Cyber Morning Call

[Referências do Episódio] Stable Channel Update for Desktop - https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html APT28 campaign targeting Polish government institutions - https://cert.pl/en/posts/2024/05/apt28-campaign/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] BIG VULNERABILITIES IN NEXT-GEN BIG-IP - https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/ Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution - https://blog.talosintelligence.com/vulnerability-roundup-zero-days-may-8-2024/ RemcosRAT Distributed Using Steganography - https://asec.ahnlab.com/en/65111/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] United States International Cyberspace & Digital Policy Strategy - https://www.state.gov/united-states-international-cyberspace-and-digital-policy-strategy/?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axioscodebook&stream=top zEus Stealer Distributed via Crafted Minecraft Source Pack - https://www.fortinet.com/blog/threat-research/zeus-stealer-distributed-via-crafted-minecraft-source-pack MITRE attributes the recent attack to China-linked UNC5221 - https://securityaffairs.com/162811/hacking/mitre-security-breach-china.html LockbitSupp identified as Dmitry Khoroshev and indicted for ransomware crimes - https://therecord.media/lockbitsupp-suspect-accused-lockbit-ransomware-gang Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Zscaler ThreatLabz 2024 VPN Risk Report with Cybersecurity Insiders - https://www.zscaler.com/campaign/threatlabz-vpn-risk-report TunnelVision (CVE-2024-3661): How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak - https://www.leviathansecurity.com/blog/tunnelvision Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Cyberangriffe auf die SPD und auf Rüstungs-, IT- und Luftfahrt­unternehmen sind APT 28 und damit dem russischen Militär­geheim­dienst GRU zuzuordnen - https://www.bmi.bund.de/SharedDocs/pressemitteilungen/DE/2024/05/aktuelle-Cyberangriffe.html Statement of the MFA on the Cyberattacks Carried by Russian Actor APT28 on Czechia - https://mzv.gov.cz/jnp/en/issues_and_press/press_releases/statement_of_the_mfa_on_the_cyberattacks.html CVE-2023-23397 - Microsoft Outlook Elevation of Privilege Vulnerability - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397 Kyberturvallisuuskeskuksen viikkokatsaus - 18/2024 - https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberturvallisuuskeskuksen-viikkokatsaus-182024 DNS traffic can leak outside the VPN tunnel on Android - https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] “Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps - https://www.microsoft.com/en-us/security/blog/2024/05/01/dirty-stream-attack-discovering-and-mitigating-a-common-vulnerability-pattern-in-android-apps/ HPE Aruba Networking Product Security Advisory - Advisory ID: ARUBA-PSA-2024-004 - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt Uncharmed: Untangling Iran's APT42 Operations - https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Eight Arms to Hold You: The Cuttlefish Malware - https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/ JFrog Security research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories - https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/ DEFENDING OT OPERATIONS AGAINST ONGOING PRO-RUSSIA HACKTIVIST ACTIVITY - https://media.defense.gov/2024/May/01/2003454817/-1/-1/0/DEFENDING-OT-OPERATIONS-AGAINST-ONGOING-PRO-RUSSIA-HACKTIVIST-ACTIVITY.PDF A recent security incident involving Dropbox Sign - https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Zloader Learns Old Tricks - https://www.zscaler.com/blogs/security-research/zloader-learns-old-tricks MUDDLING MEERKAT: THE GREAT FIREWALL MANIPULATOR- https://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/ Smart devices: new law helps citizens to choose secure products - https://www.ncsc.gov.uk/blog-post/smart-devices-law Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] How to Block Residential Proxies using Okta - https://sec.okta.com/blockanonymizers Cisco warns of large-scale brute-force attacks against VPN services - https://www.bleepingcomputer.com/news/security/cisco-warns-of-large-scale-brute-force-attacks-against-vpn-services/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Brokewell: do not go broke from new banking malware! - https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware WP Automatic WordPress plugin hit by millions of SQL injections attacks - https://www.bleepingcomputer.com/news/security/wp-automatic-wordpress-plugin-hit-by-millions-of-sql-injection-attacks/#google_vignette CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon - https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices - https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/ Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2 Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h Stable Channel Update for Desktop - Wednesday, April 24, 2024 - https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html Securonix Threat Research Security Advisory: Analysis of Ongoing FROZEN#SHADOW Attack Campaign Leveraging SSLoad Malware and RMM Software for Domain Takeover - https://www.securonix.com/blog/securonix-threat-research-security-advisory-frozenshadow-attack-campaign/ Unplugging PlugX: Sinkholing the PlugX USB worm botnet - https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Suspected CoralRaider continues to expand victimology using three information stealers - https://blog.talosintelligence.com/suspected-coralraider-continues-to-expand-victimology-using-three-information-stealers/ GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining - https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/ Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part One - https://www.elastic.co/security-labs/dissecting-remcos-rat-part-one Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Sistema de pagamentos do governo é invadido, e há suspeita de desvio de recursos - https://www1.folha.uol.com.br/mercado/2024/04/sistema-de-pagamentos-do-governo-e-invadido-e-ha-suspeita-de-desvio-de-recursos.shtml Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials - https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/ ToddyCat is making holes in your infrastructure - https://securelist.com/toddycat-traffic-tunneling-data-extraction-tools/112443/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] More on the PAN-OS CVE-2024-3400 - https://www.paloaltonetworks.com/blog/2024/04/more-on-the-pan-os-cve/ Diagrama da Fundação ShadowServer sobre a CVE-2024-3400 - https://dashboard.shadowserver.org/statistics/combined/map/?map_type=std&day=2024-04-18&source=http_vulnerable&source=http_vulnerable6&tag=possible-cve-2024-3400%2B&geo=all&data_set=count&scale=log GitHub comments abused to push malware via Microsoft repo URLs - https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Threat Group FIN7 Targets the U.S. Automotive Industry - https://blogs.blackberry.com/en/2024/04/fin7-targets-the-united-states-automotive-industry DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware - https://securelist.com/dunequixote/112425/ #StopRansomware: Akira Ransomware - https://www.cisa.gov/sites/default/files/2024-04/aa24-109a-stopransomware-akira-ransomware.pdf Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm - https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm Ivanti fixed two critical flaws in its Avalanche MDM - https://securityaffairs.com/161952/security/ivanti-avalanche-mdm-critical-flaws.html Cisco warns of large-scale brute-force attacks against VPN services - https://www.bleepingcomputer.com/news/security/cisco-warns-of-large-scale-brute-force-attacks-against-vpn-services/ Cisco Integrated Management Controller CLI Command Injection Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters - https://www.microsoft.com/en-us/security/blog/2024/04/17/attackers-exploiting-new-critical-openmetadata-vulnerabilities-on-kubernetes-clusters/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] - Exploit released for Palo Alto PAN-OS bug used in attacks, patch now - https://www.bleepingcomputer.com/news/security/exploit-released-for-palo-alto-pan-os-bug-used-in-attacks-patch-now/#google_vignette  - LeackyCLI: AWS and Google Cloud Command-Line Tools Can Expose Sensitive Credentials in Build Logs - https://orca.security/resources/blog/leakycli-aws-google-cloud-command-line-tools-can-expose-sensitive-credentials-build-logs/  - PuTTY vulnerability vuln-p521-bias - https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

[Referências do Episódio] SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/steganoamor-campaign-ta558-mass-attacking-companies-and-public-institutions-all-around-the-world/#id0 From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering - https://www.proofpoint.com/us/blog/threat-insight/social-engineering-dmarc-abuse-ta427s-art-information-gathering Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) - https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/ CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect - https://security.paloaltonetworks.com/CVE-2024-3400 Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 - https://unit42.paloaltonetworks.com/cve-2024-3400/ XenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142 - https://support.citrix.com/article/CTX633151/xenserver-and-citrix-hypervisor-security-update-for-cve202346842-cve20242201-and-cve202431142 Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker - https://blog.sucuri.net/2024/04/credit-card-skimmer-hidden-in-fake-facebook-pixel-tracker.html Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway - https://security.paloaltonetworks.com/CVE-2024-3400