Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!
Industry Reports, News, and Miscellany
- Netskope: Threat Labs Report – December 2020
- CIS: Top 10 Malware November 2020
- Flashpoint: SolarWinds Cyberattack: Threat Intelligence Primer
- Recorded Future: SolarWinds Attribution: Are We Getting Ahead of Ourselves?
- Kaspersky: Lazarus covets COVID-19-related intelligence
- Symantec: Threat Landscape Trends – Q3 2020
- Cisco Talos: 2020: The year in malware
- CISA: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
- Microsoft: Solorigate Resource Center
Threat Research
- eset: Operation SignSight: Supply‑chain attack against a certification authority in Southeast Asia
- Fortinet: Adversary Playbook: JavaScript RAT Looking for that Government Cheese
- Cybereason: Cybereason vs. Clop Ransomware
- McAfee: Additional Analysis into the SUNBURST Backdoor
- Intezer: Early Bird Catches the Worm: New Golang Worm Drops XMRig Miner on Servers
- FireEye: SUNBURST Additional Technical Details
- Group-iB: New UltraRank attacks
- Sentinel Labs: Understanding & Detecting the SUPERNOVA Webshell Trojan
- CyberArk: Golden SAML Revisited: The Solorigate Connection
- WMC Global: Kr3pto Puppeteer Kits: Dynamic Phishing Kit Targeting UK Banking Customers
- Keysight: TrickBot: A Closer Look
Tools and Tips
- Agari: BEC Response Guide— Tips for Responding to Business Email Compromise Incidents
- zscaler: The Hitchhiker’s Guide to SolarWinds Incident Response
- Dragos: Responding to the SolarWinds Software Compromise in Industrial Environments
- Crowdstrike: Leftover Lunch: Finding, Hunting and Eradicating Spicy Hot Pot, a Persistent Browser Hijacking Rootkit
- SANS ISC: End of Year Traffic Analysis Quiz
- expel: How to investigate like an Expel analyst: The Expel Workbench managed alert process
- Open Source DFIR: Plaso 20201228 released
- Bushido Token: Operational Security Tips and Tricks
- Didier Stevens: Decrypting TLS Streams With Wireshark: Part 1
- Dark Operator: Beyond the Technical – Advice for those starting in Infosec
- DFIR Training: DFIR Training 2020 Year-in-Review
- dfir.blog: A Year of #DailyDFIR
- X0r19x91: Reversing Go – Part 2
- MichaelKoczwara: Awesome-CobaltStrike-Defence: Defences against Cobalt Strike
Breaches, Government, and Law Enforcement
- DHS–Emergency Directive 21-01: Mitigate SolarWinds Orion Code Compromise
- BleepingComputer: Ticketmaster fined $10 million for breaking into rival’s systems
- US Treasury Department: ransomware targeting COVID-19 vaccine research
- FBI: Recent Swatting Attacks Targeting Residents With Camera and Voice-Capable Smart Devices
- US DOE: Secretary of Energy Signs Order to Mitigate Security Risks to the Nation’s Electric Grid
- US DOJ: U.S. LAW ENFORCEMENT JOINS INTERNATIONAL PARTNERS TO DISRUPT A VPN SERVICE USED TO FACILITATE CRIMINAL ACTIVITY
Vulnerabilities and Exploits
- CIS: Multiple Vulnerabilities in Treck TCP/IP Stack Could Allow for Arbitrary Code Execution
- Zyxel: Zyxel security advisory for hardcoded credential vulnerability
- Cisco Talos: Talos Vulnerability Discovery Year in Review — 2020
- CISA: Vulnerability Summary for the Week of December 21, 2020
- Palo Unit42: An Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554)
- F-Secure: Sniff, there leaks my BitLocker key
The post Weekly News Roundup — December 27 to January 2 appeared first on Malware Devil.
https://malwaredevil.com/2021/01/02/weekly-news-roundup-december-27-to-january-2/?utm_source=rss&utm_medium=rss&utm_campaign=weekly-news-roundup-december-27-to-january-2
No comments:
Post a Comment