Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Google: https://cloud.google.com/blog/products/identity-security/raising-the-bar-in-security-operations
- InfoSecSherpa: InfoSecSherpa’s News Round Up for Friday, January 7, 2022
- Curated Intelligence: The Long Game Of Cyber Threat Intelligence
- Objective-See: The Mac Malware of 2021
- US FTC: FTC warns companies to remediate Log4j security vulnerability
- The Record: FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware
Threat Research
- NHS Digital: Log4Shell Vulnerabilities in VMware Horizon Targeted to Install Web Shells
- Avanan: Google Docs Comment Exploit Allows for Distribution of Phishing and Malware
- Sygnia: Elephant Beetle: Uncovering An Organized Financial-Theft Operation
- Malwarebytes: Patchwork APT caught in its own web | Malwarebytes Labs
- Check Point: Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk – Check Point Research
- Blackberry: Threat Thursday: Emotet Update
- PAN Unit 42: Web Skimmer Campaign Leverages Cloud Video Platform
- Chuong Dong: Rook Ransomware
Tools and Tips
- Microsoft: Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
- Dragos: Achieving Secure Digital Transformation in Manufacturing in 2022: Best Practices from 3 Cybersecurity Experts
- SANS ISC: TShark & jq
- Red Canary: eBPF for security: a beginner’s guide
- Intezer: Malware Reverse Engineering for Beginners – Part 1: From 0x0
- SentinelLabs: A Threat Hunter’s Guide to the Mac’s Most Prevalent Adware Infections 2022
- SANS: Password Hash Cracking in Amazon Web Services: Burning Your Way to Success
- Atomic Matryoshka: Intro To Dynamic Analysis With Redlinestealer
- Michael Koczwara: LetsDefend: Hijacked NPM Package/Supply Chain Compromise
- TrustedSec: An ‘Attack Path’ Mapping Approach to CVEs 2021-42287 and 2021-42278
- DMFR Security: 100 Days of YARA – Day 19: Identifying Golang Binaries
- Kitploit: PMAT-labs – Labs For Practical Malware Analysis And Triage
- Anton on Security: Stealing More SRE Ideas for Your SOC
- Koen Van Impe: Incident response case management, DFIR-IRIS and a bit of MISP
- Forensic IT Guy: Decoding an Encoded Webshell Using NodeJS
Breaches, Government, and Law Enforcement
- ZDNet: Kazakhstan leaders shut down internet amid gas price protests
- US DOJ: Chinese National Pleads Guilty to Economic Espionage Conspiracy
- BleepingComputer: FinalSite ransomware attack shuts down thousands of school websites
- Malwarebytes: Google and Facebook fined $240 million for making cookies hard to refuse
- FBI: Oregon FBI Tech Tuesday: Building a Digital Defense Against Google Voice Authentication Scams
- The Record: Massive internet outages continue to sow confusion amid Kazakhstan protests
- Lawfare: Do the Legal Rules Governing the Confidentiality of Cyber Incident Response Undermine Cybersecurity?
Vulnerabilities and Exploits
- JFrog: JNDI-Related Vulnerability Discovered in H2 Database Console
- Fortinet: From User to Domain Admin in (less than) 60 seconds: CVE-2021-42278/CVE-2021-42287
- CISA: Bulletin (SB22-003) Vulnerability Summary for the Week of December 27, 2021
Article Link: Weekly News Roundup — January 2 to January 8 – Security Soup