[Referências do Episódio]

Spinning YARN - A New Linux Malware Campaign Targets Docker, Apache Hadoop, Redis and Confluence - https://www.cadosecurity.com/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence/ 

Unveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence - https://www.trendmicro.com/en_us/research/24/c/unveiling-earth-kapre-aka-redcurls-cyberespionage-tactics-with-t.html  

z0Miner Exploits Korean Web Servers to Attack WebLogic Server - https://asec.ahnlab.com/en/62564/

About the security content of iOS 17.4 and iPadOS 17.4 - https://support.apple.com/en-us/HT214081 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

ComPromptMized: Unleashing Zero-click Worms that Target GenAI-Powered Applications - https://sites.google.com/view/compromptmized 

TODDLERSHARK: ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant - https://www.kroll.com/en/insights/publications/cyber/screenconnect-vulnerability-exploited-to-deploy-babyshark 

VMware VMSA-2024-0006.1 - https://www.vmware.com/security/advisories/VMSA-2024-0006.html 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

New Banking Trojan “CHAVECLOAK” Targets Brazil - https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil 

Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO - https://www.trendmicro.com/en_us/research/24/c/multistage-ra-world-ransomware.html 

BlackCat ransomware turns off servers amid claim they stole $22 million ransom - https://www.bleepingcomputer.com/news/security/blackcat-ransomware-turns-off-servers-amid-claim-they-stole-22-million-ransom/ 

TA577’s Unusual Attack Chain Leads to NTLM Data Theft - https://www.proofpoint.com/us/blog/threat-insight/ta577s-unusual-attack-chain-leads-ntlm-data-theft

Additional Critical Security Issues Affecting TeamCity On-Premises (CVE-2024-27198 and CVE-2024-27199) – Update to 2023.11.4 Now - https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/ 

Vulnerabilidades de controle de acesso encontradas em interfaces web de roteadores da Multilaser - https://sidechannel.blog/vulnerabilidades-de-controle-de-acesso-encontradas-em-interfaces-web-de-roteadores-da-multilaser/ 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

CryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack - https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kit 

New Wave of SocGholish Infections Impersonates WordPress Plugins - https://blog.sucuri.net/2024/03/new-wave-of-socgholish-infections-impersonates-wordpress-plugins.html 

The Art of Domain Deception: Bifrost's New Tactic to Deceive Users - https://unit42.paloaltonetworks.com/new-linux-variant-bifrost-malware/ 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Meet Silver SAML: Golden SAML in the Cloud - https://www.semperis.com/blog/meet-silver-saml/ 

#StopRansomware: Phobos Ransomware - https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a 

Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways - https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b 

North Korean hackers exploit Windows zero-day flaw - https://therecord.media/north-korean-hackers-windows-zero-day 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

When Cats Fly: Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors - https://www.mandiant.com/resources/blog/suspected-iranian-unc1549-targets-israel-middle-east 

TimbreStealer campaign targets Mexican users with financial lures - https://blog.talosintelligence.com/timbrestealer-campaign-targets-mexican-users/ 

One year later, Rhadamanthys is still dropped via malvertising - https://www.malwarebytes.com/blog/threat-intelligence/2024/02/one-year-later-rhadamanthys-is-still-dropped-via-malvertising 

Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations - https://www.ic3.gov/Media/News/2024/240227.pdf 

BEWARE THE SHALLOW WATERS: SAVVY SEAHORSE LURES VICTIMS TO FAKE INVESTMENT PLATFORMS THROUGH FACEBOOK ADS - https://blogs.infoblox.com/cyber-threat-intelligence/beware-the-shallow-waters-savvy-seahorse-lures-victims-to-fake-investment-platforms-through-facebook-ads/

O que é um registro de DNS CNAME? - https://www.cloudflare.com/pt-br/learning/dns/dns-records/dns-cname-record/ 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities - https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html

When Stealers Converge: New Variant of Atomic Stealer in the Wild - https://www.bitdefender.com/blog/labs/when-stealers-converge-new-variant-of-atomic-stealer-in-the-wild/

XSS Vulnerability in LiteSpeed Cache Plugin Affecting 4+ Million Sites - https://patchstack.com/articles/xss-vulnerability-in-litespeed-cache-plugin-affecting-4-million-sites/

An educational robot security research - https://securelist.com/smart-robot-security-research/111938/

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT’s Variant) - https://asec.ahnlab.com/en/62144/

Unveiling UAC-0184: The Steganography Saga of the IDAT Loader Delivering RemcosRAT to a Ukraine Entity in Finland - https://blog.morphisec.com/unveiling-uac-0184-the-remcos-rat-steganography-saga

SVR Cyber Actors Adapt Tactics for Initial Cloud Access - https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-057a 

“SubdoMailing” - Thousands of Hijacked Major-Brand Subdomains Found Bombarding Users With Millions of Malicious Emails - https://labs.guard.io/subdomailing-thousands-of-hijacked-major-brand-subdomains-found-bombarding-users-with-millions-a5e5fb892935

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

PIKABOT, I choose you! - https://www.elastic.co/security-labs/pikabot-i-choose-you 

LockBit Ransomware Group Resurfaces After Law Enforcement Takedown - https://thehackernews.com/2024/02/lockbit-ransomware-group-resurfaces.html 

Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT Campaigns - https://unit42.paloaltonetworks.com/i-soon-data-leaks/  

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

Details on Apple’s Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204 - https://www.bitdefender.com/blog/labs/details-on-apples-shortcuts-vulnerability-a-deep-dive-into-cve-2024-23204/ 

VOLTZITE Threat Group’s Under the Radar Cyber Espionage on U.S. Critical Systems  - https://www.dragos.com/blog/voltzite-threat-group-under-the-radar-cyber-espionage-on-us-critical-systems/ 

TinyTurla-NG in-depth tooling and command and control analysis - https://blog.talosintelligence.com/tinyturla-ng-tooling-and-c2/ 

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia