Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- CISA: Joint Statement from Elections Infrastructure Government Coordinating Council & the Election Infrastructure Sector Coordinating Executive Committees
- Microsoft: Cyberattacks targeting health care must stop
- PR Newswire: Palo Alto Networks Announces Intent to Acquire Expanse for $800 million
- Kaspersky: Spam and phishing in Q3 2020
- Dragos: ICS Threat Activity on the Rise in Manufacturing Sector
- TaoSecurity: Security and the One Percent: A Thought Exercise in Estimation and Consequences
Threat Research
- Netskope: Here Comes TroubleGrabber: Stealing Credentials Through Discord
- Kaspersky: Targeted ransomware: it’s not just about encrypting your data!
- ESET: Hungry for data, ModPipe backdoor hits POS software used in hospitality sector
- Malwarebytes: RegretLocker, new ransomware, can encrypt Windows virtual hard disks
- Checkpoint: Pay2Key – The Plot Thickens
- Cisco Talos: CRAT Aims To Plunder Your Endpoints
- Balckberry: The CostaRicto Campaign: Cyber-Espionage Outsourced
- GDATA: Babax stealer rebrands to Osno, installs rootkit
- The DFIR Report: Cryptominers Exploiting Weblogic RCE CVE-2020-14882
- Bushindo Token: Gathering Intelligence on the Qakbot banking Trojan
- Sophos: A new APT uses DLL side-loads to “KilllSomeOne”
Tools and Tips
- Comodo: Open Source Endpoint Detection and Response
- SANS ISC: Traffic Analysis Quiz: DESKTOP-FX23IK5
- FireEye: WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques
- Compass Security: Evading Static Machine Learning Malware Detection Models – Part 2: The Gray-Box Approach
- BleepingComputer: Alleged source code of Cobalt Strike toolkit shared online
- JP-CERT: LogonTracer v1.5 Released
- Hurricane Labs: Splunking with Sysmon Part 3: Detecting PsExec in your Environment
- Jack Sullivan: Exercise writeups from the book Practical Malware Analysis.
- Varonis: What is an Incident Response Plan and How to Create One
- The Mitten Mac: Detecting SSH Activity via Process Monitoring
Breaches, Government, and Law Enforcement
- ZDNet: Info of 27.7 million Texas drivers exposed in Vertafore data breach
- ACSC: SDBBot Targeting Health Sector
- ENISA: Guidelines for Securing the Internet of Things
- FTC: Majority Statement of Chairman Joseph J. Simons, Commissioner Noah Joshua Phillips, and Commissioner Christine S. Wilson In the Matter of Zoom Video Communications, Inc.
- Foreign Policy: Taiwan Beat Political Disinformation. So Can the United States.
- US DOJ: United States Seizes 27 Additional Domain Names Used by Iran’s Islamic Revolutionary Guard Corps to Further a Global, Covert Influence Campaign
Vulnerabilities and Exploits
- ZDNet: Google patches two more Chrome zero-days
- Platypus: PLATYPUS: With Great Power comes Great Leakage
- Malwarebytes: Hat trick for Google as it patches two more zero-days in Chrome
- SANS ISC: Microsoft November 2020 Patch Tuesday
- McAfee: CVE-2020-17051: Remote kernel heap overflow in NFSv3 Windows Server
- CISA: Vulnerability Summary for the Week of November 2, 2020
- Trustwave: Attacking SCADA Part II: Vulnerabilities in Schneider Electric EcoStruxure Machine Expert and M221 PLC
- ZecOps: Exploring the Exploitability of “Bad Neighbor”: The Recent ICMPv6 Vulnerability (CVE-2020-16898)
The post Weekly News Roundup — November 8 to November 14 appeared first on Malware Devil.
https://malwaredevil.com/2020/11/14/weekly-news-roundup-november-8-to-november-14/?utm_source=rss&utm_medium=rss&utm_campaign=weekly-news-roundup-november-8-to-november-14
No comments:
Post a Comment