Share Cyber Morning Call
Share to email
Share to Facebook
Share to X
By Tempest Security Intelligence
The podcast currently has 637 episodes available.
[Referências do Episódio]
CUPS flaws enable Linux remote code execution, but there’s a catch - https://www.bleepingcomputer.com/news/security/cups-flaws-enable-linux-remote-code-execution-but-theres-a-catch/
HPE patches three critical security holes in Aruba PAPI - https://www.theregister.com/2024/09/26/hpe_aruba_patch_papi/
Storm-0501: Ransomware attacks expanding to hybrid cloud environments - https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/
Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0 - https://go.recordedfuture.com/hubfs/reports/mtp-2024-0926.pdf
Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse - https://www.elastic.co/security-labs/betting-on-bots
Nexe Backdoor Unleashed: Patchwork APT Group’s Sophisticated Evasion of Defenses - https://cyble.com/blog/nexe-backdoor-unleashed-patchwork-apt-groups-sophisticated-evasion-of-defenses/
Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam - https://blog.talosintelligence.com/simple-mail-transfer-pirates/
Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy - https://unit42.paloaltonetworks.com/kimsuky-new-keylogger-backdoor-variant/
Wallet Scam: A Case Study in Crypto Drainer Tactics - https://research.checkpoint.com/2024/walletconnect-scam-a-case-study-in-crypto-drainer-tactics/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
[Referências do Episódio]
BBTok Targeting Brazil: Deobfuscating the .NET Loader with dnlib and PowerShell - https://www.gdatasoftware.com/blog/2024/09/38039-bbtok-deobfuscating-net-loader#c235408
SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites - https://blog.sekoia.io/silentselfie-uncovering-a-major-watering-hole-campaign-against-kurdish-websites/
LummaC2: Obfuscation Through Indirect Control Flow - https://cloud.google.com/blog/topics/threat-intelligence/lummac2-obfuscation-through-indirect-control-flow/
Inside the Dragon: DragonForce Ransomware Group - https://www.group-ib.com/blog/dragonforce-ransomware/
Mist: RADIUS Protocol Vulnerability (Blast-RADIUS) (CVE-2024-3596) - https://supportportal.juniper.net/s/article/Mist-RADIUS-Protocol-Vulnerability-Blast-RADIUS-CVE-2024-3596?language=en_US
Cisco Catalyst SD-WAN Routers Denial of Service Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-utd-dos-hDATqxs
Cisco IOS XE Software for Wireless Controllers CWA Pre-Authentication ACL Bypass Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-cwa-acl-nPSbHSnA
Cisco Catalyst Center Static SSH Host Key Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ssh-e4uOdASj
Cisco IOS XE Software IPv4 Fragmentation Reassembly Denial of Service Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpp-vfr-dos-nhHKGgO
Cisco IOS and IOS XE Software Resource Reservation Protocol Denial of Service Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rsvp-dos-OypvgVZf
Cisco IOS XE Software Protocol Independent Multicast Denial of Service Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pim-APbVfySJ
Cisco IOS Software on Cisco Industrial Ethernet Series Switches Access Control List Bypass Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-repacl-9eXgnBpD
Cisco IOS and IOS XE Software Web UI Cross-Site Request Forgery Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-HfwnRgk
Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sda-edge-dos-MBcbG9k
Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-csrf-ycUYxkKO
Cisco IOS XE Software HTTP Server Telephony Services Denial of Service Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-httpsrvr-dos-yOZThut
Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023 - https://web-assets.esetstatic.com/wls/en/papers/white-papers/cyberespionage-gamaredon-way.pdf
From 12 to 21: how we discovered connections between the Twelve and BlackJack groups - https://securelist.com/blackjack-hacktivists-connection-with-twelve/113959/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
[Referências do Episódio]
How the Necro Trojan infected 11 million Android users - https://www.kaspersky.com/blog/necro-infects-android-users/52201/
Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware - https://www.sentinelone.com/labs/kryptina-raas-from-unsellable-cast-off-to-enterprise-ransomware/
Inside SnipBot: The Latest RomCom Malware Variant - https://unit42.paloaltonetworks.com/snipbot-romcom-malware-variant/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
[Referências do Episódio]
How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections - https://www.trendmicro.com/en_us/research/24/i/how-ransomhub-ransomware-uses-edrkillshifter-to-disable-edr-and-.html
-=TWELVE=- is back - https://securelist.com/twelve-group-unified-kill-chain/113877/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
[Referências do Episódio]
Evolução e adaptação: nova variante do Grandoreiro afeta 4 mil entidades em todo o mundo - https://sidechannel.blog/evolucao-e-adaptacao-nova-variante-do-grandoreiro-afeta-4-mil-entidades-em-todo-o-mundo/
New Banking Trojan “CHAVECLOAK” Targets Brazil - https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance - https://www.cisa.gov/news-events/alerts/2024/09/19/ivanti-releases-admin-bypass-security-update-cloud-services-appliance
UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks - https://cloud.google.com/blog/topics/threat-intelligence/unc1860-iran-middle-eastern-networks/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
[Referências do Episódio]
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC - https://www.trendmicro.com/en_us/research/24/i/earth-baxia-spear-phishing-and-geoserver-exploit.html
GrimResource - Microsoft Management Console for initial access and evasion - https://www.elastic.co/security-labs/grimresource
Hijack Execution Flow: AppDomainManager - https://attack.mitre.org/techniques/T1574/014/
Derailing the Raptor Train - https://blog.lumen.com/derailing-the-raptor-train/
Exotic SambaSpy is now dancing with Italian users - https://securelist.com/sambaspy-rat-targets-italian-users/113851/
GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions - https://thehackernews.com/2024/09/gitlab-patches-critical-saml.html
Global Coalition Takes Down New Criminal Communication Platform - https://www.europol.europa.eu/media-press/newsroom/news/global-coalition-takes-down-new-criminal-communication-platform
Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware - https://www.bleepingcomputer.com/news/microsoft/microsoft-vanilla-tempest-hackers-hit-healthcare-with-inc-ransomware/
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors - https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/
WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution - https://blog.sekoia.io/webdav-as-a-service-uncovering-the-infrastructure-behind-emmenhtal-loader-distribution/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
[Referências do Episódio]
Hezbollah blames Israel after pager explosions kill nine and injure thousands in Lebanon - https://www.bbc.com/news/articles/cd7xnelvpepo
How did Hezbollah’s pagers explode in Lebanon? - https://www.aljazeera.com/news/2024/9/17/how-did-hezbollahs-pagers-explode-in-lebanon
Hezbollah Pagers Explode in Apparent Attack Across Lebanon - https://www.wsj.com/world/middle-east/hundreds-of-hezbollah-operatives-pagers-explode-in-apparent-attack-across-lebanon-cf31cad4
Exploding pager analysis, construction company vulnerability, cyberattack job loss - https://open.spotify.com/episode/7uRZpzT8yLejjYbpAyCjoB?si=CpzZ15uyT-y17EaQ50n5CQ
Hezbollah pager explosions, if caused by the Mossad, would be a big escalation - https://www.theguardian.com/world/2024/sep/17/hezbollah-pager-explosions-if-caused-by-the-mossad-would-be-a-big-escalation
VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) - https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
“Marko Polo” Navigates Uncharted Waters With Infostealer Empire - https://go.recordedfuture.com/hubfs/reports/cta-2024-0917.pdf
Storm clouds on the horizon: Resurgence of TeamTNT? - https://www.group-ib.com/blog/teamtnt/
An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader - https://cloud.google.com/blog/topics/threat-intelligence/unc2970-backdoor-trojanized-pdf-reader/
Code of Conduct: DPRK’s Python- fueled intrusions into secured networks - https://www.elastic.co/security-labs/dprk-code-of-conduct
Analysis of Fox Kitten Infrastructure Reveals Unique Host Patterns and Potentially New IOCs - https://censys.com/analysis-of-fox-kitten-infrastructure-reveals-unique-host-patterns-and-potentially-new-iocs/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
[Referências do Episódio]
DIR-X4860 / DIR-X5460 / COVR-X1870 :: TWCERT - TVN-202409021 / TVN-202409022 / TVN-202409023 / TVN-202409024 / TVN-202429025 Vulnerabilities reports - https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10412
SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks - https://thehackernews.com/2024/09/solarwinds-issues-patch-for-critical.html
Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024 - https://securityaffairs.com/168467/hacking/windows-cve-2024-43461-actively-exploited-before-july-2024.html
CISA Adds Two Known Exploited Vulnerabilities to Catalog - https://www.cisa.gov/news-events/alerts/2024/09/16/cisa-adds-two-known-exploited-vulnerabilities-catalog
CloudImposer: Executing Code on Millions of Google Servers with a Single Malicious Package - https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package
About the security content of macOS Sequoia 15 - https://support.apple.com/pt-br/121238
About the security content of tvOS 18 - https://support.apple.com/pt-br/121248
About the security content of visionOS 2 - https://support.apple.com/pt-br/121249
About the security content of watchOS 11 - https://support.apple.com/pt-br/121240
About the security content of Safari 18 - https://support.apple.com/pt-br/121241
About the security content of Xcode 16 - https://support.apple.com/pt-br/121239
About the security content of iOS 17.7 and iPadOS 17.7 - https://support.apple.com/pt-br/121246
About the security content of macOS Sonoma 14.7 - https://support.apple.com/pt-br/121247
About the security content of macOS Ventura 13.7 - https://support.apple.com/pt-br/121234
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
[Referências do Episódio]
[TREND MICRO NO FORRESTER] - https://www.trendmicro.com/explore/forrester-wave-xdr/01054-v1-en-www
Security Advisory Ivanti Cloud Service Appliance (CSA) (CVE-2024-8190) - https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US
Attacking PowerShell CLIXML Deserialization - https://www.truesec.com/hub/blog/attacking-powershell-clixml-deserialization
Gomorrah Stealer v5.1: An In-Depth Analysis of a .NET-Based Malware - https://www.cyfirma.com/research/gomorrah-stealer-v5-1-an-in-depth-analysis-of-a-net-based-malware/
CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective - https://www.cybereason.com/blog/cuckoo-spear-analyzing-noopdoor
Stealthy Fileless Attack Targets Attendees of Upcoming US-Taiwan Defense Industry Event - https://cyble.com/blog/stealthy-fileless-attack-targets-attendees-of-us-taiwan-defense-industry-event/
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers - https://thehackernews.com/2024/09/apple-vision-pro-vulnerability-exposed.html
Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Media - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/distributed-denial-of-truth-ddot-the-mechanics-of-influence-operations-and-the-weaponization-of-social-media/
CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability - https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
[Referências do Episódio]
Void captures over a million Android TV boxes - https://news.drweb.com/show/?i=14900&lng=en
Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide - https://thehackernews.com/2024/09/beware-new-vo1d-malware-infects-13.html
Ransomware: Attacks Once More Nearing Peak Levels - https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomware-attacks-rebound
Crystal Rans0m: Emerging hybrid ransomware with stealer capabilities - https://outpost24.com/blog/crystal-ransom-hybrid-ransomware/
Hadooken Malware Targets Weblogic Applications - https://www.aquasec.com/blog/hadooken-malware-targets-weblogic-applications/
Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities - https://www.trendmicro.com/en_us/research/24/i/whatsup-gold-rce.html
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
The podcast currently has 637 episodes available.
1,008 Listeners
180 Listeners
7 Listeners
163 Listeners
88 Listeners
63 Listeners
18 Listeners
202 Listeners
55 Listeners
47 Listeners
141 Listeners
0 Listeners
17 Listeners
15 Listeners
0 Listeners