682 - Vuln no GitHub Actions permite adulterar pacote no PyPI

Update: 2024-12-09

Description

[Referências do Episódio]

Compromised ultralytics PyPI package delivers crypto coinminer - https://www.reversinglabs.com/blog/compromised-ultralytics-pypi-package-delivers-crypto-coinminer

Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/

URL File NTLM Hash Disclosure Vulnerability (0day) - and Free Micropatches for it - https://blog.0patch.com/2024/12/url-file-ntlm-hash-disclosure.html

New Windows zero-day exposes NTLM credentials, gets unofficial patch - https://www.bleepingcomputer.com/news/security/new-windows-zero-day-exposes-ntlm-credentials-gets-unofficial-patch/

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

Comments

Top Podcasts

The Best New Comedy Podcast Right Now – June 2024 The Best News Podcast Right Now – June 2024 The Best New Business Podcast Right Now – June 2024 The Best New Sports Podcast Right Now – June 2024 The Best New True Crime Podcast Right Now – June 2024 The Best New Joe Rogan Experience Podcast Right Now – June 20 The Best New Dan Bongino Show Podcast Right Now – June 20 The Best New Mark Levin Podcast – June 2024

In Channel

688 - Documentado uso de malvertising em diversas campanhas

2024-12-1703:24

687 - Ataques de Password Spraying afetam o Netscaler

2024-12-1606:57

686 - Pumakit: descoberto novo rootkit para Linux

2024-12-1303:29

685 - Guerra de APTs: Secret Blizzard se infiltrou em outros dois grupos

2024-12-1206:22

684 - Patch tuesday de dezembro tem zero-day no Windows sendo explorado em ataques

2024-12-1104:37

683 - Glutton: novo loader instala backdoor do APT Winnti

2024-12-1003:31

682 - Vuln no GitHub Actions permite adulterar pacote no PyPI

2024-12-0904:01

681 - BlueAlpha abusa de Cloudflare em ataques na Ucrânia

2024-12-0604:56

680 - Guerra de APTs envolvendo russos e paquistaneses é documentada

2024-12-0506:11

679 - Vuln de 2014 no Cisco ASA passa a ser explorada

2024-12-0403:39

678 - O SmokeLoader ressurge

2024-12-0303:47

677 - Cresce o número de anúncios de jogos de apostas maliciosos

2024-12-0203:37

676 - 20 vulns são descobertas em wifi industrial

2024-11-2902:25

675 - UEFI bootkit para Linux é detectado

2024-11-2805:05

674 - Zero-days no Firefox e no Windows instalam malware RomCom

2024-11-2704:17

673 - Grupo hacktivista russo agora opera ransomware

2024-11-2605:29

672 - Trend detalha os recentes ataques do Salt Typhoon

2024-11-2505:05

671 - Mais de 2000 firewalls da Palo Alto já foram atacados com novos zero-days

2024-11-2207:33

670 - Apple corrige 2 zero-days

2024-11-2105:27

669 - Palo Alto identifica nova vulnerabilidade no software PAN-OS

2024-11-1903:25

00:00

1.0x

682 - Vuln no GitHub Actions permite adulterar pacote no PyPI

Tempest Security Intelligence

#box-pro-ellipsis-173449665167439{-webkit-line-clamp:2;}682 - Vuln no GitHub Actions permite adulterar pacote no PyPI

682 - Vuln no GitHub Actions permite adulterar pacote no PyPI

Tempest Security Intelligence

682 - Vuln no GitHub Actions permite adulterar pacote no PyPI