[Referências do Episódio]

- TEMPEST TALKS 2023 - https://www.tempest.com.br/tempest_talk/tempest-talks-2023/

- Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted - https://www.threatfabric.com/blogs/xenomorph 

- Securonix Threat Labs Security Advisory: New STARK#VORTEX Attack Campaign: Threat Actors Use Drone Manual Lures to Deliver MerlinAgent Payloads - https://www.securonix.com/blog/threat-labs-security-advisory-new-starkvortex-attack-campaign-threat-actors-use-drone-manual-lures-to-deliver-merlinagent-payloads/ 

- New MerlinAgent Open-Source Tool Used by UAC-0154 Group to Target Ukrainian State Agencies - https://socprime.com/blog/new-merlinagent-open-source-tool-used-by-uac-0154-group-to-target-ukrainian-state-agencies/ 

- Dusting for fingerprints: ShadowSyndicate, a new RaaS player? - https://www.group-ib.com/blog/shadowsyndicate-raas/ 

Roteiro e apresentação: Carlos Cabral 

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

- TEMPEST TALKS 2023 - https://www.tempest.com.br/tempest_talk/tempest-talks-2023/

- PREDATOR IN THE WIRESAhmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions - https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/

- It’s a trap: Detecting a cryptominer on a popular website using Group-IB MXDR - https://www.group-ib.com/blog/mxdr-cryptominer/ 

- Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government - https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/#post-130207-_s3s7cy4hax0 

- Stealth Falcon preying over Middle Eastern skies with Deadglyph - https://www.welivesecurity.com/en/eset-research/stealth-falcon-preying-middle-eastern-skies-deadglyph/

- Keep Calm and (Don’t) Enable MacrosA New Threat Actor Targets UAE Dissidents - https://citizenlab.ca/2016/05/stealth-falcon/

Roteiro e apresentação: Carlos Cabral 

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

- TEMPEST TALKS 2023 - https://www.tempest.com.br/tempest_talk/tempest-talks-2023/

- About the security content of iOS 17.0.1 and iPadOS 17.0.1 - https://support.apple.com/en-us/HT213926

- About the security content of macOS Ventura 13.6 - https://support.apple.com/en-us/HT213931

- Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit - https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/

- Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge - https://thehackernews.com/2023/09/researchers-raise-red-flag-on-p2pinfect.html 

Roteiro e apresentação: Carlos Cabral 

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

- TEMPEST TALKS 2023 - https://www.tempest.com.br/tempest_talk/tempest-talks-2023/

- Check Point Research exposes new versions of the BBTok banking malware, which targets clients of over 40 Mexican and Brazilian banks - https://blog.checkpoint.com/security/check-point-research-exposes-new-versions-of-the-bbtok-banking-malware-which-targets-clients-of-over-40-mexican-and-brazilian-banks/

- Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape - https://www.proofpoint.com/us/blog/threat-insight/chinese-malware-appears-earnest-across-cybercrime-threat-landscape

- LUCR-3: SCATTERED SPIDER GETTING SAAS-Y IN THE CLOUD - https://permiso.io/blog/lucr-3-scattered-spider-getting-saas-y-in-the-cloud 

- Nagios XI vulnerabilities resulting in privilege escalation (& more)  - https://outpost24.com/blog/nagios-xi-vulnerabilities/

Roteiro e apresentação: Carlos Cabral 

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

- TEMPEST TALKS 2023 - https://www.tempest.com.br/tempest_talk/tempest-talks-2023/

- New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants - https://blog.talosintelligence.com/introducing-shrouded-snooper/ 

- CRITICAL SECURITY BULLETIN: 3rd Party AV Uninstaller Module for Trend Micro Apex One and Worry-Free Business Security Arbitrary Code Execution Vulnerability - https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US

- Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT - https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/

- GitLab Critical Security Release: 16.3.4 and 16.2.7 - https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/

- CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones - https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/ 

Roteiro e apresentação: Carlos Cabral 

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

- Fileless Remote Code Execution on Juniper Firewalls - https://vulncheck.com/blog/juniper-cve-2023-36845 

- 38TB of data accidentally exposed by Microsoft AI researchers - https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers

- Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token - https://msrc.microsoft.com/blog/2023/09/microsoft-mitigated-exposure-of-internal-information-in-a-storage-account-due-to-overly-permissive-sas-token/ 

- Bumblebee Loader Resurfaces in New Campaign - https://intel471.com/blog/bumblebee-loader-resurfaces-in-new-campaign

- URL files and WebDAV used for IcedID (Bokbot) infection - https://isc.sans.edu/diary/URL+files+and+WebDAV+used+for+IcedID+Bokbot+infection/29578 

- Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement - https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html 

Roteiro e apresentação: Carlos Cabral 

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

- TEMPEST TALKS 2023 - https://www.tempest.com.br/tempest_talk/tempest-talks-2023/

- BlackCat ransomware hits Azure Storage with Sphynx encryptor - https://www.bleepingcomputer.com/news/security/blackcat-ransomware-hits-azure-storage-with-sphynx-encryptor/ 

- Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads - https://thehackernews.com/2023/09/cybercriminals-combine-phishing-and-ev.html 

- BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration - https://securityintelligence.com/posts/blackcat-ransomware-levels-up-stealth-speed-exfiltration/

Roteiro e apresentação: Carlos Cabral 

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

- TEMPEST TALKS 2023 - https://www.tempest.com.br/tempest_talk/tempest-talks-2023/

- Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety - https://www.mandiant.com/resources/blog/unc3944-sms-phishing-sim-swapping-ransomware 

- Windows 11 ‘ThemeBleed’ RCE bug gets proof-of-concept exploit - https://www.bleepingcomputer.com/news/security/windows-11-themebleed-rce-bug-gets-proof-of-concept-exploit/

- Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets - https://www.microsoft.com/en-us/security/blog/2023/09/14/peach-sandstorm-password-spray-campaigns-enable-intelligence-collection-at-high-value-targets/ 

Roteiro e apresentação: Carlos Cabral 

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

- TEMPEST TALKS 2023 - https://www.tempest.com.br/tempest_talk/tempest-talks-2023/

- Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes - https://www.akamai.com/blog/security-research/kubernetes-critical-vulnerability-command-injection

- [Security Advisory] CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation - https://discuss.kubernetes.io/t/security-advisory-cve-2023-3676-insufficient-input-sanitization-on-windows-nodes-leads-to-privilege-escalation/25204

- 3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit

- Azure HDInsight Riddled With XSS Vulnerabilities via Apache Services - https://orca.security/resources/blog/cross-site-scripting-vulnerabilities-in-apache-services-azure-hd-insight/

- SMB NTLM blocking now supported in Windows Insider - https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206 

Roteiro e apresentação: Carlos Cabral 

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]

- TEMPEST TALKS 2023 - https://www.tempest.com.br/tempest_talk/tempest-talks-2023/

- Atualizações de segurança de setembro de 2023 - https://msrc.microsoft.com/update-guide/releaseNote/2023-Sep

- Security update available for Adobe Acrobat and Reader  | APSB23-34 - https://helpx.adobe.com/security/products/acrobat/apsb23-34.html

- Persistent Threat: New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk - https://checkmarx.com/blog/persistent-threat-new-exploit-puts-thousands-of-github-repositories-and-millions-of-users-at-risk/ 

- Atualizações da F5 - https://my.f5.com/manage/s/new-updated-articles#sort=%40f5_updated_published_date%20descending&f:@f5_document_type=[Security%20Advisory]&periodFilter=0&dateField=1

- Atualizações da Dell - https://www.dell.com/support/security/pt-br/

- Atualizações da Asus - https://www.asus.com/content/asus-product-security-advisory/

- Atualizações da IBM - https://www.ibm.com/support/pages/bulletin/ 

- Atualizações da Suse - https://www.suse.com/support/update/

- Atualizações do Ubuntu - https://ubuntu.com/security/notices

- Atualizações da Lenovo - https://support.lenovo.com/us/en/product_security/ps500001-lenovo-product-security-advisories

- SAP Security Patch Day –September 2023 - https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10

- Atualizações da Mitsubishi Eletric - https://www.mitsubishielectric.com/en/psirt/vulnerability/index.html

- Atualizações da Zoom - https://explore.zoom.us/en/trust/security/security-bulletin/

- Atualizações da Zimbra - https://wiki.zimbra.com/wiki/Security_Center 

- Atualizações da Schneider Eletric - https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp 

- Mozilla Foundation Security Advisory 2023-40 - https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ 

- macOS MetaStealer | New Family of Obfuscated Go Infostealers Spread in Targeted Attacks - https://www.sentinelone.com/blog/macos-metastealer-new-family-of-obfuscated-go-infostealers-spread-in-targeted-attacks/

- OpenSSL 1.1.1 End of Life - https://www.openssl.org/blog/blog/2023/09/11/eol-111/ 

Roteiro e apresentação: Carlos Cabral 

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia