[Referências do Episódio] [TREND MICRO NO FORRESTER] - https://www.trendmicro.com/explore/forrester-wave-xdr/01054-v1-en-www  Tricks and Treats: GHOSTPULSE’s new pixel- level deception - https://www.elastic.co/security-labs/tricks-and-treats  Unmasking Lumma Stealer : Analyzing Deceptive Tactics with Fake CAPTCHA - https://blog.qualys.com/vulnerabilities-threat-research/2024/10/20/unmasking-lumma-stealer-analyzing-deceptive-tactics-with-fake-captcha  New Bumblebee Loader...

[Referências do Episódio] Encrypted Symphony: Infiltrating the Cicada3301 Ransomware-as-a-Service Group - https://www.group-ib.com/blog/cicada3301/  New macOS vulnerability, “HM Surf”, could lead to unauthorized data access - https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/  UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants -...

[Referências do Episódio] AhnLab and NCSC Release Joint Report on Microsoft Zero-Day Browser Vulnerability (CVE-2024-38178) - https://asec.ahnlab.com/en/83877/  Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data - https://www.trendmicro.com/en_us/research/24/j/fake-lockbit-real-damage-ransomware-samples-abuse-aws-s3-to-stea.html  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] V Seminário de Criptografia, ​Política e Direitos ​Fundamentais - https://seminariodecriptografia.my.canva.site/  CriptoFrevo - https://criptofrevo.ip.rec.br/  How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends - https://cloud.google.com/blog/topics/threat-intelligence/time-to-exploit-trends-2023/  Should We Chat, Too? Security Analysis of WeChat’s MMTLS Encryption Protocol -...

[Referências do Episódio] FASTCash for Linux - https://doubleagent.net/fastcash-for-linux/  New FASTCash malware Linux variant helps steal money from ATMs - https://www.bleepingcomputer.com/news/security/new-fastcash-malware-linux-variant-helps-steal-money-from-atms/  Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions - https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html  WordPress Plugin Jetpack...

[Referências do Episódio] Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware - https://www.trendmicro.com/en_us/research/24/j/water-makara-uses-obfuscated-javascript-in-spear-phishing-campai.html  Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions - https://www.trendmicro.com/en_us/research/24/j/earth-simnavaz-cyberattacks-uae-gulf-regions.html  CVE-2024-30088 - Windows Kernel Elevation of...

[Referências do Episódio] Firefox Zero-Day Under Attack: Update Your Browser Immediately - https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html  Palo Alto fixed critical flaws in PAN-OS firewalls that allow for full compromise of the devices - https://securityaffairs.com/169599/security/palo-alto-fixed-critical-flaws-in-pan-os-firewalls.html  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento:...

[Referências do Episódio] October 2024 Security Updates - https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct Following the trail of Flax Typhoon to uncover newly discovered vulnerabilities in Linear Emerge Access Control Devices - https://vulncheck.com/blog/flax-typhoon-linear-merge October Security Update - https://www.ivanti.com/blog/october-2024-security-update Not All Fun and Games: Lua Malware Targets Educational Sector and Student Gaming Engines -...

[Referências do Episódio] Mind the (air) gap: GoldenJackal gooses government guardrails - https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/ October 2024 Security Bulletin - https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html Awaken Likho is awake: new techniques of an APT group - https://securelist.com/awaken-likho-apt-new-implant-campaign/114101/ Roteiro e apresentação: Carlos...

[Referências do Episódio] [TREND MICRO NO FORRESTER] - https://www.trendmicro.com/explore/forrester-wave-xdr/01054-v1-en-www  PRESS RELEASE No 166/24 - https://curia.europa.eu/jcms/upload/docs/application/pdf/2024-10/cp240166en.pdf No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection - https://unit42.paloaltonetworks.com/detecting-dns-tunneling-campaigns/ Threat actor believed to be spreading new MedusaLocker variant since 2022 -...

[Referências do Episódio] SHROUDED#SLEEP: A deep dive into North Korea’s Ongoing Campaign Against Southeast Asia - https://www.securonix.com/blog/shroudedsleep-a-deep-dive-into-north-koreas-ongoing-campaign-against-southeast-asia/ perfctl: A stealthy malware targeting millions of Linux Servers - https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/ Ransomware groups demystified: CyberVolk Ransomware -...

[Referências do Episódio] Stonefly: Extortion Attacks Continue Against U.S. Targets - https://symantec-enterprise-blogs.security.com/threat-intelligence/stonefly-north-korea-extortion Thousands of Adobe Commerce stores hacked in competing CosmicSting campaigns - https://sansec.io/research/cosmicsting-fallout Breaking into DrayTek routers before threat actors do it again - https://www.forescout.com/resources/draybreak-draytek-research/ Separating the bee from the panda: CeranaKeeper...

[Referências do Episódio] ProofPoint posts - https://x.com/threatinsight/status/1841089939905134793 Treasury sanctions members of the Russia-based cybercriminal group Evil Corp in trilateral action with the United Kingdom and Australia - https://home.treasury.gov/news/press-releases/jy2623 Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - https://unit42.paloaltonetworks.com/machine-learning-new-swiss-army-suite-tool/ Key Group: another...

[Referências do Episódio] Netskope Threat Labs Uncovers New XWorm’s Stealthy Techniques - https://www.netskope.com/blog/netskope-threat-labs-uncovers-new-xworms-stealthy-techniques PlayStation Network - https://status.playstation.com/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Hadooken and K4Spreader: The 8220 Gang’s Latest Arsenal - https://blog.sekoia.io/hadooken-and-k4spreader-the-8220-gangs-latest-arsenal/  Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware - https://thedfirreport.com/2024/09/30/nitrogen-campaign-drops-sliver-and-ends-with-blackcat-ransomware/  Killsec - RansomLook - https://www.ransomlook.io/group/killsec  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo...

[Referências do Episódio] CUPS flaws enable Linux remote code execution, but there’s a catch - https://www.bleepingcomputer.com/news/security/cups-flaws-enable-linux-remote-code-execution-but-theres-a-catch/  HPE patches three critical security holes in Aruba PAPI - https://www.theregister.com/2024/09/26/hpe_aruba_patch_papi/  Storm-0501: Ransomware attacks expanding to hybrid cloud environments -...

[Referências do Episódio] BBTok Targeting Brazil: Deobfuscating the .NET Loader with dnlib and PowerShell - https://www.gdatasoftware.com/blog/2024/09/38039-bbtok-deobfuscating-net-loader#c235408  SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites - https://blog.sekoia.io/silentselfie-uncovering-a-major-watering-hole-campaign-against-kurdish-websites/  LummaC2: Obfuscation Through Indirect Control Flow -...

[Referências do Episódio] How the Necro Trojan infected 11 million Android users - https://www.kaspersky.com/blog/necro-infects-android-users/52201/  Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware - https://www.sentinelone.com/labs/kryptina-raas-from-unsellable-cast-off-to-enterprise-ransomware/  Inside SnipBot: The Latest RomCom Malware Variant - https://unit42.paloaltonetworks.com/snipbot-romcom-malware-variant/  Roteiro e apresentação: Carlos Cabral e Bianca...

[Referências do Episódio] How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections - https://www.trendmicro.com/en_us/research/24/i/how-ransomhub-ransomware-uses-edrkillshifter-to-disable-edr-and-.html  -=TWELVE=- is back - https://securelist.com/twelve-group-unified-kill-chain/113877/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Evolução e adaptação: nova variante do Grandoreiro afeta 4 mil entidades em todo o mundo - https://sidechannel.blog/evolucao-e-adaptacao-nova-variante-do-grandoreiro-afeta-4-mil-entidades-em-todo-o-mundo/  New Banking Trojan “CHAVECLOAK” Targets Brazil - https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil  Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance -...

[Referências do Episódio] Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC - https://www.trendmicro.com/en_us/research/24/i/earth-baxia-spear-phishing-and-geoserver-exploit.html  GrimResource -  Microsoft Management Console for initial access and evasion - https://www.elastic.co/security-labs/grimresource Hijack Execution Flow: AppDomainManager - https://attack.mitre.org/techniques/T1574/014/  Derailing the Raptor Train -...

[Referências do Episódio] Hezbollah blames Israel after pager explosions kill nine and injure thousands in Lebanon - https://www.bbc.com/news/articles/cd7xnelvpepo  How did Hezbollah’s pagers explode in Lebanon? - https://www.aljazeera.com/news/2024/9/17/how-did-hezbollahs-pagers-explode-in-lebanon  Hezbollah Pagers Explode in Apparent Attack Across Lebanon -...

[Referências do Episódio] DIR-X4860 / DIR-X5460 / COVR-X1870 :: TWCERT - TVN-202409021 / TVN-202409022 / TVN-202409023 / TVN-202409024 / TVN-202429025 Vulnerabilities reports - https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10412  SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks - https://thehackernews.com/2024/09/solarwinds-issues-patch-for-critical.html  Recently patched Windows flaw CVE-2024-43461 was actively exploited as...

[Referências do Episódio] [TREND MICRO NO FORRESTER] - https://www.trendmicro.com/explore/forrester-wave-xdr/01054-v1-en-www  Security Advisory Ivanti Cloud Service Appliance (CSA) (CVE-2024-8190) - https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US  Attacking PowerShell CLIXML Deserialization - https://www.truesec.com/hub/blog/attacking-powershell-clixml-deserialization  Gomorrah Stealer v5.1: An In-Depth...

[Referências do Episódio] Void captures over a million Android TV boxes - https://news.drweb.com/show/?i=14900&lng=en  Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide - https://thehackernews.com/2024/09/beware-new-vo1d-malware-infects-13.html  Ransomware: Attacks Once More Nearing Peak Levels - https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomware-attacks-rebound  Crystal Rans0m: Emerging hybrid ransomware with stealer...