Weekly News Roundup — June 6 to June 12

Hello and welcome to Sec Soup, where the weekly newsletter has a collection of infosec links to Tools & Tips, Threat Research, and more! The focus trends toward DFIR and threat intelligence, but general information security and hacking-related topics are included as well. This list is not vetted nor intended to be an exhaustive source. Keeping up with the enormous volume of security-related information is a daunting task, but this is my way of filtering the most useful items and improving the signal to noise ratio. Happy Reading!

Industry Reports, News, and Miscellany

Agari: Inside a Compromised Account: How Cybercriminals Use ThemRiskIQ: Microsoft Exchange is a Global Vulnerability. Patching Efforts Reveal Regional Inconsistencies Flashpoint: Compromised Credentials: Analyzing the 2021 Verizon DBIRRecorded Future: Threats to Asian Communities in North America, Europe, and OceaniaTalos: Quarterly Report: Incident Response trends from Spring 2021PhishLabs: 47% Phishing Increase in Q1CISA: CISA Addresses the Rise in Ransomware Targeting Operational Technology Assets Intel471: The blurry boundaries between nation-state actors and the cybercrime undergroundGData: Naming malware: Why this jumbled mess is our own faultKevin Beaumont: The hard truth about ransomware: we aren’t prepared, it’s a battle with new rules, and it hasn’t reached peak impactAPWG: Phishing Activity Trends Reports — Summary — 4th Quarter 2020

Threat Research 

CrowdStrike: Another Brick in the Wall: eCrime Groups Leverage an SonicWall VPN VulnerabilityProofpoint: Ransom DDoS Extortion Actor “Fancy Lazarus” ReturnsTrendMicro: Modern Ransomware’s Double Extortion Tactics and How to Protect Enterprises Against ThemESET: BackdoorDiplomacy: Upgrading from Quarian to TurianESET: Gelsemium: When threat actors go gardeningKaspersky: Gootkit: the cautious TrojanKaspersky: Email spoofing: how attackers impersonate legitimate sendersCheck Point: SharpPanda: Chinese APT Group Targets Southeast Asian Government With Previously Unknown BackdoorBlackberry: Threat Thursday: SystemBC – a RAT in the PipelineGData: SteamHide: Hiding Malware in Plain SightObjective-See: Objective-See’s BlogGroup IB: Big airline heist: APT41 likely behind massive supply chain attackSentinelLabs: ThunderCats Hack the FSB | Your Taxes Didn’t Pay For This OpJP-CERT: PHP Malware Used in Lucky Visitor ScamPalo Unit42: Prometheus Ransomware Gang: A Group of REvil?The DFIR Report: WebLogic RCE Leads to XMRigAdvanced-Intel: From QBot…with REvil Ransomware: Initial Attack Exposure of JBS

Tools and Tips

SpecterOps: Proxy Windows Tooling via SOCKSSpecterOps: BloodHound versus Ransomware: A Defender’s GuideCrowdStrike: How to Defend Against Conti, DarkSide, REvil and Other RansomwareProofpoint: BEC Taxonomy: ExtortionDragos: Asset Visibility – Understanding Normal in ICS EnvironmentsSANS: BloodHound – Sniffing Out the Path Through Windows DomainsSANS ISC: Russian Dolls VBS ObfuscationRed Canary: What is normal? Profiling System32 binaries to detect DLL Search Order HijackingExpel: How to measure SOC qualityIntezer: Top 10 Linux Server Hardening and Security Best PracticesAhmedS Kasmani (Video): Malware Analysis: Agent Tesla Part 2/2 Final Payload AnalysisMalwareAficionado: Malware Analysis Fundamentals: Hashing AlgorithmsVaronis: YARA Rules Guide: Learning this Malware Research ToolNasreddine Bencherchali: Understanding & Detecting C2 Frameworks — BabySharkNCC Group Research: Detecting Rclone – An Effective Tool for ExfiltrationMatyoshkaHax: Basic Security Log Analysis on WindowsOpen Source Society University: Path to a free self-taught education in Computer Science!Mehmet Ergene: Detecting Initial Access: HTML Smuggling and ISO Images — Part 1Splunk: EO, EO, It’s Off to Work We Go! (Protecting Against the Threat of Ransomware with Splunk)namazso: IDAShell is a shell extension for launching IDA from the context menu of executables

Breaches, Government, and Law Enforcement 

Bleeping Computer: Network security firm COO charged with medical center cyberattackDOJ: Slilpp Marketplace Disrupted in International Cyber OperationJBS Foods: JBS USA Cyberattack Media Statement – June 9DOJ: Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists DarksideMalwarebytes: Russia accused of hacking Dutch police during MH17 investigationFBI: FBI Targets Encrypted Platforms Used by Criminal GroupsReuters: Exclusive: U.S. to give ransomware hacks similar priority as terrorismDOJ: Latvian National Charged for Alleged Role in Transnational Cybercrime OrganizationThreatpost: REvil Hits US Nuclear Weapons Contractor: ReportThreatpost: Hackers Steal FIFA 21 Source Code, Tools in EA BreachTrendMicro: How to Act on the Executive Order to Tackle RansomwareThe Record: Avaddon ransomware operation shuts down and releases decryption keysDOJ: Justice Department Announces Court-Authorized Seizure of Domain Names Used in Furtherance of Spear-Phishing Campaign Posing as U.S. Agency for International DevelopmentBleeping Computer: Computer memory maker ADATA hit by Ragnar Locker ransomwareHomeland Security & Governmental Affairs Committee: Threats to Critical Infrastructure: Examining the Colonial Pipeline Cyber AttackDOJ: Five Arrested for Allegedly Laundering Nearly $1 Million from Business Email Compromise Fraud

Vulnerabilities and Exploits

CIS: Multiple Vulnerabilities in VMware vCenter Server Could Allow for Remote Code ExecutionCrowdStrike: June 2021 Patch Tuesday: Updates and AnalysisSymantec: Breaking SSL Locks: App Developers Behaving BadlyCheck Point: Fuzzing the Office EcosystemTalos: Microsoft Patch Tuesday for June 2021 — Snort rules and prominent vulnerabilitiesSANS ISC: Microsoft June 2021 Patch TuesdayCISA: Vulnerability Summary for the Week of May 31, 2021 Read More

The post Weekly News Roundup — June 6 to June 12 appeared first on Malware Devil.

https://malwaredevil.com/2021/06/12/weekly-news-roundup-june-6-to-june-12/?utm_source=rss&utm_medium=rss&utm_campaign=weekly-news-roundup-june-6-to-june-12