Episodes
[Referências do Episódio]
[TREND MICRO NO FORRESTER] - https://www.trendmicro.com/explore/forrester-wave-xdr/01054-v1-en-www
Tricks and Treats: GHOSTPULSE’s new pixel- level deception - https://www.elastic.co/security-labs/tricks-and-treats
Unmasking Lumma Stealer : Analyzing Deceptive Tactics with Fake CAPTCHA - https://blog.qualys.com/vulnerabilities-threat-research/2024/10/20/unmasking-lumma-stealer-analyzing-deceptive-tactics-with-fake-captcha
New Bumblebee Loader...
Published 10/21/24
[Referências do Episódio]
Encrypted Symphony: Infiltrating the Cicada3301 Ransomware-as-a-Service Group - https://www.group-ib.com/blog/cicada3301/
New macOS vulnerability, “HM Surf”, could lead to unauthorized data access - https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/
UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants -...
Published 10/18/24
[Referências do Episódio]
AhnLab and NCSC Release Joint Report on Microsoft Zero-Day Browser Vulnerability (CVE-2024-38178) - https://asec.ahnlab.com/en/83877/
Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data - https://www.trendmicro.com/en_us/research/24/j/fake-lockbit-real-damage-ransomware-samples-abuse-aws-s3-to-stea.html
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Published 10/17/24
[Referências do Episódio]
V Seminário de Criptografia, Política e Direitos Fundamentais - https://seminariodecriptografia.my.canva.site/
CriptoFrevo - https://criptofrevo.ip.rec.br/
How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends - https://cloud.google.com/blog/topics/threat-intelligence/time-to-exploit-trends-2023/
Should We Chat, Too? Security Analysis of WeChat’s MMTLS Encryption Protocol -...
Published 10/16/24
[Referências do Episódio]
FASTCash for Linux - https://doubleagent.net/fastcash-for-linux/
New FASTCash malware Linux variant helps steal money from ATMs - https://www.bleepingcomputer.com/news/security/new-fastcash-malware-linux-variant-helps-steal-money-from-atms/
Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions - https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html
WordPress Plugin Jetpack...
Published 10/15/24
[Referências do Episódio]
Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware - https://www.trendmicro.com/en_us/research/24/j/water-makara-uses-obfuscated-javascript-in-spear-phishing-campai.html
Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions - https://www.trendmicro.com/en_us/research/24/j/earth-simnavaz-cyberattacks-uae-gulf-regions.html
CVE-2024-30088 - Windows Kernel Elevation of...
Published 10/14/24
[Referências do Episódio]
Firefox Zero-Day Under Attack: Update Your Browser Immediately - https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html
Palo Alto fixed critical flaws in PAN-OS firewalls that allow for full compromise of the devices - https://securityaffairs.com/169599/security/palo-alto-fixed-critical-flaws-in-pan-os-firewalls.html
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento:...
Published 10/11/24
[Referências do Episódio]
October 2024 Security Updates - https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct
Following the trail of Flax Typhoon to uncover newly discovered vulnerabilities in Linear Emerge Access Control Devices -
https://vulncheck.com/blog/flax-typhoon-linear-merge
October Security Update - https://www.ivanti.com/blog/october-2024-security-update
Not All Fun and Games: Lua Malware Targets Educational Sector and Student Gaming Engines -...
Published 10/09/24
[Referências do Episódio]
Mind the (air) gap: GoldenJackal gooses government guardrails - https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/
October 2024 Security Bulletin -
https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html
Awaken Likho is awake: new techniques of an APT group - https://securelist.com/awaken-likho-apt-new-implant-campaign/114101/
Roteiro e apresentação: Carlos...
Published 10/08/24
[Referências do Episódio]
[TREND MICRO NO FORRESTER] - https://www.trendmicro.com/explore/forrester-wave-xdr/01054-v1-en-www
PRESS RELEASE No 166/24 - https://curia.europa.eu/jcms/upload/docs/application/pdf/2024-10/cp240166en.pdf
No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection -
https://unit42.paloaltonetworks.com/detecting-dns-tunneling-campaigns/
Threat actor believed to be spreading new MedusaLocker variant since 2022 -...
Published 10/07/24
[Referências do Episódio]
SHROUDED#SLEEP: A deep dive into North Korea’s Ongoing Campaign Against Southeast Asia - https://www.securonix.com/blog/shroudedsleep-a-deep-dive-into-north-koreas-ongoing-campaign-against-southeast-asia/
perfctl: A stealthy malware targeting millions of Linux Servers -
https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/
Ransomware groups demystified: CyberVolk Ransomware -...
Published 10/04/24
[Referências do Episódio]
Stonefly: Extortion Attacks Continue Against U.S. Targets - https://symantec-enterprise-blogs.security.com/threat-intelligence/stonefly-north-korea-extortion
Thousands of Adobe Commerce stores hacked in competing CosmicSting campaigns -
https://sansec.io/research/cosmicsting-fallout
Breaking into DrayTek routers before threat actors do it again - https://www.forescout.com/resources/draybreak-draytek-research/
Separating the bee from the panda: CeranaKeeper...
Published 10/03/24
[Referências do Episódio]
ProofPoint posts - https://x.com/threatinsight/status/1841089939905134793
Treasury sanctions members of the Russia-based cybercriminal group Evil Corp in trilateral action with the United Kingdom and Australia -
https://home.treasury.gov/news/press-releases/jy2623
Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - https://unit42.paloaltonetworks.com/machine-learning-new-swiss-army-suite-tool/
Key Group: another...
Published 10/02/24
[Referências do Episódio]
Netskope Threat Labs Uncovers New XWorm’s Stealthy Techniques - https://www.netskope.com/blog/netskope-threat-labs-uncovers-new-xworms-stealthy-techniques
PlayStation Network - https://status.playstation.com/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Published 10/01/24
[Referências do Episódio]
Hadooken and K4Spreader: The 8220 Gang’s Latest Arsenal - https://blog.sekoia.io/hadooken-and-k4spreader-the-8220-gangs-latest-arsenal/
Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware - https://thedfirreport.com/2024/09/30/nitrogen-campaign-drops-sliver-and-ends-with-blackcat-ransomware/
Killsec - RansomLook - https://www.ransomlook.io/group/killsec
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo...
Published 09/30/24
[Referências do Episódio]
CUPS flaws enable Linux remote code execution, but there’s a catch - https://www.bleepingcomputer.com/news/security/cups-flaws-enable-linux-remote-code-execution-but-theres-a-catch/
HPE patches three critical security holes in Aruba PAPI - https://www.theregister.com/2024/09/26/hpe_aruba_patch_papi/
Storm-0501: Ransomware attacks expanding to hybrid cloud environments -...
Published 09/27/24
[Referências do Episódio]
BBTok Targeting Brazil: Deobfuscating the .NET Loader with dnlib and PowerShell - https://www.gdatasoftware.com/blog/2024/09/38039-bbtok-deobfuscating-net-loader#c235408
SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites - https://blog.sekoia.io/silentselfie-uncovering-a-major-watering-hole-campaign-against-kurdish-websites/
LummaC2: Obfuscation Through Indirect Control Flow -...
Published 09/26/24
[Referências do Episódio]
How the Necro Trojan infected 11 million Android users - https://www.kaspersky.com/blog/necro-infects-android-users/52201/
Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware - https://www.sentinelone.com/labs/kryptina-raas-from-unsellable-cast-off-to-enterprise-ransomware/
Inside SnipBot: The Latest RomCom Malware Variant - https://unit42.paloaltonetworks.com/snipbot-romcom-malware-variant/
Roteiro e apresentação: Carlos Cabral e Bianca...
Published 09/24/24
[Referências do Episódio]
How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections - https://www.trendmicro.com/en_us/research/24/i/how-ransomhub-ransomware-uses-edrkillshifter-to-disable-edr-and-.html
-=TWELVE=- is back - https://securelist.com/twelve-group-unified-kill-chain/113877/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Published 09/23/24
[Referências do Episódio]
Evolução e adaptação: nova variante do Grandoreiro afeta 4 mil entidades em todo o mundo - https://sidechannel.blog/evolucao-e-adaptacao-nova-variante-do-grandoreiro-afeta-4-mil-entidades-em-todo-o-mundo/
New Banking Trojan “CHAVECLOAK” Targets Brazil - https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance -...
Published 09/20/24
[Referências do Episódio]
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC - https://www.trendmicro.com/en_us/research/24/i/earth-baxia-spear-phishing-and-geoserver-exploit.html
GrimResource - Microsoft Management Console for initial access and evasion - https://www.elastic.co/security-labs/grimresource
Hijack Execution Flow: AppDomainManager - https://attack.mitre.org/techniques/T1574/014/
Derailing the Raptor Train -...
Published 09/19/24
[Referências do Episódio]
Hezbollah blames Israel after pager explosions kill nine and injure thousands in Lebanon - https://www.bbc.com/news/articles/cd7xnelvpepo
How did Hezbollah’s pagers explode in Lebanon? - https://www.aljazeera.com/news/2024/9/17/how-did-hezbollahs-pagers-explode-in-lebanon
Hezbollah Pagers Explode in Apparent Attack Across Lebanon -...
Published 09/18/24
[Referências do Episódio]
DIR-X4860 / DIR-X5460 / COVR-X1870 :: TWCERT - TVN-202409021 / TVN-202409022 / TVN-202409023 / TVN-202409024 / TVN-202429025 Vulnerabilities reports - https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10412
SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks - https://thehackernews.com/2024/09/solarwinds-issues-patch-for-critical.html
Recently patched Windows flaw CVE-2024-43461 was actively exploited as...
Published 09/17/24
[Referências do Episódio]
[TREND MICRO NO FORRESTER] - https://www.trendmicro.com/explore/forrester-wave-xdr/01054-v1-en-www
Security Advisory Ivanti Cloud Service Appliance (CSA) (CVE-2024-8190) - https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US
Attacking PowerShell CLIXML Deserialization - https://www.truesec.com/hub/blog/attacking-powershell-clixml-deserialization
Gomorrah Stealer v5.1: An In-Depth...
Published 09/16/24
[Referências do Episódio]
Void captures over a million Android TV boxes - https://news.drweb.com/show/?i=14900&lng=en
Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide - https://thehackernews.com/2024/09/beware-new-vo1d-malware-infects-13.html
Ransomware: Attacks Once More Nearing Peak Levels - https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomware-attacks-rebound
Crystal Rans0m: Emerging hybrid ransomware with stealer...
Published 09/13/24