Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Kaspersky: IT threat evolution Q3 2021
- Google: Coin mining, ransomware, APTs target cloud: GCAT report
- PhishLabs: Phishing Increases as Industries New and Old Face a Barrage of Threats
Threat Research
- Netskope: Black Friday is Coming and LNKR Malware Might Be Watching You
- Netskope: Malicious Office Documents: Multiple Ways to Deliver Payloads
- HP: RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild
- Inquest: Graphical Lures In The Age of Cybercrime.
- Morphisec: The BABADEDA Crypter – an Emerging Crypter targeting the Crypto, NFT, and DeFi communities
- PAN Unit42: Observing Attacks Against Hundreds of Exposed Services in Public Clouds
- BushidoToken: Leveraging Legitimate Services for Malware and Phishing
- Trend Micro: BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors
- Anomoli: Mummy Spider’s Emotet Malware is Back After a Year Hiatus; Wizard Spider’s TrickBot Observed in Its Return
- Sophos: New ransomware actor uses password-protected archives to bypass encryption protection
- BIO-ISAC: Threat Advisory Tardigrade: an APT attack on vaccine manufacturing infrastructure
- Imp0rtp3: A Deep Dive Into SoWaT: APT31’s Multifunctional Router Implant
Tools and Tips
- John Lambert: Defender’s Mindset. This is a collection of thoughts…
- Flashpoint: ‘Tis the Season—for Retail Fraud: How Retailers Can Mitigate Risk During the Holidays
- Dragos: Assessing Ransomware Risk in IT and OT Environments
- SANS ISC: Video: YARA Rules for Office Maldocs
- Expel: The Grinchy email scams to watch out for this holiday season
- Digital shadows: The Patching Nightmare
- Binary Defense: Threat Hunting AWS CloudTrail With Sentinel: Part 1
- F-Secure: A bit of a Fixer Upper – Testing FIX-backed applications
- Rapid7: OWASP Top 10 Deep Dive: Defending Against Server-Side Request Forgery
- SANS: Security Awareness Metrics – What to Measure and How
- Microsoft: How to investigate service provider trust chains in the cloud
- FalconForce: FalconFriday — Code execution through Microsoft SQL Server and Oracle Database — 0xFF19
- TrustedSec: Persistence Through Service Workers-Part 3: Easy JavaScript Payload Deployment
- mrexodia: dumpulator: An easy-to-use library for emulating code in minidump files.
- HEXORCIST (video): Unpacking Emotet and Reversing Obfuscated Word Document
- Nidal Fikri: Dridex Analysis
- Zen Chan: Designing a Proactive Ransomware Defense for Today’s Threat Landscape
- Kingstone: Aggressively Efficient with Aggressor
- DissectMalware: Malicious Document IoC Extractor (MDIExtractor) is a collection of scripts that helps extracting IoCs from various maldoc families.
- 4n7m4n: Defeating Malicious Launch Persistence
- pepe berba: Hunting for Persistence in Linux (Part 1): Auditd, Sysmon, Osquery, and Webshells
- 3CORESec: Advanced IP Scanner – MAL-CL documentation
- Bill Demirkapi: Abusing Windows’ Implementation of Fork() for Stealthy Memory Operations
- 0xthreatintel: Unpacking of APT29 PolyglotDuke
Breaches, Government, and Law Enforcement
- Lloyd’s Market Association: Cyber War and Cyber Operation Exclusion Clauses
- GoDaddy: GoDaddy Announces Security Incident Affecting Managed WordPress Service
- CISA: Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends
- INTERPOL: More than 1,000 arrests and USD 27 million intercepted in massive financial crime crackdown
- Apple: Apple sues NSO Group to curb the abuse of state-sponsored spyware
- NVISO: The digital operational resilience act (DORA): what you need to know about it, the requirements and challenges we see.
- The Record: FBI identified BEC scammers using bank surveillance footage
- The Record: US sanctions 28 quantum computing entities in China, Russia, Pakistan, Japan
- Lawfare: The U.K. as a Responsible Cyber Power: Brilliant Branding or Empty Bluster?
Vulnerabilities and Exploits
- CIS: A Vulnerability in Fortinet FortiWeb Could Allow for Arbitrary Code Execution.
- Check Point: Looking for vulnerabilities in MediaTek audio DSP
- Cisco Talos: Attackers exploiting zero-day vulnerability in Windows Installer — Here’s what you need to know
- CISA: Vulnerability Summary for the Week of November 15, 2021
- SentinelLabs: GSOh No! Hunting for Vulnerabilities in VirtualBox Network Offloads
- BleepingComputer: Exploit released for Microsoft Exchange RCE bug, patch now
- BleepingComputer: New Windows 10 zero-day gives admin rights, gets unofficial patch
Article Link: Weekly News Roundup — November 21 to November 27 – Security Soup