[Referências do Episódio] SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/steganoamor-campaign-ta558-mass-attacking-companies-and-public-institutions-all-around-the-world/#id0 From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering - https://www.proofpoint.com/us/blog/threat-insight/social-engineering-dmarc-abuse-ta427s-art-information-gathering...

[Referências do Episódio] Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) - https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/ CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect - https://security.paloaltonetworks.com/CVE-2024-3400 Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related...

CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway - https://security.paloaltonetworks.com/CVE-2024-3400

[Referências do Episódio] Entendendo operações de ransomware-as-a-service a partir da perspectiva de um afiliado - https://www.sidechannel.blog/entendendo-operacoes-de-ransomware-as-a-service-a-partir-da-perspectiva-de-um-afiliado/ Security Brief: TA547 Targets German Organizations with Rhadamanthys Stealer - https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta547-targets-german-organizations-rhadamanthys-stealer New Technique to Trick Developers Detected in an Open Source...

[Referências do Episódio] InSpectre Gadget: Inspecting the Residual Attack Surface of Cross-privilege Spectre v2 - https://www.vusec.net/projects/native-bhi/ eXotic Visit campaign: Tracing the footprints of Virtual Invaders - https://www.welivesecurity.com/en/eset-research/exotic-visit-campaign-tracing-footprints-virtual-invaders/ Raspberry Robin Now Spreading Through Windows Script Files - https://threatresearch.ext.hp.com/raspberry-robin-now-spreading-through-windows-script-files/...

[Referências do Episódio] Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs - https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2024-patch-tuesday-fixes-150-security-flaws-67-rces/ [FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration - https://fortiguard.fortinet.com/psirt/FG-IR-23-087 Security update available for Adobe Commerce | APSB24-18 - https://helpx.adobe.com/security/products/magento/apsb24-18.html Vulnerabilities...

[Referências do Episódio] It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise - https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/ ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins - https://www.fortinet.com/blog/threat-research/scrubcrypt-deploys-venomrat-with-arsenal-of-plugins Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Threat Actors Hack YouTube Channels to Distribute Infostealers (Vidar and LummaC2) - https://asec.ahnlab.com/en/63980/ Entre vídeos e anúncios, YouTube lidera o acesso pelas crianças - https://lunetas.com.br/entre-videos-e-anuncios-youtube-lidera-o-acesso-pelas-criancas/ Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites - https://thehackernews.com/2024/04/hackers-exploit-magento-bug-to-steal.html Security update available for Adobe...

[Referências do Episódio] Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies - https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement SA:CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow) and CVE-2024-22023 (XML entity expansion or XXE) for Ivanti Connect Secure and Ivanti Policy Secure Gateways -...

[Referências do Episódio] HSBC and Barclays banks allegedly breached - https://twitter.com/H4ckManac/status/1775229001679724550 Threat Actors Deliver Malware via YouTube Video Game Cracks - https://www.proofpoint.com/us/blog/threat-insight/threat-actors-deliver-malware-youtube-video-game-cracks The New Version Of JsOutProx Is Attacking Financial Institutions In APAC And MENA Via GitLab Abuse -...

[Referências do Episódio] Campanha de phishing do grupo TA558 - https://www.linkedin.com/feed/update/urn:li:activity:7180255262807572480/ AGENT TESLA TARGETING UNITED STATES & AUSTRALIA: REVEALING THE ATTACKERS’ IDENTITIES - https://research.checkpoint.com/2024/agent-tesla-targeting-united-states-and-australia/ Earth Freybug Uses UNAPIMON for Unhooking Critical APIs - https://www.trendmicro.com/pt_br/research/24/d/earth-freybug.html Roteiro e apresentação: Carlos Cabral e Bianca...

[Referências do Episódio] “Hey, This Isn’t the Right Site!” Distribution of Malware Exploiting Google Ads Tracking - https://asec.ahnlab.com/en/63477/ From OneNote to RansomNote: An Ice Cold Intrusion - https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Urgent security alert for Fedora Linux 40 and Fedora Rawhide users - https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094 - https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094 CVE-2024-3094 XZ Backdoor: All you need to know -...

[Referências do Episódio] We’re All in this Together: A Year in Review of Zero-Days Exploited In-the-Wild in 2023 - https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf  Google fixes Chrome zero-days exploited at Pwn2Own 2024 - https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-days-exploited-at-pwn2own-2024/  WarzoneRAT Returns with Multi-Stage Attack Post FBI Seizure -...

[Referências do Episódio] The Darkside Of TheMoon - https://blog.lumen.com/the-darkside-of-themoon/  Tausende Microsoft-Exchange-Server in Deutschland weiterhin für kritische Schwachstellen verwundbar - https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-223466-1032.pdf?__blob=publicationFile&v=7  Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure - https://home.treasury.gov/news/press-releases/jy2205  Millions of Americans caught...

[Referências do Episódio] Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit - https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit Over 170K Users Affected by Attack Using Fake Python Infrastructure - https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento:...

[Referências do Episódio] Large-Scale StrelaStealer Campaign in Early 2024 - https://unit42.paloaltonetworks.com/strelastealer-campaign/  APT29 Uses WINELOADER to Target German Political Parties - https://www.mandiant.com/resources/blog/apt29-wineloader-german-political-parties  MOZILLA FIXED FIREFOX ZERO-DAYS EXPLOITED AT PWN2OWN VANCOUVER 2024 - https://securityaffairs.com/160966/hacking/mozilla-fixed-firefox-zero-day-pwn2own-vancouver-2024.html  PWN2OWN VANCOUVER 2024: PARTICIPANTS...

[Referências do Episódio] CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Deep Dive - https://www.horizon3.ai/attack-research/attack-blogs/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive/  New details on TinyTurla’s post-compromise activity reveal full kill chain - https://blog.talosintelligence.com/tinyturla-full-kill-chain/ Entendendo a vulnerabilidade Edge Side Include Injection -...

[Referências do Episódio] Advisory on Application-layer Loop DoS Attacks - https://docs.google.com/document/d/1KByZzrdwQhrXGPPCf9tUzERZyRzg0xOpGbWoDURZxTI/edit  Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug - https://thehackernews.com/2024/03/atlassian-releases-fixes-for-over-2.html  Abusing the DHCP Administrators Group to Escalate Privileges in Windows Domains -...

[Referências do Episódio] Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader Backdoor - https://unit42.paloaltonetworks.com/unit-42-scpc-ssscip-uncover-smoke-loader-phishing/  The State Cyber Protection Center together with Palo Alto Networks Unit 42 have studied the SmokeLoader malware - https://scpc.gov.ua/en/articles/356  Joint Statement on Efforts to Counter the Proliferation and Misuse of Commercial Spyware -...

[Referências do Episódio] Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled - https://unit42.paloaltonetworks.com/analysis-of-bunnyloader-malware/  CGSI Probes: ShadowSyndicate Group’s Possible Exploitation of Aiohttp Vulnerability (CVE-2024-23334) - https://cyble.com/blog/cgsi-probes-shadowsyndicate-groups-possible-exploitation-of-aiohttp-vulnerability-cve-2024-23334/  Patch para a CVE-2024-23334 no aiohttp -...

[Referências do Episódio] eSim, откройся: эксперты F.A.C.C.T. предупредили о новых атаках на клиентов банков - https://www.facct.ru/media-center/press-releases/esim-bank-attacks/  What a Cluster: Local Volumes Vulnerability in Kubernetes - https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges  CISA Releases Fifteen Industrial Control Systems Advisories -...

[Referências do Episódio] PixPirate: The Brazilian financial malware you can’t see - https://securityintelligence.com/posts/pixpirate-brazilian-financial-malware/  CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign - https://www.trendmicro.com/en_us/research/24/c/cve-2024-21412--darkgate-operators-exploit-microsoft-windows-sma.html  CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day -...

[Referências do Episódio] March 2024 Security Updates - https://msrc.microsoft.com/update-guide/releaseNote/2024-Mar  CVE-2024-21407 - Windows Hyper-V Remote Code Execution Vulnerability - https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21407 CVE-2024-21408 - Windows Hyper-V Denial of Service Vulnerability - https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21408  Ransomware: Attacks Continue to Rise as Operators Adapt to Disruption -...

[Referências do Episódio] CVE-2024-21378 — Remote Code Execution in Microsoft Outlook - https://www.netspi.com/blog/technical/red-team-operations/microsoft-outlook-remote-code-execution-cve-2024-21378/  Microsoft Outlook Remote Code Execution Vulnerability - CVE-2024-21378 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21378  MASSIVE CYBERATTACKS HIT FRENCH GOVERNMENT AGENCIES -...