infrastructure
- Intel471: How the Russia-Ukraine conflict is impacting cybercrime
- The Record: Mexican man pleads guilty to brokering sale of surveillance devices, WhatsApp hacking tools
- Lawfare: Cyber Reporting Proposals: Assessing Liability Protections and Legal Privileges
- Data Breach Today: First National Cryptocurrency Enforcement Team Director Named
Vulnerabilities and Exploits
- Qualys: Oh Snap! More Lemmings: Local Privilege Escalation Vulnerability Discovered in snap-confine (CVE-2021-44731)
- Fortinet: Analysis of Microsoft CVE-2022-21907
- CISA: Bulletin (SB22-045) Vulnerability Summary for the Week of February 7, 2022
Article Link: Weekly News Roundup — February 13 to February 19 – Security Soup