666 - Patch Tuesday: Microsoft corrige 4 zero-days
Listen now
Description
[Referências do Episódio] November 2024 Security Updates - https://msrc.microsoft.com/update-guide/releaseNote/2024-Nov  APSB24-77 : Security update available for Adobe Bridge - https://helpx.adobe.com/security/products/bridge/apsb24-77.html  APSB24-83 : Security update available for Adobe Audition - https://helpx.adobe.com/security/products/audition/apsb24-83.html  APSB24-85 : Security update available for Adobe After Effects - https://helpx.adobe.com/security/products/after_effects/apsb24-85.html APSB24-86 : Security update available for Adobe Substance 3D Painter - https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html  APSB24-87 : Security update available for Adobe Illustrator - https://helpx.adobe.com/security/products/illustrator/apsb24-87.html  APSB24-88 : Security update available for Adobe InDesign - https://helpx.adobe.com/security/products/indesign/apsb24-88.html APSB24-89 : Security update available for Adobe Photoshop - https://helpx.adobe.com/security/products/photoshop/apsb24-89.html  APSB24-90 : Security update available for Adobe Commerce - https://helpx.adobe.com/security/products/magento/apsb24-90.html  FG-IR-24-199 - Named Pipes Improper Access Control - https://fortiguard.fortinet.com/psirt/FG-IR-24-199  FG-IR-24-144 - Privilege escalation via lua auto patch function - https://fortiguard.fortinet.com/psirt/FG-IR-24-144  FG-IR-23-475 - FortiOS - SSLVPN session hijacking using SAML authentication - https://fortiguard.fortinet.com/psirt/FG-IR-23-475  FG-IR-23-396 - Readonly users could run some sensitive operations - https://fortiguard.fortinet.com/psirt/FG-IR-23-396  (non-US) DSL-6740C :: All H/W Revisions :: End-of-Life / End-of-Service :: CVE-2024-11068 - Unauthorized Configuration Access Vulnerability - https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10414  APT Actors Embed Malware within macOS Flutter Applications - https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/ ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI - https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/  Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity - https://research.checkpoint.com/2024/hamas-affiliated-threat-actor-expands-to-disruptive-activity/  LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign - https://blogs.blackberry.com/en/2024/11/lightspy-apt41-deploys-advanced-deepdata-framework-in-targeted-southern-asia-espionage-campaign  Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown) - https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
More Episodes
[Referências do Episódio] Emerging Threats: Cybersecurity Forecast 2025 - https://cloud.google.com/blog/topics/threat-intelligence/cybersecurity-forecast-2025/  The Problem with IoT Cloud-Connectivity and How it Exposed All OvrC Devices to Hijacking -...
Published 11/14/24
Published 11/14/24
[Referências do Episódio] Ymir: new stealthy ransomware in the wild - https://securelist.com/new-ymir-ransomware-found-in-colombia/114493/  0检测的Melofee 木马新变种曝光,专攻RHEL 7.9系统 - https://blog.xlab.qianxin.com/analysis_of_new_melofee_variant/  Trend Micro and Japanese Partners Reveal Hidden...
Published 11/12/24