Episodes
[Referências do Episódio] October 2024 Security Updates - https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct Following the trail of Flax Typhoon to uncover newly discovered vulnerabilities in Linear Emerge Access Control Devices - https://vulncheck.com/blog/flax-typhoon-linear-merge October Security Update - https://www.ivanti.com/blog/october-2024-security-update Not All Fun and Games: Lua Malware Targets Educational Sector and Student Gaming Engines -...
Published 10/09/24
[Referências do Episódio] Mind the (air) gap: GoldenJackal gooses government guardrails - https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/ October 2024 Security Bulletin - https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html Awaken Likho is awake: new techniques of an APT group - https://securelist.com/awaken-likho-apt-new-implant-campaign/114101/ Roteiro e apresentação: Carlos...
Published 10/08/24
[Referências do Episódio] [TREND MICRO NO FORRESTER] - https://www.trendmicro.com/explore/forrester-wave-xdr/01054-v1-en-www  PRESS RELEASE No 166/24 - https://curia.europa.eu/jcms/upload/docs/application/pdf/2024-10/cp240166en.pdf No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection - https://unit42.paloaltonetworks.com/detecting-dns-tunneling-campaigns/ Threat actor believed to be spreading new MedusaLocker variant since 2022 -...
Published 10/07/24
[Referências do Episódio] SHROUDED#SLEEP: A deep dive into North Korea’s Ongoing Campaign Against Southeast Asia - https://www.securonix.com/blog/shroudedsleep-a-deep-dive-into-north-koreas-ongoing-campaign-against-southeast-asia/ perfctl: A stealthy malware targeting millions of Linux Servers - https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/ Ransomware groups demystified: CyberVolk Ransomware -...
Published 10/04/24
[Referências do Episódio] Stonefly: Extortion Attacks Continue Against U.S. Targets - https://symantec-enterprise-blogs.security.com/threat-intelligence/stonefly-north-korea-extortion Thousands of Adobe Commerce stores hacked in competing CosmicSting campaigns - https://sansec.io/research/cosmicsting-fallout Breaking into DrayTek routers before threat actors do it again - https://www.forescout.com/resources/draybreak-draytek-research/ Separating the bee from the panda: CeranaKeeper...
Published 10/03/24
[Referências do Episódio] ProofPoint posts - https://x.com/threatinsight/status/1841089939905134793 Treasury sanctions members of the Russia-based cybercriminal group Evil Corp in trilateral action with the United Kingdom and Australia - https://home.treasury.gov/news/press-releases/jy2623 Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - https://unit42.paloaltonetworks.com/machine-learning-new-swiss-army-suite-tool/ Key Group: another...
Published 10/02/24
[Referências do Episódio] Netskope Threat Labs Uncovers New XWorm’s Stealthy Techniques - https://www.netskope.com/blog/netskope-threat-labs-uncovers-new-xworms-stealthy-techniques PlayStation Network - https://status.playstation.com/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
Published 10/01/24
[Referências do Episódio] Hadooken and K4Spreader: The 8220 Gang’s Latest Arsenal - https://blog.sekoia.io/hadooken-and-k4spreader-the-8220-gangs-latest-arsenal/  Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware - https://thedfirreport.com/2024/09/30/nitrogen-campaign-drops-sliver-and-ends-with-blackcat-ransomware/  Killsec - RansomLook - https://www.ransomlook.io/group/killsec  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo...
Published 09/30/24
[Referências do Episódio] CUPS flaws enable Linux remote code execution, but there’s a catch - https://www.bleepingcomputer.com/news/security/cups-flaws-enable-linux-remote-code-execution-but-theres-a-catch/  HPE patches three critical security holes in Aruba PAPI - https://www.theregister.com/2024/09/26/hpe_aruba_patch_papi/  Storm-0501: Ransomware attacks expanding to hybrid cloud environments -...
Published 09/27/24
[Referências do Episódio] BBTok Targeting Brazil: Deobfuscating the .NET Loader with dnlib and PowerShell - https://www.gdatasoftware.com/blog/2024/09/38039-bbtok-deobfuscating-net-loader#c235408  SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites - https://blog.sekoia.io/silentselfie-uncovering-a-major-watering-hole-campaign-against-kurdish-websites/  LummaC2: Obfuscation Through Indirect Control Flow -...
Published 09/26/24
[Referências do Episódio] How the Necro Trojan infected 11 million Android users - https://www.kaspersky.com/blog/necro-infects-android-users/52201/  Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware - https://www.sentinelone.com/labs/kryptina-raas-from-unsellable-cast-off-to-enterprise-ransomware/  Inside SnipBot: The Latest RomCom Malware Variant - https://unit42.paloaltonetworks.com/snipbot-romcom-malware-variant/  Roteiro e apresentação: Carlos Cabral e Bianca...
Published 09/24/24
[Referências do Episódio] How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections - https://www.trendmicro.com/en_us/research/24/i/how-ransomhub-ransomware-uses-edrkillshifter-to-disable-edr-and-.html  -=TWELVE=- is back - https://securelist.com/twelve-group-unified-kill-chain/113877/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
Published 09/23/24
[Referências do Episódio] Evolução e adaptação: nova variante do Grandoreiro afeta 4 mil entidades em todo o mundo - https://sidechannel.blog/evolucao-e-adaptacao-nova-variante-do-grandoreiro-afeta-4-mil-entidades-em-todo-o-mundo/  New Banking Trojan “CHAVECLOAK” Targets Brazil - https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil  Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance -...
Published 09/20/24
[Referências do Episódio] Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC - https://www.trendmicro.com/en_us/research/24/i/earth-baxia-spear-phishing-and-geoserver-exploit.html  GrimResource -  Microsoft Management Console for initial access and evasion - https://www.elastic.co/security-labs/grimresource Hijack Execution Flow: AppDomainManager - https://attack.mitre.org/techniques/T1574/014/  Derailing the Raptor Train -...
Published 09/19/24
[Referências do Episódio] Hezbollah blames Israel after pager explosions kill nine and injure thousands in Lebanon - https://www.bbc.com/news/articles/cd7xnelvpepo  How did Hezbollah’s pagers explode in Lebanon? - https://www.aljazeera.com/news/2024/9/17/how-did-hezbollahs-pagers-explode-in-lebanon  Hezbollah Pagers Explode in Apparent Attack Across Lebanon -...
Published 09/18/24
[Referências do Episódio] DIR-X4860 / DIR-X5460 / COVR-X1870 :: TWCERT - TVN-202409021 / TVN-202409022 / TVN-202409023 / TVN-202409024 / TVN-202429025 Vulnerabilities reports - https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10412  SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks - https://thehackernews.com/2024/09/solarwinds-issues-patch-for-critical.html  Recently patched Windows flaw CVE-2024-43461 was actively exploited as...
Published 09/17/24
[Referências do Episódio] [TREND MICRO NO FORRESTER] - https://www.trendmicro.com/explore/forrester-wave-xdr/01054-v1-en-www  Security Advisory Ivanti Cloud Service Appliance (CSA) (CVE-2024-8190) - https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US  Attacking PowerShell CLIXML Deserialization - https://www.truesec.com/hub/blog/attacking-powershell-clixml-deserialization  Gomorrah Stealer v5.1: An In-Depth...
Published 09/16/24
[Referências do Episódio] Void captures over a million Android TV boxes - https://news.drweb.com/show/?i=14900&lng=en  Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide - https://thehackernews.com/2024/09/beware-new-vo1d-malware-infects-13.html  Ransomware: Attacks Once More Nearing Peak Levels - https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomware-attacks-rebound  Crystal Rans0m: Emerging hybrid ransomware with stealer...
Published 09/13/24
[Referências do Episódio] DragonRank, a Chinese-speaking SEO manipulator service provider - https://blog.talosintelligence.com/dragon-rank-seo-poisoning/  We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI - https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/  Targeted Iranian Attacks Against Iraqi Government Infrastructure - https://research.checkpoint.com/2024/iranian-malware-attacks-iraqi-government/  Cleaver...
Published 09/12/24
[Referências do Episódio] Microsoft September 2024 Security Updates - https://answers.microsoft.com/en-us/windows/forum/all/microsoft-september-2024-security-updates/50243470-d3c3-46c2-acd1-7ecd4f3cf059  CISA Adds Four Known Exploited Vulnerabilities to Catalog - https://www.cisa.gov/news-events/alerts/2024/09/10/cisa-adds-four-known-exploited-vulnerabilities-catalog  Security Advisory EPM September 2024 for EPM 2024 and EPM 2022 -...
Published 09/11/24
[Referências do Episódio] Earth Preta Evolves its Attacks with New Malware and Strategies - https://www.trendmicro.com/en_us/research/24/i/earth-preta-new-malware-and-strategies.html  MUSTANG PANDA - https://malpedia.caad.fkie.fraunhofer.de/actor/mustang_panda  A glimpse into the Quad7 operators’ next moves and associated botnets - https://blog.sekoia.io/a-glimpse-into-the-quad7-operators-next-moves-and-associated-botnets/  LET’S GO DOOR WITH KCP -...
Published 09/10/24
[Referências do Episódio] SonicWall SNWLID-2024-0015 - SonicOS Improper Access Control Vulnerability - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015  Chinese APT Abuses VSCode to Target Government in Asia - https://unit42.paloaltonetworks.com/stately-taurus-abuses-vscode-southeast-asian-espionage/  Visual Studio Code: embedded reverse shell and how to block, create Sentinel Detection, and add Environment Prevention — well more like ideas and concepts to prevent...
Published 09/09/24
[Referências do Episódio] BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar - https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar  Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution - https://thehackernews.com/2024/09/apache-ofbiz-update-fixes-high-severity.html  Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command -...
Published 09/06/24
[Referências do Episódio] - Cisco Smart Licensing Utility Vulnerabilities - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw - Mallox ransomware: in-depth analysis and evolution - https://securelist.com/mallox-ransomware/113529/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
Published 09/05/24
[Referências do Episódio] Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion - https://www.trendmicro.com/en_us/research/24/i/earth-lusca-ktlvdoor.html  Earth Lusca - https://malpedia.caad.fkie.fraunhofer.de/actor/earth_lusca  Zyxel security advisory for OS command injection vulnerability in APs and security router devices -...
Published 09/04/24