Cyber Morning Call
By Tempest Security Intelligence
Tudo em menos de dez minutos e traduzido para uma linguagem fácil, produzido para que você possa ajustar o curso do seu dia de modo a tomar as melhores decisões de cibersegurança para sua empresa.
Cyber Morning CallMay 13, 2024
Cyber Morning Call - #558 - 07/06/2024
[Referências do Episódio]
Howling at the Inbox: Sticky Werewolf’s Latest Malicious Aviation Attacks - https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
New Gitloker attacks wipe GitHub repos in extortion scheme - https://www.bleepingcomputer.com/news/security/new-gitloker-attacks-wipe-github-repos-in-extortion-scheme/#google_vignette
Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers - https://www.trendmicro.com/en_us/research/24/f/commando-cat-a-novel-cryptojacking-attack-.html
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #557 - 06/06/2024
[Referências do Episódio]
TargetCompany’s Linux Variant Targets ESXi Environments - https://www.trendmicro.com/en_us/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html
RansomHub: New Ransomware has Origins in Older Knight - https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomhub-knight-ransomware
DarkGate switches up its tactics with new payload, email templates - https://blog.talosintelligence.com/darkgate-remote-template-injection/
2024: Old CVEs, New Targets — Active Exploitation of ThinkPHP - https://www.akamai.com/blog/security-research/2024/jun/2024-thinkphp-applications-exploit-1-days-dama-webshell
Operation Crimson Palace: Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government - https://news.sophos.com/en-us/2024/06/05/operation-crimson-palace-sophos-threat-hunting-unveils-multiple-clusters-of-chinese-state-sponsored-activity-targeting-southeast-asia/
Muhstik Malware Targets Message Queuing Services Applications - https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/
Phishing for Gold: Cyber Threats Facing the 2024 Paris Olympics - https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-2024-paris-olympics/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #556 - 05/06/2024
[Referências do Episódio]
Threat Actors’ Systems Can Also Be Exposed and Used by Other Threat Actors - https://asec.ahnlab.com/en/66372/
Cybercriminals Attack Banking Customers In EU With V3B Phishing Kit - https://www.resecurity.com/blog/article/cybercriminals-attack-banking-customers-in-eu-with-v3b-phishing-kit
UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine’s Ministry of Defence - https://cyble.com/blog/unc1151-strikes-again-unveiling-their-tactics-against-ukraines-ministry-of-defence/
Zyxel security advisory for multiple vulnerabilities in NAS products - https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024
Five new vulnerabilities found in Zyxel NAS devices (including code execution and privilege escalation) - https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #555 - 4/06/2024
[Referências do Episódio]
DarkGate again but... Improved? - https://www.trellix.com/blogs/research/darkgate-again-but-improved/
Hacking Millions of Modems (and Investigating Who Hacked My Modem) - https://samcurry.net/hacking-millions-of-modems
Ransomware Rebounds: Extortion Threat Surges in 2023, Attackers Rely on Publicly Available and Legitimate Tools - https://cloud.google.com/blog/topics/threat-intelligence/ransomware-attacks-surge-rely-on-public-legitimate-tools/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #554 - 3/06/2024
[Referências do Episódio]
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks - https://blog.talosintelligence.com/new-banking-trojan-carnavalheist-targets-brazil/
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader - https://blog.talosintelligence.com/lilacsquid/
Disrupting FlyingYeti's campaign targeting Ukraine - https://blog.cloudflare.com/disrupting-flyingyeti-campaign-targeting-ukraine
The Pumpkin Eclipse - https://blog.lumen.com/the-pumpkin-eclipse/
PikaBot: a Guide to its Deep Secrets and Operations - https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/
GRU's BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns - https://www.recordedfuture.com/grus-bluedelta-targets-key-networks-in-europe-with-multi-phase-espionage-camp
Russian influence efforts converge on 2024 Paris Olympic Games - https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/MTAC_Report_Russian_Influence_and_Paris_2024.pdf
RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit - https://www.akamai.com/blog/security-research/2024/may/2024-redtail-cryptominer-pan-os-cve-exploit
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Carlos Cabral
Cyber Morning Call - #553 - 29/05/2024
[Referências do Episódio]
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - https://www.microsoft.com/en-us/security/blog/2024/05/28/moonstone-sleet-emerges-as-new-north-korean-threat-actor-with-new-bag-of-tricks/
Kiteshield Packer is Being Abused by Linux Cyber Threat Actors - https://blog.xlab.qianxin.com/kiteshield_packer_is_being_abused_by_linux_cyber_threat_actors/
STATIC UNPACKING FOR THE WIDESPREAD NSIS-BASED MALICIOUS PACKER FAMILY - https://research.checkpoint.com/2024/static-unpacking-for-the-widespread-nsis-based-malicious-packer-family/
Thread da ESET sobre o Grandoreiro - https://x.com/ESETresearch/status/1795437280016154955
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #552 - 28/05/2024
[Referências do Episódio]
Security Advisory: Remote Command Execution on TP-Link Archer C5400X - https://onekey.com/blog/security-advisory-remote-command-execution-on-tp-link-archer-c5400x/
Important Security Update – Enhance your VPN Security Posture! - https://blog.checkpoint.com/security/enhance-your-vpn-security-posture
Preventative Measure Tool to enhance VPN Security Posture - https://support.checkpoint.com/results/sk/sk182336
Technical Analysis of Anatsa Campaigns: An Android Banking Malware Active in the Google Play Store - https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #551 - 27/05/2024
[Referências do Episódio]
Google fixes eighth actively exploited Chrome zero-day this year - https://www.bleepingcomputer.com/news/security/google-fixes-eighth-actively-exploited-chrome-zero-day-this-year/
The Rust Revolution: New Embargo Ransomware Steps In - https://cyble.com/blog/the-rust-revolution-new-embargo-ransomware-steps-in/
Infiltrating Defenses: Abusing VMware in MITRE’s Cyber Intrusion - https://medium.com/mitre-engenuity/infiltrating-defenses-abusing-vmware-in-mitres-cyber-intrusion-4ea647b83f5b
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #550 - 24/05/2024
[Referências do Episódio]
Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia - https://unit42.paloaltonetworks.com/operation-diplomatic-specter/
SHARP DRAGON EXPANDS TOWARDS AFRICA AND THE CARIBBEAN - https://research.checkpoint.com/2024/sharp-dragon-expands-towards-africa-and-the-caribbean/
ShrinkLocker: Turning BitLocker into ransomware - https://securelist.com/ransomware-abuses-bitlocker/112643/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #549 - 23/05/2024
Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea - www.bitdefender.com/blog/businessinsights/deep-dive-into-unfading-sea-haze-a-new-threat-actor-in-the-south-china-sea/
IOC Extinction? China-Nexus Cyber Espionage Actors Use ORB Networks to Raise Cost on Defenders - cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #548 - 22/05/2024
Fórum da Internet do Brasil - MAIS UMA VÍTIMA NÃO: Tecnologias digitais como forma de promoção e proteção de defensores de direitos humanos no Brasil - forumdainternet.cgi.br/agenda/3056
Critical GitHub Enterprise Server Flaw Allows Authentication Bypass - thehackernews.com/2024/05/critical-github-enterprise-server-flaw.html
Enabling encrypted assertions - docs.github.com/en/enterprise-server@3.12/admin/identity-and-access-management/using-saml-for-enterprise-iam/enabling-encrypted-assertions
Veeam Backup Enterprise Manager Vulnerabilities (CVE-2024-29849, CVE-2024-29850, CVE-2024-29851, CVE-2024-29852) - www.veeam.com/kb4581
SD1672 | IMPORTANT NOTICE: Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet to Protect from Cyber Threats - www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1672.html
Invisible miners: unveiling GHOSTENGINE’s crypto mining operations - www.elastic.co/security-labs/invisible-miners-unveiling-ghostengine
ANALYSIS AND DETECTION OF CLOUD#REVERSER: AN ATTACK INVOLVING THREAT ACTORS COMPROMISING SYSTEMS USING A SOPHISTICATED CLOUD-BASED MALWARE - www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
RIGHT-TO-LEFT OVERRIDE - unicode-explorer.com/c/202E
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #547 - 21/05/2024
Grandoreiro banking trojan unleashed: X-Force observing emerging global ca mpaigns - securityintelligence.com/x-force/grandoreiro-banking-trojan-unleashed/
BAD KARMA, NO JUSTICE: VOID MANTICORE DESTRUCTIVE ACTIVITIES IN ISRAEL - research.checkpoint.com/2024/bad-karma-no-justice-void-manticore-destructive-activities-in-israel/
Master of Puppets: Uncovering the DoppelGänger pro-Russian influence campaign - blog.sekoia.io/master-of-puppets-uncovering-the-doppelganger-pro-russian-influence-campaign/
Tiny BackDoor Goes Undetected – Suspected Turla leveraging MSBuild to Evade detection - cyble.com/blog/tiny-backdoor-goes-undetected-suspected-turla-leveraging-msbuild-to-evade-detection/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call- #546 - 17/05/2024
Springtail: New Linux Backdoor Added to Toolkit - symantec-enterprise-blogs.security.com/blogs/threat-intelligence/springtail-kimsuky-backdoor-espionage
Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID - www.elastic.co/security-labs/spring-cleaning-with-latrodectus
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #545 - 16/05/2024
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware - www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/
To the Moon and back(doors): Lunar landing in diplomatic missions - www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/
Security Brief: Artificial Sweetener: SugarGh0st RAT Used to Target American Artificial Intelligence Experts - www.proofpoint.com/us/blog/threat-insight/security-brief-artificial-sweetener-sugargh0st-rat-used-target-american
Google patches third exploited Chrome zero-day in a week - www.bleepingcomputer.com/news/google/google-patches-third-exploited-chrome-zero-day-in-a-week/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #544 - 15/05/2024
Microsoft May 2024 Security Updates - msrc.microsoft.com/update-guide/releaseNote/2024-May
CVE-2024-30040 - Windows MSHTML Platform Security Feature Bypass Vulnerability - msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040
CVE-2024-30051 - Windows DWM Core Library Elevation of Privilege Vulnerability - msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051
QakBot attacks with Windows zero-day (CVE-2024-30051) - securelist.com/cve-2024-30051/112618/
VMSA-2024-0010: VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2024-22267, CVE-2024-22268, CVE-2024-22269, CVE-2024-22270) - support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280
SSD ADVISORY – D-LINK DIR-X4860 SECURITY VULNERABILITIES - ssd-disclosure.com/ssd-advisory-d-link-dir-x4860-security-vulnerabilities/
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers - www.bleepingcomputer.com/news/security/poc-exploit-released-for-rce-zero-day-in-d-link-exo-ax4800-routers/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #543 - 14/05/2024
Apple security releases - support.apple.com/en-us/HT201222
Stable Channel Update for Desktop - Monday, May 13, 2024 - chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html
Leveraging DNS Tunneling for Tracking and Scanning - unit42.paloaltonetworks.com/three-dns-tunneling-campaigns/#post-133492-_lgyxeg31r22j
MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices - thehackernews.com/2024/05/mitre-unveils-emb3d-threat-modeling.html
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #542 - 13/05/2024
Mallox affiliate leverages PureCrypter in MS-SQL exploitation campaigns - blog.sekoia.io/mallox-ransomware-affiliate-leverages-purecrypter-in-microsoft-sql-exploitation-campaigns/#h-identified-affiliates
GoTo Meeting loads Remcos RAT via Rust Shellcode Loader - www.gdatasoftware.com/blog/2024/05/37906-gotomeeting-loads-remcos
Malicious Go Binary Delivered via Steganography in PyPI - blog.phylum.io/malicious-go-binary-delivered-via-steganography-in-pypi/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #541 - 10/05/2024
Stable Channel Update for Desktop -
chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html
APT28 campaign targeting Polish government institutions -
cert.pl/en/posts/2024/05/apt28-campaign/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #540 - 09/05/2024
[Referências do Episódio]
BIG VULNERABILITIES IN NEXT-GEN BIG-IP -
https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/
Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution - https://blog.talosintelligence.com/vulnerability-roundup-zero-days-may-8-2024/
RemcosRAT Distributed Using Steganography -
https://asec.ahnlab.com/en/65111/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #539 - 08/05/2024
Cyber Morning Call - #538 - 07/05/2024
Zscaler ThreatLabz 2024 VPN Risk Report with Cybersecurity Insiders - www.zscaler.com/campaign/threatlabz-vpn-risk-report
TunnelVision (CVE-2024-3661): How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak - www.leviathansecurity.com/blog/tunnelvision
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #537 - 06/05/2024
Cyberangriffe auf die SPD und auf Rüstungs-, IT- und Luftfahrtunternehmen sind APT 28 und damit dem russischen Militärgeheimdienst GRU zuzuordnen - www.bmi.bund.de/SharedDocs/pressemitteilungen/DE/2024/05/aktuelle-Cyberangriffe.html
Statement of the MFA on the Cyberattacks Carried by Russian Actor APT28 on Czechia - mzv.gov.cz/jnp/en/issues_and_press/press_releases/statement_of_the_mfa_on_the_cyberattacks.html
CVE-2023-23397 - Microsoft Outlook Elevation of Privilege Vulnerability - msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
Kyberturvallisuuskeskuksen viikkokatsaus - 18/2024 - www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberturvallisuuskeskuksen-viikkokatsaus-182024
DNS traffic can leak outside the VPN tunnel on Android - mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #536 - 03/05/2024
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps - www.microsoft.com/en-us/security/blog/2024/05/01/dirty-stream-attack-discovering-and-mitigating-a-common-vulnerability-pattern-in-android-apps/
HPE Aruba Networking Product Security Advisory - Advisory ID: ARUBA-PSA-2024-004 - www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt
Uncharmed: Untangling Iran's APT42 Operations - cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #535 - 02/05/2024
Eight Arms to Hold You: The Cuttlefish Malware - blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/
JFrog Security research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories - jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/
DEFENDING OT OPERATIONS AGAINST ONGOING PRO-RUSSIA HACKTIVIST ACTIVITY - media.defense.gov/2024/May/01/2003454817/-1/-1/0/DEFENDING-OT-OPERATIONS-AGAINST-ONGOING-PRO-RUSSIA-HACKTIVIST-ACTIVITY.PDF
A recent security incident involving Dropbox Sign - sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #534 - 30/04/2024
Zloader Learns Old Tricks - www.zscaler.com/blogs/security-research/zloader-learns-old-tricks
MUDDLING MEERKAT: THE GREAT FIREWALL MANIPULATOR- blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/
Smart devices: new law helps citizens to choose secure products - www.ncsc.gov.uk/blog-post/smart-devices-law
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #533 - 29/04/2024
How to Block Residential Proxies using Okta - sec.okta.com/blockanonymizers
Cisco warns of large-scale brute-force attacks against VPN services - www.bleepingcomputer.com/news/security/cisco-warns-of-large-scale-brute-force-attacks-against-vpn-services/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #532 - 26/04/2024
Brokewell: do not go broke from new banking malware! -
www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware
WP Automatic WordPress plugin hit by millions of SQL injections attacks - www.bleepingcomputer.com/news/security/wp-automatic-wordpress-plugin-hit-by-millions-of-sql-injection-attacks/#google_vignette
CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon - rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #531 - 25/04/2024
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices - blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability - sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability - sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h
Stable Channel Update for Desktop - Wednesday, April 24, 2024 - chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html
Securonix Threat Research Security Advisory: Analysis of Ongoing FROZEN#SHADOW Attack Campaign Leveraging SSLoad Malware and RMM Software for Domain Takeover - www.securonix.com/blog/securonix-threat-research-security-advisory-frozenshadow-attack-campaign/
Unplugging PlugX: Sinkholing the PlugX USB worm botnet - blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #530 - 24/04/2024
Suspected CoralRaider continues to expand victimology using three information stealers - blog.talosintelligence.com/suspected-coralraider-continues-to-expand-victimology-using-three-information-stealers/
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining - decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part One - www.elastic.co/security-labs/dissecting-remcos-rat-part-one
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #529 - 23/04/2024
Sistema de pagamentos do governo é invadido, e há suspeita de desvio de recursos - www1.folha.uol.com.br/mercado/2024/04/sistema-de-pagamentos-do-governo-e-invadido-e-ha-suspeita-de-desvio-de-recursos.shtml
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials - www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
ToddyCat is making holes in your infrastructure - securelist.com/toddycat-traffic-tunneling-data-extraction-tools/112443/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #528 - 22/04/2024
Cyber Morning Call - #527 - 19/04/2024
[Referências do Episódio]
Threat Group FIN7 Targets the U.S. Automotive Industry - https://blogs.blackberry.com/en/2024/04/fin7-targets-the-united-states-automotive-industry
DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware - https://securelist.com/dunequixote/112425/
#StopRansomware: Akira Ransomware - https://www.cisa.gov/sites/default/files/2024-04/aa24-109a-stopransomware-akira-ransomware.pdf
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #526 - 18/04/2024
[Referências do Episódio]
Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm - https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm
Ivanti fixed two critical flaws in its Avalanche MDM - https://securityaffairs.com/161952/security/ivanti-avalanche-mdm-critical-flaws.html
Cisco warns of large-scale brute-force attacks against VPN services - https://www.bleepingcomputer.com/news/security/cisco-warns-of-large-scale-brute-force-attacks-against-vpn-services/
Cisco Integrated Management Controller CLI Command Injection Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters - https://www.microsoft.com/en-us/security/blog/2024/04/17/attackers-exploiting-new-critical-openmetadata-vulnerabilities-on-kubernetes-clusters/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #525 - 17/04/2024
[Referências do Episódio]
- Exploit released for Palo Alto PAN-OS bug used in attacks, patch now - https://www.bleepingcomputer.com/news/security/exploit-released-for-palo-alto-pan-os-bug-used-in-attacks-patch-now/#google_vignette
- LeackyCLI: AWS and Google Cloud Command-Line Tools Can Expose Sensitive Credentials in Build Logs - https://orca.security/resources/blog/leakycli-aws-google-cloud-command-line-tools-can-expose-sensitive-credentials-build-logs/
- PuTTY vulnerability vuln-p521-bias - https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
Cyber Morning Call - #524 - 16/04/2024
[Referências do Episódio]
SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/steganoamor-campaign-ta558-mass-attacking-companies-and-public-institutions-all-around-the-world/#id0
From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering - https://www.proofpoint.com/us/blog/threat-insight/social-engineering-dmarc-abuse-ta427s-art-information-gathering
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #523 - 15/04/2024
[Referências do Episódio]
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) - https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/
CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect - https://security.paloaltonetworks.com/CVE-2024-3400
Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 - https://unit42.paloaltonetworks.com/cve-2024-3400/
XenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142 - https://support.citrix.com/article/CTX633151/xenserver-and-citrix-hypervisor-security-update-for-cve202346842-cve20242201-and-cve202431142
Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker - https://blog.sucuri.net/2024/04/credit-card-skimmer-hidden-in-fake-facebook-pixel-tracker.html
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #522 - 12/04/2024 - EXTRA
CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway -
https://security.paloaltonetworks.com/CVE-2024-3400
Cyber Morning Call - #522 - 12/04/2024
[Referências do Episódio]
Entendendo operações de ransomware-as-a-service a partir da perspectiva de um afiliado - https://www.sidechannel.blog/entendendo-operacoes-de-ransomware-as-a-service-a-partir-da-perspectiva-de-um-afiliado/
Security Brief: TA547 Targets German Organizations with Rhadamanthys Stealer - https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta547-targets-german-organizations-rhadamanthys-stealer
New Technique to Trick Developers Detected in an Open Source Supply Chain Attack- https://checkmarx.com/blog/new-technique-to-trick-developers-detected-in-an-open-source-supply-chain-attack/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #521 - 11/04/2024
[Referências do Episódio]
InSpectre Gadget: Inspecting the Residual Attack Surface of Cross-privilege Spectre v2 - https://www.vusec.net/projects/native-bhi/
eXotic Visit campaign: Tracing the footprints of Virtual Invaders - https://www.welivesecurity.com/en/eset-research/exotic-visit-campaign-tracing-footprints-virtual-invaders/
Raspberry Robin Now Spreading Through Windows Script Files - https://threatresearch.ext.hp.com/raspberry-robin-now-spreading-through-windows-script-files/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #520 - 10/04/2024
[Referências do Episódio]
Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs - https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2024-patch-tuesday-fixes-150-security-flaws-67-rces/
[FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration - https://fortiguard.fortinet.com/psirt/FG-IR-23-087
Security update available for Adobe Commerce | APSB24-18 - https://helpx.adobe.com/security/products/magento/apsb24-18.html
Vulnerabilities Identified in LG WebOS - https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
RUBYCARP: A Detailed Analysis of a Sophisticated Decade-Old Botnet Group - https://sysdig.com/blog/rubycarp-romanian-botnet-group/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #519 - 09/04/2024
[Referências do Episódio]
It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise - https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/
ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins - https://www.fortinet.com/blog/threat-research/scrubcrypt-deploys-venomrat-with-arsenal-of-plugins
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #518 - 08/04/2024
[Referências do Episódio]
Threat Actors Hack YouTube Channels to Distribute Infostealers (Vidar and LummaC2) - https://asec.ahnlab.com/en/63980/
Entre vídeos e anúncios, YouTube lidera o acesso pelas crianças - https://lunetas.com.br/entre-videos-e-anuncios-youtube-lidera-o-acesso-pelas-criancas/
Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites - https://thehackernews.com/2024/04/hackers-exploit-magento-bug-to-steal.html
Security update available for Adobe Commerce | APSB24-03 - https://helpx.adobe.com/security/products/magento/apsb24-03.html
OVER 92,000 INTERNET-FACING D-LINK NAS DEVICES CAN BE EASILY HACKED - https://securityaffairs.com/161549/hacking/d-link-nas-flaw.html
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #517 - 05/04/2024
[Referências do Episódio]
Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies - https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
SA:CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow) and CVE-2024-22023 (XML entity expansion or XXE) for Ivanti Connect Secure and Ivanti Policy Secure Gateways - https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitation - https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-zero-day-exploitation
HTTP/2 CONTINUATION frames can be utilized for DoS attacks - https://kb.cert.org/vuls/id/421644
Latrodectus: This Spider Bytes Like Ice - https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice
Google fixes one more Chrome zero-day exploited at Pwn2Own - https://www.bleepingcomputer.com/news/security/google-fixes-one-more-chrome-zero-day-exploited-at-pwn2own/
Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies - https://thehackernews.com/2024/04/google-warns-android-zero-day-flaws-in.html
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #516 - 04/04/2024
[Referências do Episódio]
HSBC and Barclays banks allegedly breached - https://twitter.com/H4ckManac/status/1775229001679724550
Threat Actors Deliver Malware via YouTube Video Game Cracks - https://www.proofpoint.com/us/blog/threat-insight/threat-actors-deliver-malware-youtube-video-game-cracks
The New Version Of JsOutProx Is Attacking Financial Institutions In APAC And MENA Via GitLab Abuse - https://www.resecurity.com/blog/article/the-new-version-of-jsoutprox-is-attacking-financial-institutions-in-apac-and-mena-via-gitlab-abuse
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #515 - 03/04/2024
[Referências do Episódio]
Campanha de phishing do grupo TA558 - https://www.linkedin.com/feed/update/urn:li:activity:7180255262807572480/
AGENT TESLA TARGETING UNITED STATES & AUSTRALIA: REVEALING THE ATTACKERS’ IDENTITIES - https://research.checkpoint.com/2024/agent-tesla-targeting-united-states-and-australia/
Earth Freybug Uses UNAPIMON for Unhooking Critical APIs - https://www.trendmicro.com/pt_br/research/24/d/earth-freybug.html
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #514 - 02/04/2024
[Referências do Episódio]
“Hey, This Isn’t the Right Site!” Distribution of Malware Exploiting Google Ads Tracking - https://asec.ahnlab.com/en/63477/
From OneNote to RansomNote: An Ice Cold Intrusion - https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #513 - 01/04/2024
[Referências do Episódio]
Urgent security alert for Fedora Linux 40 and Fedora Rawhide users - https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094 - https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094
CVE-2024-3094 XZ Backdoor: All you need to know - https://jfrog.com/blog/xz-backdoor-attack-cve-2024-3094-all-you-need-to-know/
DinodasRAT Linux implant targeting entities worldwide - https://securelist.com/dinodasrat-linux-implant/112284/
MALWARE SPOTLIGHT: LINODAS AKA DINODASRAT FOR LINUX - https://research.checkpoint.com/2024/29676/
Google Podcasts service shuts down in the US next week - https://www.bleepingcomputer.com/news/google/google-podcasts-service-shuts-down-in-the-us-next-week/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #512 - 28/03/2024
[Referências do Episódio]
We’re All in this Together: A Year in Review of Zero-Days Exploited In-the-Wild in 2023 - https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf
Google fixes Chrome zero-days exploited at Pwn2Own 2024 - https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-days-exploited-at-pwn2own-2024/
WarzoneRAT Returns with Multi-Stage Attack Post FBI Seizure - https://cyble.com/blog/warzonerat-returns-with-multi-stage-attack-post-fbi-seizure/
Reflective Code Loading - https://attack.mitre.org/techniques/T1620/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #511 - 27/03/2024
[Referências do Episódio]
The Darkside Of TheMoon - https://blog.lumen.com/the-darkside-of-themoon/
Tausende Microsoft-Exchange-Server in Deutschland weiterhin für kritische Schwachstellen verwundbar - https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-223466-1032.pdf?__blob=publicationFile&v=7
Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure - https://home.treasury.gov/news/press-releases/jy2205
Millions of Americans caught up in Chinese hacking plot - US - https://www.bbc.com/news/world-us-canada-68659095
ASEAN Entities in the Spotlight: Chinese APT Group Targeting - https://unit42.paloaltonetworks.com/chinese-apts-target-asean-entities/#post-133176-_659orslchogq
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Cyber Morning Call - #510 - 26/03/2024
[Referências do Episódio]
Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit - https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit
Over 170K Users Affected by Attack Using Fake Python Infrastructure - https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia