Cyber Morning Call

[Referências do Episódio] Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain - https://www.recordedfuture.com/research/reddelta-chinese-state-sponsored-group-targets-mongolia-taiwan-southeast-asia  Banshee: The Stealer That “Stole Code” From MacOS XProtect - https://research.checkpoint.com/2025/banshee-macos-stealer-that-stole-code-from-macos-xprotect/  The Hunt for RedCurl - https://www.huntress.com/blog/the-hunt-for-redcurl-2  Ecovacs robot vacuums get hacked - https://www.kaspersky.com/blog/ecovacs-robot-vacuums-hacked-in-real-life/52837/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-0282, CVE-2025-0283) - https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US  Security Update: Ivanti Connect Secure, Policy Secure and Neurons for ZTA Gateways - https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways  SonicWall warns of an exploitable SonicOS vulnerability - https://securityaffairs.com/172823/security/sonicwall-sonicos-authentication-bypass-flaw.html  Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit - https://www.trendmicro.com/en_us/research/25/a/information-stealer-masquerades-as-ldapnightmare-poc-exploit.html  Backdooring Your Backdoors - Another $20 Domain, More Governments - https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/  PAN-SA-2025-0001 Expedition: Multiple Vulnerabilities in Expedition Migration Tool Lead to Exposure of Firewall Credentials - https://security.paloaltonetworks.com/PAN-SA-2025-0001  2025-01 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 24.1R2 release - https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release?language=en_US  2025-01 Security Bulletin: Junos OS and Junos OS Evolved: Multiple vulnerabilities resolved in OpenSSH - https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSH?language=en_US  2025-01 Security Bulletin: Junos OS and Junos OS Evolved: When BGP traceoptions are configured, receipt of malformed BGP packets causes RPD to crash (CVE-2025-21598) - https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-traceoptions-are-configured-receipt-of-malformed-BGP-packets-causes-RPD-to-crash-CVE-2025-21598?language=en_US  2025-01 Security Bulletin: Junos OS Evolved: Receipt of specifically malformed IPv6 packets causes kernel memory exhaustion leading to Denial of Service (CVE-2025-21599) - https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-Evolved-Receipt-of-specifically-malformed-IPv6-packets-causes-kernel-memory-exhaustion-leading-to-Denial-of-Service-CVE-2025-21599?language=en_US  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Android Security Bulletin January 2025 - https://source.android.com/docs/security/bulletin/2025-01-01 MediaTek reveals host of security vulnerabilities, so patch now - https://www.techradar.com/pro/security/mediatek-reveals-host-of-security-vulnerabilities-so-patch-now Genetic Engineering Meets Reverse Engineering: DNA Sequencer's Vulnerable BIOS - https://eclypsium.com/blog/genetic-engineering-meets-reverse-engineering-dna-sequencers-vulnerable-bios/ Tracking Deployment of Russian Surveillance Technologies in Central Asia and Latin America - https://go.recordedfuture.com/hubfs/reports/ta-ru-2025-0107.pdf CISA Adds Three Known Exploited Vulnerabilities to Catalog - https://www.cisa.gov/news-events/alerts/2025/01/07/cisa-adds-three-known-exploited-vulnerabilities-catalog Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Gayfemboy：一个利用四信工业路由0DAY传播的僵尸网络 - https://blog.xlab.qianxin.com/gayfemboy/  Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers - https://thehackernews.com/2025/01/moxa-alerts-users-to-high-severity.html  CISA Update on Treasury Breach - https://www.cisa.gov/news-events/news/cisa-update-treasury-breach  Nota de falecimento: Danton Nunes, pioneiro da Internet no Brasil - https://nic.br/noticia/notas/nota-de-falecimento-danton-nunes-pioneiro-da-internet-no-brasil/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49113 - https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49113/  Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the Popular Vulnerability Scanner (CVE-2024-43405) - https://www.wiz.io/blog/nuclei-signature-verification-bypass  EAGERBEE, with updated and novel components, targets the Middle East - https://securelist.com/eagerbee-backdoor/115175/  Tenable Chairman and CEO Amit Yoran Has Died - https://www.tenable.com/blog/tenable-chairman-and-ceo-amit-yoran-has-died  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] NonEuclid Remote Access Trojan - https://www.cyfirma.com/research/noneclid-rat/  HIGH: Vulnerable POP3 Report - https://www.shadowserver.org/what-we-do/network-reporting/vulnerable-pop3-report/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Treasury says Chinese hackers remotely accessed documents in 'major' cyber incident - https://www.npr.org/2024/12/31/nx-s1-5243850/china-hacking-treasury-cyber-security  Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents - https://thehackernews.com/2024/12/chinese-apt-exploits-beyondtrust-api.html  Beijing denies involvement in US treasury cyber-attack - https://www.theguardian.com/technology/2024/dec/31/beijing-denies-involvement-in-us-treasury-cyber-attack  Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability - https://unit42.paloaltonetworks.com/multi-turn-technique-jailbreaks-llms/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Cyberhaven’s Chrome extension security incident and what we’re doing about it - https://www.cyberhaven.com/blog/cyberhavens-chrome-extension-security-incident-and-what-were-doing-about-it  16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft - https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html  Inside FireScam : An Information Stealer with Spyware Capabilities - https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/  Four-Faith Industrial Router CVE-2024-12856 Exploited in the Wild - https://vulncheck.com/blog/four-faith-cve-2024-12856  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Botnets Continue to Target Aging D-Link Vulnerabilities - https://www.fortinet.com/blog/threat-research/botnets-continue-to-target-aging-d-link-vulnerabilities  Contagious Interviewが使用する新たなマルウェアOtterCookieについて - https://polite-sea-077fba000.1.azurestaticapps.net/tech_blog/contagious-interview-ottercookie  CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet - https://security.paloaltonetworks.com/CVE-2024-3393  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Security updates available for Adobe ColdFusion | APSB24-107 - https://helpx.adobe.com/security/products/coldfusion/apsb24-107.html  [SECURITY] CVE-2024-56337 Apache Tomcat - RCE via write-enabled default servlet - CVE-2024-50379 mitigation was incomplete - https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp  CVE-2024-45387: Apache Traffic Control: SQL Injection in Traffic Ops endpoint PUT deliveryservice_request_comments - https://lists.apache.org/thread/t38nk5n7t8w3pb66z7z4pqfzt4443trr  Analyzing Malicious Intent in Python Code: A Case Study - https://www.fortinet.com/blog/threat-research/analyzing-malicious-intent-in-python-code  Cloud Atlas seen using a new tool in its attacks - https://securelist.com/cloud-atlas-attacks-with-new-backdoor-vbcloud/115103/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Sophos discloses critical Firewall remote code execution flaw - https://www.bleepingcomputer.com/news/security/sophos-discloses-critical-firewall-remote-code-execution-flaw/  Lazarus group evolves its infection chain with old and new malware - https://securelist.com/lazarus-new-malware/115059/  Now You See Me, Now You Don’t: Using LLMs to Obfuscate Malicious JavaScript - https://unit42.paloaltonetworks.com/using-llms-obfuscate-malicious-javascript/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio]Python-Based NodeStealer Version Targets Facebook Ads Manager - ⁠https://www.trendmicro.com/en_us/research/24/l/python-based-nodestealer.html⁠ NotLockBit: A Deep Dive Into the New Ransomware Threat - ⁠https://blog.qualys.com/vulnerabilities-threat-research/2024/12/18/notlockbit-a-deep-dive-into-the-new-ransomware-threat⁠ A new playground: Malicious campaigns proliferate from VSCode to npm - ⁠https://www.reversinglabs.com/blog/a-new-playground-malicious-campaigns-proliferate-from-vscode-to-npm⁠ CVE-2023-34990 - [FortiWLM] Unauthenticated limited file read vulnerability - ⁠https://fortiguard.fortinet.com/psirt/FG-IR-23-144⁠ CVE-2024-48889 - OS command injection - ⁠https://fortiguard.fortinet.com/psirt/FG-IR-24-425⁠ CVE-2024-50570 - Credentials can be dumped from memory - ⁠https://fortiguard.fortinet.com/psirt/FG-IR-23-278⁠ Roteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

[Referências do Episódio] S2-067 - CVE-2024-53677 - https://cwiki.apache.org/confluence/display/WW/S2-067  New critical Apache Struts flaw exploited to find vulnerable servers - https://www.bleepingcomputer.com/news/security/new-critical-apache-struts-flaw-exploited-to-find-vulnerable-servers/  2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged - https://supportportal.juniper.net/s/article/2024-12-Reference-Advisory-Session-Smart-Router-Mirai-malware-found-on-systems-when-the-default-password-remains-unchanged?language=en_US  Hidden in Plain Sight: TA397’s New Attack Chain Delivers Espionage RATs - https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats  Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks - https://www.trendmicro.com/en_us/research/24/l/earth-koshchei.html  TAG Bulletin: Q4 2024 - https://blog.google/threat-analysis-group/tag-bulletin-q4-2024/  Effective Phishing Campaign Targeting European Companies and Institutions - https://unit42.paloaltonetworks.com/european-phishing-campaign/  BADBOX Botnet Is Back - https://www.bitsight.com/blog/badbox-botnet-back  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] ESET Threat Report H2 2024 - https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2024/ “DeceptionAds” - Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising - https://labs.guard.io/deceptionads-fake-captcha-driving-infostealer-infections-and-a-glimpse-to-the-dark-side-of-0c516f4dc0b6 CoinLurker: The Stealer Powering the Next Generation of Fake Updates - https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates Technical Analysis of RiseLoader - https://www.zscaler.com/blogs/security-research/technical-analysis-riseloader Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Password spraying attacks on NetScaler/NetScaler Gateway – December 2024 - https://www.citrix.com/blogs/2024/12/13/password-spraying-attacks-netscaler-december-2024 The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit - https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html  NodeLoader Exposed: The Node.js Malware Evading Detection - https://www.zscaler.com/blogs/security-research/nodeloader-exposed-node-js-malware-evading-detection  Clop ransomware claims responsibility for Cleo data theft attacks - https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-responsibility-for-cleo-data-theft-attacks/  New Yokai Side-loaded Backdoor Targets Thai Officials - https://www.netskope.com/blog/new-yokai-side-loaded-backdoor-targets-thai-officials  Getting a taste of your own medicine: Threat actor MUT-1244 targets offensive actors, leaking hundreds of thousands of credentials - https://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Declawing PUMAKIT - https://www.elastic.co/security-labs/declawing-pumakit#stage-2-memory-resident-executables-overview  CVE-2024-49071 - Windows Defender Information Disclosure Vulnerability - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49071  CVE-2024-49147 - Vulnerabilidade de elevação de privilégio do Catálogo do Microsoft Update - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49147  Careto is back: what’s new after 10 years of silence? - https://securelist.com/careto-is-back/114942/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine - https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/  Lookout Discovers New Chinese Surveillance Tool Used by Public Security Bureaus - https://www.lookout.com/threat-intelligence/article/eaglemsgspy-chinese-android-surveillanceware  Likely China-based Attackers Target High-profile Organizations in Southeast Asia - https://www.security.com/threat-intelligence/china-southeast-asia-espionage  Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation - https://www.akamai.com/blog/security-research/2024-december-windows-ui-automation-attack-technique-evades-edr  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Atualizações de Segurança de dezembro de 2024 - https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec  December Security Update - https://www.ivanti.com/blog/december-security-update  SAP Security Patch Day – December 2024 - https://support.sap.com/en/my-support/knowledge-base/security-notes-news/december-2024.html  CISA Releases Seven Industrial Control Systems Advisories - https://www.cisa.gov/news-events/alerts/2024/12/10/cisa-releases-seven-industrial-control-systems-advisories  AppLite: A New AntiDot Variant Targeting Mobile Employee Devices - https://www.zimperium.com/blog/applite-a-new-antidot-variant-targeting-mobile-employee-devices/  Inside Zloader’s Latest Trick: DNS Tunneling - https://www.zscaler.com/blogs/security-research/inside-zloader-s-latest-trick-dns-tunneling  Silent Push Unwraps the AIZ—Aggressive Inventory Zombies—Retail & Crypto Phishing Network Campaign - https://www.silentpush.com/blog/aiz-retail-crypto-phishing/  Inside a New OT/IoT Cyberweapon: IOCONTROL - https://claroty.com/team82/research/inside-a-new-ot-iot-cyber-weapon-iocontrol  Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels - https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] 黑白通吃：Glutton木马潜伏主流PHP框架，隐秘侵袭长达1年 - https://blog.xlab.qianxin.com/glutton_stealthily_targets_mainstream_php_frameworks/  Threat Advisory: Oh No Cleo! Cleo Software Actively Being Exploited in the Wild - https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild Cleo Product Security Advisory - CVE-2024-50623 - https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory-CVE-2024-50623  MC LR Router and GoCast unpatched vulnerabilities - https://blog.talosintelligence.com/mc-lr-router-and-gocast-zero-day-vulnerabilities-2/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Compromised ultralytics PyPI package delivers crypto coinminer - https://www.reversinglabs.com/blog/compromised-ultralytics-pypi-package-delivers-crypto-coinminer  Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/  URL File NTLM Hash Disclosure Vulnerability (0day) - and Free Micropatches for it - https://blog.0patch.com/2024/12/url-file-ntlm-hash-disclosure.html  New Windows zero-day exposes NTLM credentials, gets unofficial patch - https://www.bleepingcomputer.com/news/security/new-windows-zero-day-exposes-ntlm-credentials-gets-unofficial-patch/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia