Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Recorded Future: Myanmar Internet Censorship Pushes Civilians to Underground, Dark Web
- Kaspersky: Threat landscape for industrial automation systems. Statistics for H2 2020
- Dragos: New ICS Threat Activity Group: STIBNITE
- Talos: Quarterly Report: Incident Response trends from Winter 2020-21
- SANS: Survey Now Open: 2021 SANS Digital Forensics Survey: Digital Forensics Essentials and Why Foundations Matter
- SANS: 2021 Security Awareness Report: Managing Human Cyber Risk
- Red Canary: Blog Hindsight is 2020: gearing up for the Threat Detection Report
- Digital Shadows: Tax and Unemployment Fraud in 2021
- F5: Denial-Of-Service and Password Login Attacks Top Reported Security Incidents, 2018-2020
- Unit42: Fake Websites Used in COVID-19 Themed Phishing Attacks, Impersonating Brands Like Pfizer and BioNTech
- ASPI: Hunting the Phoenix: The Chinese Communist Party’s global search for technology and talent
- Microsoft: Securing our approach to domain fronting within Azure
Threat Research
- CIS: Top 10 Malware February 2021
- CrowdStrike: Adversary Quest: 4 CATAPULT SPIDER eCrime Challenges
- Accenture: Unknown Threat Group using Hades Ransomware
- Zscaler: Low-volume multi-stage attack leveraging AzureEdge and Shopify CDNs
- Kaspersky: Convuster: macOS adware now in Rust
- Malwarebytes: Software renewal scammers unmasked
- CISA: Webshells Observed in Post-Compromised Exchange Servers
- JPCERT: Lazarus Attack Activities Targeting Japan (VSingle/ValeforBeta)
- Bitdefender: Golang Bot Starts Targeting WordPress Websites
- Quick Heal: Zloader: Entailing Different Office Files
- Infoblox: Malicious Activity Report: Trickbot Loader
- Microsoft: Analyzing attacks taking advantage of the Exchange Server vulnerabilities
- 0xthreatintel: Internals of DearCry Ransomware !
Tools and Tips
- SpecterOps: BloodHound Enterprise Preview FAQ
- Dragos: Preparing for Industrial Cyber Response: What to Have in Your Incident Response Toolkit
- SANS ISC: Analysis from March 2021 Traffic Analysis Quiz
- Trustwave: From Creative Password Hashes to Administrator: Gone in 60 Seconds (Or Thereabouts)
- Sentinel One: Keep Malware Off Your Disk With SentinelOne’s IDA Pro Memory Loader Plugin
- Digit Oktavianto: Malicious Powershell Deobfuscation Using CyberChef
- pemistahl: pemistahl/grex: A command-line tool and library for generating regular expressions from user-provided test cases
- Didier Stevens: Finding Metasploit & Cobalt Strike URLs
- Under Defense: How to detect CobaltStrike Command & Control communication
- Mehmet Ergene: Threat Hunting with Data Science: Registry Run Keys
Breaches, Government, and Law Enforcement
- Shell: Third-party cyber security incident impacts Shell
- ABC News: Takeaways from House hearing on disinformation with Facebook, Google and Twitter CEOs
- CyberScoop: Top insurer CNA disconnects systems after cyberattack
- Krebs: Phish Leads to Breach at Calif. State Controller
- Reuters: Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft
- Trend Micro: Alleged Members of Egregor Ransomware Cartel Arrested
- The Record: FBI sends out private industry alert about Mamba ransomware
- DOJ: First North Korean National Brought to the United States to Stand Trial for Money Laundering Offenses
- NCSC: More targeted ransomware attacks on UK education
Vulnerabilities and Exploits
- CIS: Multiple Vulnerabilities in Cisco Jabber Could Allow for Arbitrary Code Execution
- Fortinet: Defending Against Critical F5 Vulnerabilities
- Netgear: Security Advisory for Multiple Vulnerabilities on Some ProSAFE Plus Switches
- CISA: Vulnerability Summary for the Week of March 15, 2021
- Bleeping Computer: Apple fixes a iOS zero-day vulnerability actively used in attacks Image
- Threatpost: Microsoft Offers Up To $30K For Teams Bugs
Article Link: https://security-soup.net/weekly-news-roundup-march-21-to-march-27/