Episodes
[Referências do Episódio]
October 2024 Security Updates - https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct
Following the trail of Flax Typhoon to uncover newly discovered vulnerabilities in Linear Emerge Access Control Devices -
https://vulncheck.com/blog/flax-typhoon-linear-merge
October Security Update - https://www.ivanti.com/blog/october-2024-security-update
Not All Fun and Games: Lua Malware Targets Educational Sector and Student Gaming Engines -...
Published 10/09/24
[Referências do Episódio]
Mind the (air) gap: GoldenJackal gooses government guardrails - https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/
October 2024 Security Bulletin -
https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html
Awaken Likho is awake: new techniques of an APT group - https://securelist.com/awaken-likho-apt-new-implant-campaign/114101/
Roteiro e apresentação: Carlos...
Published 10/08/24
[Referências do Episódio]
[TREND MICRO NO FORRESTER] - https://www.trendmicro.com/explore/forrester-wave-xdr/01054-v1-en-www
PRESS RELEASE No 166/24 - https://curia.europa.eu/jcms/upload/docs/application/pdf/2024-10/cp240166en.pdf
No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection -
https://unit42.paloaltonetworks.com/detecting-dns-tunneling-campaigns/
Threat actor believed to be spreading new MedusaLocker variant since 2022 -...
Published 10/07/24
[Referências do Episódio]
SHROUDED#SLEEP: A deep dive into North Korea’s Ongoing Campaign Against Southeast Asia - https://www.securonix.com/blog/shroudedsleep-a-deep-dive-into-north-koreas-ongoing-campaign-against-southeast-asia/
perfctl: A stealthy malware targeting millions of Linux Servers -
https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/
Ransomware groups demystified: CyberVolk Ransomware -...
Published 10/04/24
[Referências do Episódio]
Stonefly: Extortion Attacks Continue Against U.S. Targets - https://symantec-enterprise-blogs.security.com/threat-intelligence/stonefly-north-korea-extortion
Thousands of Adobe Commerce stores hacked in competing CosmicSting campaigns -
https://sansec.io/research/cosmicsting-fallout
Breaking into DrayTek routers before threat actors do it again - https://www.forescout.com/resources/draybreak-draytek-research/
Separating the bee from the panda: CeranaKeeper...
Published 10/03/24
[Referências do Episódio]
ProofPoint posts - https://x.com/threatinsight/status/1841089939905134793
Treasury sanctions members of the Russia-based cybercriminal group Evil Corp in trilateral action with the United Kingdom and Australia -
https://home.treasury.gov/news/press-releases/jy2623
Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - https://unit42.paloaltonetworks.com/machine-learning-new-swiss-army-suite-tool/
Key Group: another...
Published 10/02/24
[Referências do Episódio]
Netskope Threat Labs Uncovers New XWorm’s Stealthy Techniques - https://www.netskope.com/blog/netskope-threat-labs-uncovers-new-xworms-stealthy-techniques
PlayStation Network - https://status.playstation.com/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Published 10/01/24
[Referências do Episódio]
Hadooken and K4Spreader: The 8220 Gang’s Latest Arsenal - https://blog.sekoia.io/hadooken-and-k4spreader-the-8220-gangs-latest-arsenal/
Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware - https://thedfirreport.com/2024/09/30/nitrogen-campaign-drops-sliver-and-ends-with-blackcat-ransomware/
Killsec - RansomLook - https://www.ransomlook.io/group/killsec
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo...
Published 09/30/24
[Referências do Episódio]
CUPS flaws enable Linux remote code execution, but there’s a catch - https://www.bleepingcomputer.com/news/security/cups-flaws-enable-linux-remote-code-execution-but-theres-a-catch/
HPE patches three critical security holes in Aruba PAPI - https://www.theregister.com/2024/09/26/hpe_aruba_patch_papi/
Storm-0501: Ransomware attacks expanding to hybrid cloud environments -...
Published 09/27/24
[Referências do Episódio]
BBTok Targeting Brazil: Deobfuscating the .NET Loader with dnlib and PowerShell - https://www.gdatasoftware.com/blog/2024/09/38039-bbtok-deobfuscating-net-loader#c235408
SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites - https://blog.sekoia.io/silentselfie-uncovering-a-major-watering-hole-campaign-against-kurdish-websites/
LummaC2: Obfuscation Through Indirect Control Flow -...
Published 09/26/24
[Referências do Episódio]
How the Necro Trojan infected 11 million Android users - https://www.kaspersky.com/blog/necro-infects-android-users/52201/
Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware - https://www.sentinelone.com/labs/kryptina-raas-from-unsellable-cast-off-to-enterprise-ransomware/
Inside SnipBot: The Latest RomCom Malware Variant - https://unit42.paloaltonetworks.com/snipbot-romcom-malware-variant/
Roteiro e apresentação: Carlos Cabral e Bianca...
Published 09/24/24
[Referências do Episódio]
How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections - https://www.trendmicro.com/en_us/research/24/i/how-ransomhub-ransomware-uses-edrkillshifter-to-disable-edr-and-.html
-=TWELVE=- is back - https://securelist.com/twelve-group-unified-kill-chain/113877/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Published 09/23/24
[Referências do Episódio]
Evolução e adaptação: nova variante do Grandoreiro afeta 4 mil entidades em todo o mundo - https://sidechannel.blog/evolucao-e-adaptacao-nova-variante-do-grandoreiro-afeta-4-mil-entidades-em-todo-o-mundo/
New Banking Trojan “CHAVECLOAK” Targets Brazil - https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance -...
Published 09/20/24
[Referências do Episódio]
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC - https://www.trendmicro.com/en_us/research/24/i/earth-baxia-spear-phishing-and-geoserver-exploit.html
GrimResource - Microsoft Management Console for initial access and evasion - https://www.elastic.co/security-labs/grimresource
Hijack Execution Flow: AppDomainManager - https://attack.mitre.org/techniques/T1574/014/
Derailing the Raptor Train -...
Published 09/19/24
[Referências do Episódio]
Hezbollah blames Israel after pager explosions kill nine and injure thousands in Lebanon - https://www.bbc.com/news/articles/cd7xnelvpepo
How did Hezbollah’s pagers explode in Lebanon? - https://www.aljazeera.com/news/2024/9/17/how-did-hezbollahs-pagers-explode-in-lebanon
Hezbollah Pagers Explode in Apparent Attack Across Lebanon -...
Published 09/18/24
[Referências do Episódio]
DIR-X4860 / DIR-X5460 / COVR-X1870 :: TWCERT - TVN-202409021 / TVN-202409022 / TVN-202409023 / TVN-202409024 / TVN-202429025 Vulnerabilities reports - https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10412
SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks - https://thehackernews.com/2024/09/solarwinds-issues-patch-for-critical.html
Recently patched Windows flaw CVE-2024-43461 was actively exploited as...
Published 09/17/24
[Referências do Episódio]
[TREND MICRO NO FORRESTER] - https://www.trendmicro.com/explore/forrester-wave-xdr/01054-v1-en-www
Security Advisory Ivanti Cloud Service Appliance (CSA) (CVE-2024-8190) - https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US
Attacking PowerShell CLIXML Deserialization - https://www.truesec.com/hub/blog/attacking-powershell-clixml-deserialization
Gomorrah Stealer v5.1: An In-Depth...
Published 09/16/24
[Referências do Episódio]
Void captures over a million Android TV boxes - https://news.drweb.com/show/?i=14900&lng=en
Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide - https://thehackernews.com/2024/09/beware-new-vo1d-malware-infects-13.html
Ransomware: Attacks Once More Nearing Peak Levels - https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomware-attacks-rebound
Crystal Rans0m: Emerging hybrid ransomware with stealer...
Published 09/13/24
[Referências do Episódio]
DragonRank, a Chinese-speaking SEO manipulator service provider - https://blog.talosintelligence.com/dragon-rank-seo-poisoning/
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI - https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/
Targeted Iranian Attacks Against Iraqi Government Infrastructure - https://research.checkpoint.com/2024/iranian-malware-attacks-iraqi-government/
Cleaver...
Published 09/12/24
[Referências do Episódio]
Microsoft September 2024 Security Updates - https://answers.microsoft.com/en-us/windows/forum/all/microsoft-september-2024-security-updates/50243470-d3c3-46c2-acd1-7ecd4f3cf059
CISA Adds Four Known Exploited Vulnerabilities to Catalog - https://www.cisa.gov/news-events/alerts/2024/09/10/cisa-adds-four-known-exploited-vulnerabilities-catalog
Security Advisory EPM September 2024 for EPM 2024 and EPM 2022 -...
Published 09/11/24
[Referências do Episódio]
Earth Preta Evolves its Attacks with New Malware and Strategies - https://www.trendmicro.com/en_us/research/24/i/earth-preta-new-malware-and-strategies.html
MUSTANG PANDA - https://malpedia.caad.fkie.fraunhofer.de/actor/mustang_panda
A glimpse into the Quad7 operators’ next moves and associated botnets - https://blog.sekoia.io/a-glimpse-into-the-quad7-operators-next-moves-and-associated-botnets/
LET’S GO DOOR WITH KCP -...
Published 09/10/24
[Referências do Episódio]
SonicWall SNWLID-2024-0015 - SonicOS Improper Access Control Vulnerability - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
Chinese APT Abuses VSCode to Target Government in Asia - https://unit42.paloaltonetworks.com/stately-taurus-abuses-vscode-southeast-asian-espionage/
Visual Studio Code: embedded reverse shell and how to block, create Sentinel Detection, and add Environment Prevention — well more like ideas and concepts to prevent...
Published 09/09/24
[Referências do Episódio]
BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar - https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar
Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution - https://thehackernews.com/2024/09/apache-ofbiz-update-fixes-high-severity.html
Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command -...
Published 09/06/24
[Referências do Episódio]
- Cisco Smart Licensing Utility Vulnerabilities - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw
- Mallox ransomware: in-depth analysis and evolution - https://securelist.com/mallox-ransomware/113529/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Published 09/05/24
[Referências do Episódio]
Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion - https://www.trendmicro.com/en_us/research/24/i/earth-lusca-ktlvdoor.html
Earth Lusca - https://malpedia.caad.fkie.fraunhofer.de/actor/earth_lusca
Zyxel security advisory for OS command injection vulnerability in APs and security router devices -...
Published 09/04/24