Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- ZDNet β ThreatConnect acquires enterprise risk management firm Nehemiah Security
- Business Insurance β Ransomware demands rise sharply in H1: Coalition
- Coalition β H1 2020 Cyber Insurance Claims Report (registration required) β Download Here
- Delve β Secureworks to Acquire Vulnerability Management Platform Delve Laboratories
- Flashpoint β The Fall of an Empire
- Kaspersky β An overview of targeted attacks and APTs on Linux
- Harvard β National Cyber Power Index 2020 [PDF]
- AT&T β 2020 Cybersecurity Data: The Cost of Cyber Crime
- Microsoft β New cyberattacks targeting US elections β Microsoft on the Issues
Threat Research
- NVISO Labs β Epic Manchego β atypical maldoc delivery brings flurry of infostealers
- Sucuri β WordPress Malware Disables Security Plugins to Avoid Detection
- zscaler β TikTok Spyware
- eset β Who is calling? CDRThief targets Linux VoIP softswitches
- Malwarebytes β Malvertising campaigns come back in full swing
- Group IB β Lock Like a Pro: Dive in Recent ProLockβs Big Game Hunting
- Juniper Networks β Zeppelin Ransomware returns with a fresh wave of attacks
- BushidoToken β Fantastic APTs and Where to Find Them
- YUSUF ARSLAN POLAT β OpBlueRaven: Unveiling Fin7/Carbanak β Part II : BadUSB Attacks
- MSTIC β STRONTIUM: Detecting new patterns in credential harvesting
Tools and Tips
- Flare-On β the 2020 Challenge begins
- SANS ISC β Whatβs in Your Clipboard? Pillaging and Protecting the Clipboard
- Red canary β Breaking down a breach with Red Canaryβs incident handling team
- Intezer β TTPs Matrix for Linux Cloud Servers with Detection Methods
- US-CERT β Technical Approaches to Uncovering and Remediating Malicious Activity
- ReversingLabs β Excel 4.0 Macros
- Palo unit42 β The Challenge of Persistence in Containers and Serverless
- alexandereborges β Malwoverview updated to 4.0.3
- Adam Listek β The PowerShell Grep [Tutorial]
- R3nhat β GRAT2 is a Command and Control (C2) tool written in python3 and the client in .NET 4.0
- Enisa β Training for Cybersecurity Specialists
- SANS β Attack surfaces, tools and techniques cheat sheet
- ThinkDFIR β Quick Post: Disk Images for Test Environment
- Raj Chandel β Understanding the CSRF Vulnerability (A Beginnerβs Guide)
- Koupi β PowerShell Tips & Tricks That Will Increase Your Productivity
- stuhli β DFIRTrack (Digital Forensics and Incident Response Tracking application) is an open source web application
- D20 Forensics β iOS β Files App Part Deux: Quick Images and A Chart!
- PT Swarm β IDA Pro Tips to Add to Your Bag of Tricks
- MITRE β Defining ATT&CK Data Sources, Part I: Enhancing the Current State
Breaches, Government, and Law Enforcement
- Eterbase β HOT WALLETS COMPROMISED β OFFICIAL ANNOUNCEMENT
- Hartfor Public Schools β Opening Postponed Due to Ransomware Attack
- Space News β White House issues cybersecurity space policy
- cyberscoop β How the government is keeping hackers from disrupting coronavirus vaccine research
- Bleeping Computer β The Week in Ransomware β September 11th 2020 β A barrage of attacks
- BC Security β Empire: Malleable C2 Profiles
Vulnerabilities and Exploits
- CISA β Multiple Vulnerabilities in Palo Alto PAN-OS Could Allow for Arbitrary Code Execution
- CISA β Critical Patches Issued for Microsoft Products, September 08, 2020
- Fortinet β FortiGuard Labs Discovers Multiple Critical Vulnerabilities in Adobe InDesign
- SANS ISC β Microsoft September 2020 Patch Tuesday
- US-CERT β Vulnerability Summary for the Week of August 31, 2020
- Source Incite β Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution Vulnerability
- Microsoft β CVE-2020-16875 | Microsoft Exchange Server Remote Code Execution Vulnerability
- SecuraBV β Python testing script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472)
Article Link: https://security-soup.net/weekly-news-roundup-august-30-to-september-5-2/