[Referências do Episódio] Zloader Learns Old Tricks - https://www.zscaler.com/blogs/security-research/zloader-learns-old-tricks MUDDLING MEERKAT: THE GREAT FIREWALL MANIPULATOR- https://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/ Smart devices: new law helps citizens to choose secure products - https://www.ncsc.gov.uk/blog-post/smart-devices-law Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo...

[Referências do Episódio] How to Block Residential Proxies using Okta - https://sec.okta.com/blockanonymizers Cisco warns of large-scale brute-force attacks against VPN services - https://www.bleepingcomputer.com/news/security/cisco-warns-of-large-scale-brute-force-attacks-against-vpn-services/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Brokewell: do not go broke from new banking malware! - https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware WP Automatic WordPress plugin hit by millions of SQL injections attacks - https://www.bleepingcomputer.com/news/security/wp-automatic-wordpress-plugin-hit-by-millions-of-sql-injection-attacks/#google_vignette CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon -...

[Referências do Episódio] ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices - https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/ Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2 Cisco Adaptive Security...

[Referências do Episódio] Suspected CoralRaider continues to expand victimology using three information stealers - https://blog.talosintelligence.com/suspected-coralraider-continues-to-expand-victimology-using-three-information-stealers/ GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining - https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/ Dissecting REMCOS RAT: An in- depth analysis of a...

[Referências do Episódio] Sistema de pagamentos do governo é invadido, e há suspeita de desvio de recursos - https://www1.folha.uol.com.br/mercado/2024/04/sistema-de-pagamentos-do-governo-e-invadido-e-ha-suspeita-de-desvio-de-recursos.shtml Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials -...

[Referências do Episódio] More on the PAN-OS CVE-2024-3400 - https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/ Diagrama da Fundação ShadowServer sobre a CVE-2024-3400 - https://dashboard.shadowserver.org/statistics/combined/map/?map_type=std&day=2024-04-18&source=http_vulnerable&source=http_vulnerable6&tag=possible-cve-2024-3400%2B&geo=all&data_set=count&scale=log GitHub comments abused to push malware via Microsoft repo URLs -...

[Referências do Episódio] Threat Group FIN7 Targets the U.S. Automotive Industry - https://blogs.blackberry.com/en/2024/04/fin7-targets-the-united-states-automotive-industry DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware - https://securelist.com/dunequixote/112425/ #StopRansomware: Akira Ransomware - https://www.cisa.gov/sites/default/files/2024-04/aa24-109a-stopransomware-akira-ransomware.pdf Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição...

[Referências do Episódio] Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm - https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm Ivanti fixed two critical flaws in its Avalanche MDM - https://securityaffairs.com/161952/security/ivanti-avalanche-mdm-critical-flaws.html Cisco warns of large-scale brute-force attacks against VPN services -...

[Referências do Episódio] - Exploit released for Palo Alto PAN-OS bug used in attacks, patch now - https://www.bleepingcomputer.com/news/security/exploit-released-for-palo-alto-pan-os-bug-used-in-attacks-patch-now/#google_vignette  - LeackyCLI: AWS and Google Cloud Command-Line Tools Can Expose Sensitive Credentials in Build Logs - https://orca.security/resources/blog/leakycli-aws-google-cloud-command-line-tools-can-expose-sensitive-credentials-build-logs/  - PuTTY vulnerability...

[Referências do Episódio] SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/steganoamor-campaign-ta558-mass-attacking-companies-and-public-institutions-all-around-the-world/#id0 From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering - https://www.proofpoint.com/us/blog/threat-insight/social-engineering-dmarc-abuse-ta427s-art-information-gathering...

[Referências do Episódio] Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) - https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/ CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect - https://security.paloaltonetworks.com/CVE-2024-3400 Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related...

CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway - https://security.paloaltonetworks.com/CVE-2024-3400

[Referências do Episódio] Entendendo operações de ransomware-as-a-service a partir da perspectiva de um afiliado - https://www.sidechannel.blog/entendendo-operacoes-de-ransomware-as-a-service-a-partir-da-perspectiva-de-um-afiliado/ Security Brief: TA547 Targets German Organizations with Rhadamanthys Stealer - https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta547-targets-german-organizations-rhadamanthys-stealer New Technique to Trick Developers Detected in an Open Source...

[Referências do Episódio] InSpectre Gadget: Inspecting the Residual Attack Surface of Cross-privilege Spectre v2 - https://www.vusec.net/projects/native-bhi/ eXotic Visit campaign: Tracing the footprints of Virtual Invaders - https://www.welivesecurity.com/en/eset-research/exotic-visit-campaign-tracing-footprints-virtual-invaders/ Raspberry Robin Now Spreading Through Windows Script Files - https://threatresearch.ext.hp.com/raspberry-robin-now-spreading-through-windows-script-files/...

[Referências do Episódio] Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs - https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2024-patch-tuesday-fixes-150-security-flaws-67-rces/ [FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration - https://fortiguard.fortinet.com/psirt/FG-IR-23-087 Security update available for Adobe Commerce | APSB24-18 - https://helpx.adobe.com/security/products/magento/apsb24-18.html Vulnerabilities...

[Referências do Episódio] It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise - https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/ ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins - https://www.fortinet.com/blog/threat-research/scrubcrypt-deploys-venomrat-with-arsenal-of-plugins Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Threat Actors Hack YouTube Channels to Distribute Infostealers (Vidar and LummaC2) - https://asec.ahnlab.com/en/63980/ Entre vídeos e anúncios, YouTube lidera o acesso pelas crianças - https://lunetas.com.br/entre-videos-e-anuncios-youtube-lidera-o-acesso-pelas-criancas/ Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites - https://thehackernews.com/2024/04/hackers-exploit-magento-bug-to-steal.html Security update available for Adobe...

[Referências do Episódio] Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies - https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement SA:CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow) and CVE-2024-22023 (XML entity expansion or XXE) for Ivanti Connect Secure and Ivanti Policy Secure Gateways -...

[Referências do Episódio] HSBC and Barclays banks allegedly breached - https://twitter.com/H4ckManac/status/1775229001679724550 Threat Actors Deliver Malware via YouTube Video Game Cracks - https://www.proofpoint.com/us/blog/threat-insight/threat-actors-deliver-malware-youtube-video-game-cracks The New Version Of JsOutProx Is Attacking Financial Institutions In APAC And MENA Via GitLab Abuse -...

[Referências do Episódio] Campanha de phishing do grupo TA558 - https://www.linkedin.com/feed/update/urn:li:activity:7180255262807572480/ AGENT TESLA TARGETING UNITED STATES & AUSTRALIA: REVEALING THE ATTACKERS’ IDENTITIES - https://research.checkpoint.com/2024/agent-tesla-targeting-united-states-and-australia/ Earth Freybug Uses UNAPIMON for Unhooking Critical APIs - https://www.trendmicro.com/pt_br/research/24/d/earth-freybug.html Roteiro e apresentação: Carlos Cabral e Bianca...

[Referências do Episódio] “Hey, This Isn’t the Right Site!” Distribution of Malware Exploiting Google Ads Tracking - https://asec.ahnlab.com/en/63477/ From OneNote to RansomNote: An Ice Cold Intrusion - https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Urgent security alert for Fedora Linux 40 and Fedora Rawhide users - https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094 - https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094 CVE-2024-3094 XZ Backdoor: All you need to know -...

[Referências do Episódio] We’re All in this Together: A Year in Review of Zero-Days Exploited In-the-Wild in 2023 - https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf  Google fixes Chrome zero-days exploited at Pwn2Own 2024 - https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-days-exploited-at-pwn2own-2024/  WarzoneRAT Returns with Multi-Stage Attack Post FBI Seizure -...