666 - Patch Tuesday: Microsoft corrige 4 zero-days
Description
[Referências do Episódio]
November 2024 Security Updates - https://msrc.microsoft.com/update-guide/releaseNote/2024-Nov
APSB24-77 : Security update available for Adobe Bridge - https://helpx.adobe.com/security/products/bridge/apsb24-77.html
APSB24-83 : Security update available for Adobe Audition - https://helpx.adobe.com/security/products/audition/apsb24-83.html
APSB24-85 : Security update available for Adobe After Effects - https://helpx.adobe.com/security/products/after_effects/apsb24-85.html
APSB24-86 : Security update available for Adobe Substance 3D Painter - https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html
APSB24-87 : Security update available for Adobe Illustrator - https://helpx.adobe.com/security/products/illustrator/apsb24-87.html
APSB24-88 : Security update available for Adobe InDesign - https://helpx.adobe.com/security/products/indesign/apsb24-88.html
APSB24-89 : Security update available for Adobe Photoshop - https://helpx.adobe.com/security/products/photoshop/apsb24-89.html
APSB24-90 : Security update available for Adobe Commerce - https://helpx.adobe.com/security/products/magento/apsb24-90.html
FG-IR-24-199 - Named Pipes Improper Access Control - https://fortiguard.fortinet.com/psirt/FG-IR-24-199
FG-IR-24-144 - Privilege escalation via lua auto patch function - https://fortiguard.fortinet.com/psirt/FG-IR-24-144
FG-IR-23-475 - FortiOS - SSLVPN session hijacking using SAML authentication - https://fortiguard.fortinet.com/psirt/FG-IR-23-475
FG-IR-23-396 - Readonly users could run some sensitive operations - https://fortiguard.fortinet.com/psirt/FG-IR-23-396
(non-US) DSL-6740C :: All H/W Revisions :: End-of-Life / End-of-Service :: CVE-2024-11068 - Unauthorized Configuration Access Vulnerability - https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10414
APT Actors Embed Malware within macOS Flutter Applications - https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI - https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/
Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity - https://research.checkpoint.com/2024/hamas-affiliated-threat-actor-expands-to-disruptive-activity/
LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign - https://blogs.blackberry.com/en/2024/11/lightspy-apt41-deploys-advanced-deepdata-framework-in-targeted-southern-asia-espionage-campaign
Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown) - https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia