Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Flashpoint: Vulnerabilities Exploited by Russian APTs and Ransomware Groups
- Kaspersky: Threat landscape for industrial automation systems, H2 2021
- PhishLabs: Average Organization Sees Two-Fold Increase in Social Media Attacks in 2021
Threat Research
- CrowdStrike: How to Decrypt the PartyTicket Ransomware Targeting Ukraine
- Proofpoint: Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
- IBM: New Wiper Malware Used Against Ukranian Organizations
- Recorded Future: HermeticWiper and PartyTicket Targeting Computers in Ukraine
- ESET: IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
- Kaspersky: Elections GoRansom – a smoke screen for the HermeticWiper attack
- Malwarebytes: HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine Looking at the internals of HermeticWiper
- Cybereason: Cybereason vs. HermeticWiper and IsaacWiper
- Cybereason: Cybereason vs. BlackCat Ransomware
- Secureworks: Domains Linked to Phishing Attacks Targeting Ukraine
- Walmart: SystemBC, PowerShell version.
- Huntress: Targeted APT Activity: BABYSHARK Is Out for Blood
- Curated Intelligence: Adobe Document Cloud credential harvesting campaign
Tools and Tips
- SpecterOps: https://posts.specterops.io/attack-path-management-pillars-part-3-safe-ad-security-remediation-guidance-b9d3d8383cec
- Fortinet: Beyond Sightings, Across the Cybersecurity Landscape There Are Attacks Flows
- Dragos: The Value of Penetration Testing ICS/OT Environments
- SANS ISC: oledump’s Extra Option
- Red Canary: IR in focus: Isolating & containing a confirmed threat
- NSA: NSA Releases Network Infrastructure Security Guidance
- Avast: Help for Ukraine: Free decryptor for HermeticRansom ransomware
- SANS: Ukraine-Russia Conflict – Cyber Resource Center
- TrustedSec: Manipulating User Passwords Without Mimikatz
- ForensicITGuy: Aggah PPAM macros renaming MSHTA
- Arnaud Zobec: Analyzing conti-leaks without speaking russian — only methodology
- TheParmak: GitHub – TheParmak/conti-leaks-englished: Google and deepl translated conti leaks
- tsale: GitHub – tsale/translated_conti_leaked_comms
- Black Hills: Rogue RDP – Revisiting Initial Access Methods
- Stairwell: Quick n’ dirty detection research: Building a labeled malware corpus for YARA testing
- MITRE: Attack Flow — Beyond Atomic Behaviors
Breaches, Government, and Law Enforcement
- ZDNet: Ukrainian cities hit with blackouts after attacks on energy infrastructure
- ESET: ESET Research Podcast: Ukraine’s past and present cyberwar
- Krebs: Conti Ransomware Group Diaries, Part III: Weaponry
- Binary Defense: Dark Web Reactions to Russia’s Invasion of Ukraine
- Trustwave: Dark Web Insights: Evolving Cyber Tactics Aim to Impact the Russia-Ukraine Conflict
- BleepingComputer: Ukraine to join NATO intel-sharing cyberdefense hub
- BleepingComputer: Conti Ransomware source code leaked by Ukrainian researcher
- Cyberark: Conti Group Leaked!
- Rapid7: Graph Analysis of the Conti Ransomware Group Internal Chats
- The Record: Senate approves cyber incident reporting bill amid worries about Russian threats
- Data Breach Today: Hackers Report Leaking 190GB of Samsung Data, Source Code
- Mandiant: Responses to Russia’s Invasion of Ukraine Likely to Spur Retaliation
- Cyberknow: 2022 Russia-Ukraine war — Cyber group tracker. Update 3.
Vulnerabilities and Exploits
- zscaler: Analysis of Adobe Acrobat Pro DC Solid Framework Heap-based
- Flashpoint: CISA’s BOD 22-01: Vulnerability Management for Federal Agencies
- CISA: Vulnerability Summary for the Week of February 21, 2022
- SentinelOne: Zen and the Art of SMM Bug Hunting | Finding, Mitigating and Detecting UEFI Vulnerabilities
- PAN Unit42: New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
Article Link: Weekly News Roundup — February 27 to March 5 – Security Soup