Cyber Morning Call

[Referências do Episódio] Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 - https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/ VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) - https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 CVE-2024-10524 Wget Zero Day Vulnerability - https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/ Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape - https://www.proofpoint.com/us/blog/threat-insight/security-brief-clickfix-social-engineering-technique-floods-threat-landscape Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] PAN-SA-2024-0015 Critical Security Bulletin: Ensure Access to Management Interface is Secured - https://security.paloaltonetworks.com/PAN-SA-2024-0015  BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA - https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/  FG-IR-24-423 - Missing authentication in fgfmsd - https://fortiguard.fortinet.com/psirt/FG-IR-24-423  Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575 - https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/  Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices - https://www.trendmicro.com/en_us/research/24/k/water-barghest.html  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Emerging Threats: Cybersecurity Forecast 2025 - https://cloud.google.com/blog/topics/threat-intelligence/cybersecurity-forecast-2025/  The Problem with IoT Cloud-Connectivity and How it Exposed All OvrC Devices to Hijacking - https://claroty.com/team82/research/the-problem-with-iot-cloud-connectivity-and-how-it-exposed-all-ovrc-devices-to-hijacking  Global Companies Are Unknowingly Paying North Koreans: Here’s How to Catch Them - https://unit42.paloaltonetworks.com/north-korean-it-workers/  ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again - https://www.bitdefender.com/en-us/blog/businessinsights/shrinklocker-decryptor-from-friend-to-foe-and-back-again/  Critical bug in EoL D-Link NAS devices now exploited in attacks - https://www.bleepingcomputer.com/news/security/critical-bug-in-eol-d-link-nas-devices-now-exploited-in-attacks/  CVE-2024-43451: A New Zero-Day Vulnerability Exploited in the wild - https://www.clearskysec.com/0d-vulnerability-exploited-in-the_wild/  A three beats waltz: The ecosystem behind Chinese state-sponsored cyber threats - https://blog.sekoia.io/a-three-beats-waltz-the-ecosystem-behind-chinese-state-sponsored-cyber-threats/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] November 2024 Security Updates - https://msrc.microsoft.com/update-guide/releaseNote/2024-Nov  APSB24-77 : Security update available for Adobe Bridge - https://helpx.adobe.com/security/products/bridge/apsb24-77.html  APSB24-83 : Security update available for Adobe Audition - https://helpx.adobe.com/security/products/audition/apsb24-83.html  APSB24-85 : Security update available for Adobe After Effects - https://helpx.adobe.com/security/products/after_effects/apsb24-85.html APSB24-86 : Security update available for Adobe Substance 3D Painter - https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html  APSB24-87 : Security update available for Adobe Illustrator - https://helpx.adobe.com/security/products/illustrator/apsb24-87.html  APSB24-88 : Security update available for Adobe InDesign - https://helpx.adobe.com/security/products/indesign/apsb24-88.html APSB24-89 : Security update available for Adobe Photoshop - https://helpx.adobe.com/security/products/photoshop/apsb24-89.html  APSB24-90 : Security update available for Adobe Commerce - https://helpx.adobe.com/security/products/magento/apsb24-90.html  FG-IR-24-199 - Named Pipes Improper Access Control - https://fortiguard.fortinet.com/psirt/FG-IR-24-199  FG-IR-24-144 - Privilege escalation via lua auto patch function - https://fortiguard.fortinet.com/psirt/FG-IR-24-144  FG-IR-23-475 - FortiOS - SSLVPN session hijacking using SAML authentication - https://fortiguard.fortinet.com/psirt/FG-IR-23-475  FG-IR-23-396 - Readonly users could run some sensitive operations - https://fortiguard.fortinet.com/psirt/FG-IR-23-396  (non-US) DSL-6740C :: All H/W Revisions :: End-of-Life / End-of-Service :: CVE-2024-11068 - Unauthorized Configuration Access Vulnerability - https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10414  APT Actors Embed Malware within macOS Flutter Applications - https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/ ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI - https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/  Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity - https://research.checkpoint.com/2024/hamas-affiliated-threat-actor-expands-to-disruptive-activity/  LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign - https://blogs.blackberry.com/en/2024/11/lightspy-apt41-deploys-advanced-deepdata-framework-in-targeted-southern-asia-espionage-campaign  Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown) - https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Ymir: new stealthy ransomware in the wild - https://securelist.com/new-ymir-ransomware-found-in-colombia/114493/  0检测的Melofee 木马新变种曝光，专攻RHEL 7.9系统 - https://blog.xlab.qianxin.com/analysis_of_new_melofee_variant/  Trend Micro and Japanese Partners Reveal Hidden Connections Among SEO Malware Operations - https://www.trendmicro.com/en_us/research/24/k/seo-malware.html  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] VEEAM exploit seen used again with a new ransomware: “Frag” - https://news.sophos.com/en-us/2024/11/08/veeam-exploit-seen-used-again-with-a-new-ransomware-frag/  PAN-SA-2024-0015 Important Informational Bulletin: Ensure Access to Management Interface is Secured - https://security.paloaltonetworks.com/PAN-SA-2024-0015   Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns - https://thehackernews.com/2024/11/palo-alto-advises-securing-pan-os.html  QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns - https://securelist.com/cloudcomputating-qsc-framework/114438/  Breaking Down Earth Estries' Persistent TTPs in Prolonged Cyber Operations - https://www.trendmicro.com/en_us/research/24/k/breaking-down-earth-estries-persistent-ttps-in-prolonged-cyber-o.html  U.S. Officials Race to Understand Severity of China’s Salt Typhoon Hacks - https://www.wsj.com/politics/national-security/u-s-officials-race-to-understand-severity-of-chinas-salt-typhoon-hacks-6e7c3951  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence - https://www.sentinelone.com/labs/bluenoroff-hidden-risk-threat-actor-targets-macs-with-fake-crypto-news-and-novel-persistence/  The Lazarus Heist - https://www.bbc.co.uk/programmes/w13xtvg9/episodes/downloads   GuLoader: Evolving Tactics in Latest Campaign Targeting European Industry - https://www.cadosecurity.com/blog/guloader-targeting-european-industrial-companies  Silent Skimmer Gets Loud (Again) - https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/  Wish Stealer - https://www.cyfirma.com/research/wish-stealer/  Malicious PyPI Package 'Fabrice' Found Stealing AWS Keys from Thousands of Developers - https://thehackernews.com/2024/11/malicious-pypi-package-fabrice-found.html  U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog - https://securityaffairs.com/170673/security/u-s-cisa-adds-palo-alto-expedition-android-cyberpanel-and-nostromo-nhttpd-bugs-to-its-known-exploited-vulnerabilities-catalog.html  Unwrapping the emerging Interlock ransomware attack - https://blog.talosintelligence.com/emerging-interlock-ransomware/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Tempest Academy Conference 2024 - https://www.tempest.com.br/tempest_talk/tempest-academy-conference/  CVE-2024-20418 - Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point Command Injection Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs  Threat Campaign Spreads Winos4.0 Through Game Application - https://www.fortinet.com/blog/threat-research/threat-campaign-spreads-winos4-through-game-application  New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency - https://securelist.com/steelfox-trojan-drops-stealer-and-miner/114414/  (In)tuned to Takeovers: Abusing Intune Permissions for Lateral Movement and Privilege Escalation in Entra ID Native Environments - https://cloud.google.com/blog/topics/threat-intelligence/abusing-intune-permissions-entra-id-environments/  CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits - https://research.checkpoint.com/2024/massive-phishing-campaign-deploys-latest-rhadamanthys-version/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] INTERPOL cyber operation takes down 22,000 malicious IP addresses - https://www.interpol.int/News-and-Events/News/2024/INTERPOL-cyber-operation-takes-down-22-000-malicious-IP-addresses  Stable Channel Update for Desktop - Tuesday, November 5, 2024 - https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html  Joint ODNI, FBI, and CISA Statement - https://www.cisa.gov/news-events/news/joint-odni-fbi-and-cisa-statement-1  So far, no 'national-level significant incidents' on Election Day, CISA says - https://www.defenseone.com/threats/2024/11/cisa-has-not-clocked-any-national-level-significant-incidents-impacting-election-official-says/400833/   False bomb threats at polling sites only blemish on Election Day voting process - https://cyberscoop.com/fbi-bomb-threats-polling-sites-election-day-russia/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Tempest Academy Conference 2024 - https://www.tempest.com.br/tempest_talk/tempest-academy-conference/  CRON#TRAP: Emulated Linux Environments as the Latest Tactic in Malware Staging - https://www.securonix.com/blog/crontrap-emulated-linux-environments-as-the-latest-tactic-in-malware-staging/  Android Security Bulletin November 2024 - https://source.android.com/docs/security/bulletin/2024-11-01  Malware Analysis Report - Pygmy Goat - https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/pygmy-goat/ncsc-mar-pygmy-goat.pdf  ToxicPanda: a new banking trojan from Asia hit Europe and LATAM - https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam  Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT - https://research.checkpoint.com/2024/the-evolution-of-transparent-tribes-new-malware/  Supply Chain Attack Using Ethereum Smart Contracts to Distribute Multi-Platform Malware - https://checkmarx.com/blog/supply-chain-attack-using-ethereum-smart-contracts-to-distribute-multi-platform-malware/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] [TREND MICRO NO FORRESTER] - https://www.trendmicro.com/explore/forrester-wave-xdr/01054-v1-en-www  From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code - https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html  G700 : The Next Generation of Craxs RAT - https://www.cyfirma.com/research/g700-the-next-generation-of-craxs-rat/  The curious case of the 7777-Botnet - https://gi7w0rm.medium.com/the-curious-case-of-the-7777-botnet-86e3464c3ffd  7777-Botnet Infection Vectors - https://vulncheck.com/blog/ip-intel-7777-botnet  Solving the 7777 Botnet enigma: A cybersecurity quest - https://blog.sekoia.io/solving-the-7777-botnet-enigma-a-cybersecurity-quest/  A glimpse into the Quad7 operators’ next moves and associated botnets - https://blog.sekoia.io/a-glimpse-into-the-quad7-operators-next-moves-and-associated-botnets/  Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network - https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Tweet da LottieFiles sobre o comprometimento do Lottie-Player - https://x.com/LottieFiles/status/1851848602093777273  Hackers target critical zero-day vulnerability in PTZ cameras - https://www.bleepingcomputer.com/news/security/hackers-target-critical-zero-day-vulnerability-in-ptz-cameras/  Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files - https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Jumpy Pisces Engages in Play Ransomware - https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/  Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware - https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware/  EMERALDWHALE:  15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files - https://sysdig.com/blog/emeraldwhale/  Крысиный король: как Android-троян CraxsRAT ворует данные пользователей - https://www.facct.ru/blog/craxsrat/  “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack - https://labs.guard.io/crossbarking-exploiting-a-0-day-opera-vulnerability-with-a-cross-browser-extension-store-attack-db3e6d6e6aa8?source=rss-6a038e71ff0f------2  QNAP patches second zero-day exploited at Pwn2Own to get root - https://www.bleepingcomputer.com/news/security/qnap-patches-second-zero-day-exploited-at-pwn2own-to-get-root/  Cryptocurrency Enthusiasts Targeted in Multi-Vector Supply Chain Attack - https://checkmarx.com/blog/cryptocurrency-enthusiasts-targeted-in-multi-vector-supply-chain-attack/  Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages - https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Attacker Abuses Victim Resources to Reap Rewards from Titan Network - https://www.trendmicro.com/en_us/research/24/j/titan-network.html  CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server - https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html  CISA Releases Three Industrial Control Systems Advisories - https://www.cisa.gov/news-events/alerts/2024/10/29/cisa-releases-three-industrial-control-systems-advisories  Apple Releases Security Updates for Multiple Products - https://www.cisa.gov/news-events/alerts/2024/10/29/apple-releases-security-updates-multiple-products  Long Term Support Channel Update for ChromeOS - https://chromereleases.googleblog.com/2024/10/long-term-support-channel-update-for_29.html  Stable Channel Update for Desktop - https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html  Massive PSAUX ransomware attack targets 22,000 CyberPanel instances - https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Katz and Mouse Game: MaaS Infostealers Adapt to Patched Chrome Defenses - https://www.elastic.co/security-labs/katz-and-mouse-game  Redline, Meta infostealer malware operations seized by police - https://www.bleepingcomputer.com/news/legal/redline-meta-infostealer-malware-operations-seized-by-police/  Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives - https://cloud.google.com/blog/topics/threat-intelligence/russian-espionage-influence-ukrainian-military-recruits-anti-mobilization-narratives/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] An Update on Windows Downdate - https://www.safebreach.com/blog/update-on-windows-downdate-downgrade-attacks/ Introducing a New Vulnerability Class: False File Immutability - https://www.elastic.co/security-labs/false-file-immutability   Joint Statement by FBI and CISA on PRC Activity Targeting Telecommunications - https://www.cisa.gov/news-events/news/joint-statement-fbi-and-cisa-prc-activity-targeting-telecommunications  Chinese Hackers Are Said to Have Targeted Phones Used by Trump and Vance - https://www.nytimes.com/2024/10/25/us/politics/trump-vance-hack.html  Chinese hackers targeted Trump and Vance’s phone data - https://edition.cnn.com/2024/10/25/politics/chinese-hackers-targeted-trump-and-vances-phone-data/index.html  Chinese hackers said to have collected audio of American calls - https://www.washingtonpost.com/national-security/2024/10/27/chinese-hackers-cellphones-trump/  TeamTNT’s Docker Gatling Gun Campaign - https://www.aquasec.com/blog/threat-alert-teamtnts-docker-gatling-gun-campaign/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] New Qilin.B Ransomware Variant Boasts Enhanced Encryption and Defense Evasion - https://www.halcyon.ai/blog/new-qilin-b-ransomware-variant-boasts-enhanced-encryption-and-defense-evasion  CISA Adds Two Known Exploited Vulnerabilities to Catalog - https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-adds-two-known-exploited-vulnerabilities-catalog  AWS CDK Risk: Exploiting a Missing S3 Bucket Allowed Account Takeover - https://www.aquasec.com/blog/aws-cdk-risk-exploiting-a-missing-s3-bucket-allowed-account-takeover/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Ada Lovelace Day 2024 - https://www.even3.com.br/ada-lovelace-day-2024-tempest/  FG-IR-24-423 - CVE-2024-47575 - Missing authentication in fgfmsd - https://fortiguard.fortinet.com/psirt/FG-IR-24-423  CVE-2024-47575: Frequently Asked Questions About FortiJump Zero-Day in FortiManager and FortiManager Cloud - https://www.tenable.com/blog/cve-2024-47575-faq-about-fortijump-zero-day-in-fortimanager-fortimanager-cloud  Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575) - https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575/  CVE-2024-20424 - Cisco Secure Firewall Management Center Software Command Injection Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7  CVE-2024-20412 - Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100, and 4200 Series Static Credential Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5  Threat Spotlight: WarmCookie/BadSpace - https://blog.talosintelligence.com/warmcookie-analysis/  Highlighting TA866/Asylum Ambuscade Activity Since 2021 - https://blog.talosintelligence.com/highlighting-ta866-asylum-ambuscade/  Embargo ransomware: Rock’n’Rust - https://www.welivesecurity.com/en/eset-research/embargo-ransomware-rocknrust/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] Akira ransomware continues to evolve - https://blog.talosintelligence.com/akira-ransomware-continues-to-evolve/ The Silent Game: Sophisticated threat actors targeting gambling industry - https://www.securityjoes.com/post/the-silent-game-sophisticated-threat-actors-targeting-gambling-industry Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia