Cyber Morning Call

[Referências do Episódio] More on the PAN-OS CVE-2024-3400 - https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/ Diagrama da Fundação ShadowServer sobre a CVE-2024-3400 - https://dashboard.shadowserver.org/statistics/combined/map/?map_type=std&day=2024-04-18&source=http_vulnerable&source=http_vulnerable6&tag=possible-cve-2024-3400%2B&geo=all&data_set=count&scale=log GitHub comments abused to push malware via Microsoft repo URLs - https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Threat Group FIN7 Targets the U.S. Automotive Industry - https://blogs.blackberry.com/en/2024/04/fin7-targets-the-united-states-automotive-industry

DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware - https://securelist.com/dunequixote/112425/

#StopRansomware: Akira Ransomware - https://www.cisa.gov/sites/default/files/2024-04/aa24-109a-stopransomware-akira-ransomware.pdf

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm - https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm

Ivanti fixed two critical flaws in its Avalanche MDM - https://securityaffairs.com/161952/security/ivanti-avalanche-mdm-critical-flaws.html

Cisco warns of large-scale brute-force attacks against VPN services - https://www.bleepingcomputer.com/news/security/cisco-warns-of-large-scale-brute-force-attacks-against-vpn-services/

Cisco Integrated Management Controller CLI Command Injection Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ

Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters - https://www.microsoft.com/en-us/security/blog/2024/04/17/attackers-exploiting-new-critical-openmetadata-vulnerabilities-on-kubernetes-clusters/

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/steganoamor-campaign-ta558-mass-attacking-companies-and-public-institutions-all-around-the-world/#id0

From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering - https://www.proofpoint.com/us/blog/threat-insight/social-engineering-dmarc-abuse-ta427s-art-information-gathering

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) - https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/

CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect - https://security.paloaltonetworks.com/CVE-2024-3400

Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 - https://unit42.paloaltonetworks.com/cve-2024-3400/

XenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142 - https://support.citrix.com/article/CTX633151/xenserver-and-citrix-hypervisor-security-update-for-cve202346842-cve20242201-and-cve202431142

Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker - https://blog.sucuri.net/2024/04/credit-card-skimmer-hidden-in-fake-facebook-pixel-tracker.html

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway -

https://security.paloaltonetworks.com/CVE-2024-3400

[Referências do Episódio]

Entendendo operações de ransomware-as-a-service a partir da perspectiva de um afiliado - https://www.sidechannel.blog/entendendo-operacoes-de-ransomware-as-a-service-a-partir-da-perspectiva-de-um-afiliado/

Security Brief: TA547 Targets German Organizations with Rhadamanthys Stealer - https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta547-targets-german-organizations-rhadamanthys-stealer

New Technique to Trick Developers Detected in an Open Source Supply Chain Attack- https://checkmarx.com/blog/new-technique-to-trick-developers-detected-in-an-open-source-supply-chain-attack/

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

InSpectre Gadget: Inspecting the Residual Attack Surface of Cross-privilege Spectre v2 - https://www.vusec.net/projects/native-bhi/

eXotic Visit campaign: Tracing the footprints of Virtual Invaders - https://www.welivesecurity.com/en/eset-research/exotic-visit-campaign-tracing-footprints-virtual-invaders/

Raspberry Robin Now Spreading Through Windows Script Files - https://threatresearch.ext.hp.com/raspberry-robin-now-spreading-through-windows-script-files/

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs - https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2024-patch-tuesday-fixes-150-security-flaws-67-rces/

[FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration - https://fortiguard.fortinet.com/psirt/FG-IR-23-087

Security update available for Adobe Commerce | APSB24-18 - https://helpx.adobe.com/security/products/magento/apsb24-18.html

Vulnerabilities Identified in LG WebOS - https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/

RUBYCARP: A Detailed Analysis of a Sophisticated Decade-Old Botnet Group - https://sysdig.com/blog/rubycarp-romanian-botnet-group/

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise - https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/

ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins - https://www.fortinet.com/blog/threat-research/scrubcrypt-deploys-venomrat-with-arsenal-of-plugins

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Threat Actors Hack YouTube Channels to Distribute Infostealers (Vidar and LummaC2) - https://asec.ahnlab.com/en/63980/

Entre vídeos e anúncios, YouTube lidera o acesso pelas crianças - https://lunetas.com.br/entre-videos-e-anuncios-youtube-lidera-o-acesso-pelas-criancas/

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites - https://thehackernews.com/2024/04/hackers-exploit-magento-bug-to-steal.html

Security update available for Adobe Commerce | APSB24-03 - https://helpx.adobe.com/security/products/magento/apsb24-03.html

OVER 92,000 INTERNET-FACING D-LINK NAS DEVICES CAN BE EASILY HACKED - https://securityaffairs.com/161549/hacking/d-link-nas-flaw.html

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies - https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement

SA:CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow) and CVE-2024-22023 (XML entity expansion or XXE) for Ivanti Connect Secure and Ivanti Policy Secure Gateways - https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US

Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitation - https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-zero-day-exploitation

HTTP/2 CONTINUATION frames can be utilized for DoS attacks - https://kb.cert.org/vuls/id/421644

Latrodectus: This Spider Bytes Like Ice - https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice

Google fixes one more Chrome zero-day exploited at Pwn2Own - https://www.bleepingcomputer.com/news/security/google-fixes-one-more-chrome-zero-day-exploited-at-pwn2own/

Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies - https://thehackernews.com/2024/04/google-warns-android-zero-day-flaws-in.html

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

HSBC and Barclays banks allegedly breached - https://twitter.com/H4ckManac/status/1775229001679724550

Threat Actors Deliver Malware via YouTube Video Game Cracks - https://www.proofpoint.com/us/blog/threat-insight/threat-actors-deliver-malware-youtube-video-game-cracks

The New Version Of JsOutProx Is Attacking Financial Institutions In APAC And MENA Via GitLab Abuse - https://www.resecurity.com/blog/article/the-new-version-of-jsoutprox-is-attacking-financial-institutions-in-apac-and-mena-via-gitlab-abuse

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Campanha de phishing do grupo TA558 - https://www.linkedin.com/feed/update/urn:li:activity:7180255262807572480/

AGENT TESLA TARGETING UNITED STATES & AUSTRALIA: REVEALING THE ATTACKERS’ IDENTITIES - https://research.checkpoint.com/2024/agent-tesla-targeting-united-states-and-australia/

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs - https://www.trendmicro.com/pt_br/research/24/d/earth-freybug.html

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

“Hey, This Isn’t the Right Site!” Distribution of Malware Exploiting Google Ads Tracking - https://asec.ahnlab.com/en/63477/

From OneNote to RansomNote: An Ice Cold Intrusion - https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Urgent security alert for Fedora Linux 40 and Fedora Rawhide users - https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094 - https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094

CVE-2024-3094 XZ Backdoor: All you need to know - https://jfrog.com/blog/xz-backdoor-attack-cve-2024-3094-all-you-need-to-know/

DinodasRAT Linux implant targeting entities worldwide - https://securelist.com/dinodasrat-linux-implant/112284/

MALWARE SPOTLIGHT: LINODAS AKA DINODASRAT FOR LINUX - https://research.checkpoint.com/2024/29676/

Google Podcasts service shuts down in the US next week - https://www.bleepingcomputer.com/news/google/google-podcasts-service-shuts-down-in-the-us-next-week/

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

We’re All in this Together: A Year in Review of Zero-Days Exploited In-the-Wild in 2023 - https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf 

Google fixes Chrome zero-days exploited at Pwn2Own 2024 - https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-days-exploited-at-pwn2own-2024/ 

WarzoneRAT Returns with Multi-Stage Attack Post FBI Seizure - https://cyble.com/blog/warzonerat-returns-with-multi-stage-attack-post-fbi-seizure/ 

Reflective Code Loading - https://attack.mitre.org/techniques/T1620/ 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

The Darkside Of TheMoon - https://blog.lumen.com/the-darkside-of-themoon/ 

Tausende Microsoft-Exchange-Server in Deutschland weiterhin für kritische Schwachstellen verwundbar - https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-223466-1032.pdf?__blob=publicationFile&v=7 

Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure - https://home.treasury.gov/news/press-releases/jy2205 

Millions of Americans caught up in Chinese hacking plot - US - https://www.bbc.com/news/world-us-canada-68659095 

ASEAN Entities in the Spotlight: Chinese APT Group Targeting - https://unit42.paloaltonetworks.com/chinese-apts-target-asean-entities/#post-133176-_659orslchogq 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit - https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit

Over 170K Users Affected by Attack Using Fake Python Infrastructure - https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/ 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Large-Scale StrelaStealer Campaign in Early 2024 - https://unit42.paloaltonetworks.com/strelastealer-campaign/ 

APT29 Uses WINELOADER to Target German Political Parties - https://www.mandiant.com/resources/blog/apt29-wineloader-german-political-parties 

MOZILLA FIXED FIREFOX ZERO-DAYS EXPLOITED AT PWN2OWN VANCOUVER 2024 - https://securityaffairs.com/160966/hacking/mozilla-fixed-firefox-zero-day-pwn2own-vancouver-2024.html 

PWN2OWN VANCOUVER 2024: PARTICIPANTS EARNED $1,132,500 FOR 29 UNIQUE 0-DAYS - https://securityaffairs.com/160901/hacking/pwn2own-vancouver-2024-final-result.html 

Apple security releases - https://support.apple.com/en-gb/HT201222 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Deep Dive - https://www.horizon3.ai/attack-research/attack-blogs/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive/ 

New details on TinyTurla’s post-compromise activity reveal full kill chain - https://blog.talosintelligence.com/tinyturla-full-kill-chain/

Entendendo a vulnerabilidade Edge Side Include Injection - https://sidechannel.blog/entendendo-a-vulnerabilidade-edge-side-include-injection/ 

AcidPour | New Embedded Wiper Variant of AcidRain Appears in Ukraine - https://www.sentinelone.com/labs/acidpour-new-embedded-wiper-variant-of-acidrain-appears-in-ukraine/ 

Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect - https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Advisory on Application-layer Loop DoS Attacks - https://docs.google.com/document/d/1KByZzrdwQhrXGPPCf9tUzERZyRzg0xOpGbWoDURZxTI/edit 

Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug - https://thehackernews.com/2024/03/atlassian-releases-fixes-for-over-2.html 

Abusing the DHCP Administrators Group to Escalate Privileges in Windows Domains - https://www.akamai.com/blog/security-research/2024/feb/abusing-dhcp-administrators-group-for-privilege-escalation-in-windows-domains 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader Backdoor - https://unit42.paloaltonetworks.com/unit-42-scpc-ssscip-uncover-smoke-loader-phishing/ 

The State Cyber Protection Center together with Palo Alto Networks Unit 42 have studied the SmokeLoader malware - https://scpc.gov.ua/en/articles/356 

Joint Statement on Efforts to Counter the Proliferation and Misuse of Commercial Spyware - https://www.whitehouse.gov/briefing-room/statements-releases/2024/03/18/joint-statement-on-efforts-to-counter-the-proliferation-and-misuse-of-commercial-spyware/ 

Securonix Threat Research Security Advisory: Analysis of New DEEP#GOSU Attack Campaign Likely Associated with North Korean Kimsuky Targeting Victims with Stealthy Malware - https://www.securonix.com/blog/securonix-threat-research-security-advisory-new-deepgosu-attack-campaign/ 

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks - https://www.trendmicro.com/en_us/research/24/c/earth-krahang.html 

New AcidPour wiper targets Linux x86 devices. Is it a Russia’s weapon? - https://securityaffairs.com/160739/cyber-warfare-2/acidpour-wiper.html 

PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders - https://www.cisa.gov/resources-tools/resources/prc-state-sponsored-cyber-activity-actions-critical-infrastructure-leaders 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled - https://unit42.paloaltonetworks.com/analysis-of-bunnyloader-malware/ 

CGSI Probes: ShadowSyndicate Group’s Possible Exploitation of Aiohttp Vulnerability (CVE-2024-23334) - https://cyble.com/blog/cgsi-probes-shadowsyndicate-groups-possible-exploitation-of-aiohttp-vulnerability-cve-2024-23334/ 

Patch para a CVE-2024-23334 no aiohttp - https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b 

Acoustic Side Channel Attack on Keyboards Based on Typing Patterns - https://arxiv.org/pdf/2403.08740.pdf 

PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound - https://www.ndss-symposium.org/wp-content/uploads/2024-618-paper.pdf 

PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound - https://www.ndss-symposium.org/wp-content/uploads/2024-618-paper.pdf 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

eSim, откройся: эксперты F.A.C.C.T. предупредили о новых атаках на клиентов банков - https://www.facct.ru/media-center/press-releases/esim-bank-attacks/ 

What a Cluster: Local Volumes Vulnerability in Kubernetes - https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges 

CISA Releases Fifteen Industrial Control Systems Advisories - https://www.cisa.gov/news-events/alerts/2024/03/14/cisa-releases-fifteen-industrial-control-systems-advisories 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

PixPirate: The Brazilian financial malware you can’t see - https://securityintelligence.com/posts/pixpirate-brazilian-financial-malware/ 

CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign - https://www.trendmicro.com/en_us/research/24/c/cve-2024-21412--darkgate-operators-exploit-microsoft-windows-sma.html 

CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day - https://www.trendmicro.com/en_us/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html 

SVG Files Abused in Emerging Campaigns - https://cofense.com/blog/svg-files-abused-in-emerging-campaigns/ 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

March 2024 Security Updates - https://msrc.microsoft.com/update-guide/releaseNote/2024-Mar 

CVE-2024-21407 - Windows Hyper-V Remote Code Execution Vulnerability - https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21407

CVE-2024-21408 - Windows Hyper-V Denial of Service Vulnerability - https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21408 

Ransomware: Attacks Continue to Rise as Operators Adapt to Disruption - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-attacks-exploits 

CVE-2023-48788 Pervasive SQL injection in DAS component - https://www.fortiguard.com/psirt/FG-IR-24-007

CVE-2023-42789 E CVE-2023-42790 FortiOS & FortiProxy - Out-of-bounds Write in captive portal - https://www.fortiguard.com/psirt/FG-IR-23-328

BIPClip: Malicious PyPI packages target crypto wallet recovery passwords - https://www.reversinglabs.com/blog/bipclip-malicious-pypi-packages-target-crypto-wallet-recovery-passwords 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook - https://www.netspi.com/blog/technical/red-team-operations/microsoft-outlook-remote-code-execution-cve-2024-21378/ 

Microsoft Outlook Remote Code Execution Vulnerability - CVE-2024-21378 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21378 

MASSIVE CYBERATTACKS HIT FRENCH GOVERNMENT AGENCIES - https://securityaffairs.com/160374/hacking/massive-cyberattacks-hit-french-government-agencies.html 

French state services hit by 'intense' cyberattack, PM's office says - https://www.lemonde.fr/en/pixels/article/2024/03/11/french-state-services-hit-by-intense-cyberattack-pm-s-office-says_6608164_13.html 

Guerra da Ucrânia muda comércio mundial de armas - https://www.dw.com/pt-br/guerra-da-ucr%C3%A2nia-muda-com%C3%A9rcio-mundial-de-armas/a-68487575 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard - https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/ 

CISA forced to take two systems offline last month after Ivanti compromise - https://therecord.media/cisa-takes-two-systems-offline-following-ivanti-compromise 

MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES - https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/ 

Multiple Vulnerabilities in QTS, QuTS hero, QuTScloud, and myQNAPcloud - https://www.qnap.com/en/security-advisory/qsa-24-09 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

MiTM phishing attack can let attackers unlock and steal a Tesla - https://www.bleepingcomputer.com/news/security/mitm-phishing-attack-can-let-attackers-unlock-and-steal-a-tesla/ 

Evasive Panda leverages Monlam Festival to target Tibetans - https://www.welivesecurity.com/en/eset-research/evasive-panda-leverages-monlam-festival-target-tibetans/ 

Tweet da ShadowServer sobre dispositivos vulneráveis à CVE-2024-21762 - https://x.com/Shadowserver/status/1765742604933574865?s=20

Mais detalhes sobre a CVE-2024-21762 - https://www.fortiguard.com/psirt/FG-IR-24-015 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence - https://www.cadosecurity.com/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence/ 

Unveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence - https://www.trendmicro.com/en_us/research/24/c/unveiling-earth-kapre-aka-redcurls-cyberespionage-tactics-with-t.html  

z0Miner Exploits Korean Web Servers to Attack WebLogic Server - https://asec.ahnlab.com/en/62564/

About the security content of iOS 17.4 and iPadOS 17.4 - https://support.apple.com/en-us/HT214081 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

ComPromptMized: Unleashing Zero-click Worms that Target GenAI-Powered Applications - https://sites.google.com/view/compromptmized 

TODDLERSHARK: ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant - https://www.kroll.com/en/insights/publications/cyber/screenconnect-vulnerability-exploited-to-deploy-babyshark 

VMware VMSA-2024-0006.1 - https://www.vmware.com/security/advisories/VMSA-2024-0006.html 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

New Banking Trojan “CHAVECLOAK” Targets Brazil - https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil 

Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO - https://www.trendmicro.com/en_us/research/24/c/multistage-ra-world-ransomware.html 

BlackCat ransomware turns off servers amid claim they stole $22 million ransom - https://www.bleepingcomputer.com/news/security/blackcat-ransomware-turns-off-servers-amid-claim-they-stole-22-million-ransom/ 

TA577’s Unusual Attack Chain Leads to NTLM Data Theft - https://www.proofpoint.com/us/blog/threat-insight/ta577s-unusual-attack-chain-leads-ntlm-data-theft

Additional Critical Security Issues Affecting TeamCity On-Premises (CVE-2024-27198 and CVE-2024-27199) – Update to 2023.11.4 Now - https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/ 

Vulnerabilidades de controle de acesso encontradas em interfaces web de roteadores da Multilaser - https://sidechannel.blog/vulnerabilidades-de-controle-de-acesso-encontradas-em-interfaces-web-de-roteadores-da-multilaser/ 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

CryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack - https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kit 

New Wave of SocGholish Infections Impersonates WordPress Plugins - https://blog.sucuri.net/2024/03/new-wave-of-socgholish-infections-impersonates-wordpress-plugins.html 

The Art of Domain Deception: Bifrost's New Tactic to Deceive Users - https://unit42.paloaltonetworks.com/new-linux-variant-bifrost-malware/ 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Meet Silver SAML: Golden SAML in the Cloud - https://www.semperis.com/blog/meet-silver-saml/ 

#StopRansomware: Phobos Ransomware - https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a 

Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways - https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b 

North Korean hackers exploit Windows zero-day flaw - https://therecord.media/north-korean-hackers-windows-zero-day 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

When Cats Fly: Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors - https://www.mandiant.com/resources/blog/suspected-iranian-unc1549-targets-israel-middle-east 

TimbreStealer campaign targets Mexican users with financial lures - https://blog.talosintelligence.com/timbrestealer-campaign-targets-mexican-users/ 

One year later, Rhadamanthys is still dropped via malvertising - https://www.malwarebytes.com/blog/threat-intelligence/2024/02/one-year-later-rhadamanthys-is-still-dropped-via-malvertising 

Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations - https://www.ic3.gov/Media/News/2024/240227.pdf 

BEWARE THE SHALLOW WATERS: SAVVY SEAHORSE LURES VICTIMS TO FAKE INVESTMENT PLATFORMS THROUGH FACEBOOK ADS - https://blogs.infoblox.com/cyber-threat-intelligence/beware-the-shallow-waters-savvy-seahorse-lures-victims-to-fake-investment-platforms-through-facebook-ads/

O que é um registro de DNS CNAME? - https://www.cloudflare.com/pt-br/learning/dns/dns-records/dns-cname-record/ 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities - https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html

When Stealers Converge: New Variant of Atomic Stealer in the Wild - https://www.bitdefender.com/blog/labs/when-stealers-converge-new-variant-of-atomic-stealer-in-the-wild/

XSS Vulnerability in LiteSpeed Cache Plugin Affecting 4+ Million Sites - https://patchstack.com/articles/xss-vulnerability-in-litespeed-cache-plugin-affecting-4-million-sites/

An educational robot security research - https://securelist.com/smart-robot-security-research/111938/

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT’s Variant) - https://asec.ahnlab.com/en/62144/

Unveiling UAC-0184: The Steganography Saga of the IDAT Loader Delivering RemcosRAT to a Ukraine Entity in Finland - https://blog.morphisec.com/unveiling-uac-0184-the-remcos-rat-steganography-saga

SVR Cyber Actors Adapt Tactics for Initial Cloud Access - https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-057a 

“SubdoMailing” - Thousands of Hijacked Major-Brand Subdomains Found Bombarding Users With Millions of Malicious Emails - https://labs.guard.io/subdomailing-thousands-of-hijacked-major-brand-subdomains-found-bombarding-users-with-millions-a5e5fb892935

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

PIKABOT, I choose you! - https://www.elastic.co/security-labs/pikabot-i-choose-you 

LockBit Ransomware Group Resurfaces After Law Enforcement Takedown - https://thehackernews.com/2024/02/lockbit-ransomware-group-resurfaces.html 

Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT Campaigns - https://unit42.paloaltonetworks.com/i-soon-data-leaks/  

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia