November 13, 2024

666 - Patch Tuesday: Microsoft corrige 4 zero-days

5 minutes

[Referências do Episódio]

November 2024 Security Updates - https://msrc.microsoft.com/update-guide/releaseNote/2024-Nov

APSB24-77 : Security update available for Adobe Bridge - https://helpx.adobe.com/security/products/bridge/apsb24-77.html

APSB24-83 : Security update available for Adobe Audition - https://helpx.adobe.com/security/products/audition/apsb24-83.html

APSB24-85 : Security update available for Adobe After Effects - https://helpx.adobe.com/security/products/after_effects/apsb24-85.html

APSB24-86 : Security update available for Adobe Substance 3D Painter - https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html

APSB24-87 : Security update available for Adobe Illustrator - https://helpx.adobe.com/security/products/illustrator/apsb24-87.html

APSB24-88 : Security update available for Adobe InDesign - https://helpx.adobe.com/security/products/indesign/apsb24-88.html

APSB24-89 : Security update available for Adobe Photoshop - https://helpx.adobe.com/security/products/photoshop/apsb24-89.html

APSB24-90 : Security update available for Adobe Commerce - https://helpx.adobe.com/security/products/magento/apsb24-90.html

FG-IR-24-199 - Named Pipes Improper Access Control - https://fortiguard.fortinet.com/psirt/FG-IR-24-199

FG-IR-24-144 - Privilege escalation via lua auto patch function - https://fortiguard.fortinet.com/psirt/FG-IR-24-144

FG-IR-23-475 - FortiOS - SSLVPN session hijacking using SAML authentication - https://fortiguard.fortinet.com/psirt/FG-IR-23-475

FG-IR-23-396 - Readonly users could run some sensitive operations - https://fortiguard.fortinet.com/psirt/FG-IR-23-396

(non-US) DSL-6740C :: All H/W Revisions :: End-of-Life / End-of-Service :: CVE-2024-11068 - Unauthorized Configuration Access Vulnerability - https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10414

APT Actors Embed Malware within macOS Flutter Applications - https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI - https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/

Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity - https://research.checkpoint.com/2024/hamas-affiliated-threat-actor-expands-to-disruptive-activity/

LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign - https://blogs.blackberry.com/en/2024/11/lightspy-apt41-deploys-advanced-deepdata-framework-in-targeted-southern-asia-espionage-campaign

Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown) - https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

...more

View all episodes

By Tempest Security Intelligence