[Referências do Episódio]

- Three New BGP Message Parsing Vulnerabilities Disclosed in FRRouting Software - https://www.forescout.com/blog/three-new-bgp-message-parsing-vulnerabilities-disclosed-in-frrouting-software/

- 288 dark web vendors arrested in major marketplace seizure - https://www.europol.europa.eu/media-press/newsroom/news/288-dark-web-vendors-arrested-in-major-marketplace-seizure

- TBK DVR Authentication Bypass Attack: DVR camera system vulnerability actively exploited in the wild - https://fortiguard.fortinet.com/outbreak-alert/tbk-dvr-attack

[Ficha técnica]

Apresentação: Carlos Cabral

Roteiro: Carlos Cabral e Daniel Venzi

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

Projeto gráfico: Julian Prieto

[Referências do Episódio]

- Zyxel security advisory for OS command injection vulnerability of firewalls - https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls

- Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now - https://thehackernews.com/2023/04/zyxel-firewall-devices-vulnerable-to.html 

- Rapture, a Ransomware Family With Similarities to Paradise - https://www.trendmicro.com/en_us/research/23/d/rapture-a-ransomware-family-with-similarities-to-paradise.html

- Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy - https://www.lookout.com/blog/iranian-spyware-bouldspy 

- CHAIN REACTION: ROKRAT’S MISSING LINK - https://research.checkpoint.com/2023/chain-reaction-rokrats-missing-link/ 

- CISA Adds Three Known Exploited Vulnerabilities to Catalog - https://www.cisa.gov/news-events/alerts/2023/05/01/cisa-adds-three-known-exploited-vulnerabilities-catalog 

[Ficha técnica]

Apresentação: Carlos Cabral

Roteiro: Carlos Cabral e Daniel Venzi

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

Projeto gráfico: Julian Prieto

[Referências do Episódio]

- Nomadic Octopus’ Paperbug Campaign - https://www.prodaft.com/m/reports/PAPERBUG_TLPWHITE-1.pdf

- Thread da Microsoft no Twitter sobre ataques contra o PaperCut - https://twitter.com/MsftSecIntel/status/1651346653901725696

- Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions - https://thehackernews.com/2023/04/tonto-team-uses-anti-malware-file-to.html 

[Ficha técnica]

Apresentação: Carlos Cabral

Roteiro: Carlos Cabral e Daniel Venzi

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

Projeto gráfico: Julian Prieto

[Referências do Episódio]

- Evasive Panda APT Group Malware Updates Popular Chinese Software - https://www.welivesecurity.com/2023/04/26/evasive-panda-apt-group-malware-updates-popular-chinese-software/

- Unpacking Bellacio a Closer Look at Iran’s Latest Malware- https://www.bitdefender.com/blog/businessinsights/unpacking-bellaciao-a-closer-look-at-irans-latest-malware/

- Alloy Taurus - https://unit42.paloaltonetworks.com/alloy-taurus

- Insecure Default Configuration in Apache Superset Lead to Remote Code Exeution - https://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/

[Ficha técnica]

Apresentação: Daniel Venzi

Roteiro: Carlos Cabral e Daniel Venzi

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

Projeto gráfico: Julian Prieto

[Referências do Episódio]

- New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP) - https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp

- Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware - https://thehackernews.com/2023/04/lazarus-subgroup-targeting-apple.html

- BlueNoroff APT group targets macOS with ‘RustBucket’ Malware - https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/

- TP-LINK WAN-SIDE VULNERABILITY CVE-2023-1389 ADDED TO THE MIRAI BOTNET ARSENAL - https://www.zerodayinitiative.com/blog/2023/4/21/tp-link-wan-side-vulnerability-cve-2023-1389-added-to-the-mirai-botnet-arsenal

- Download for Archer AX21 V3 - https://www.tp-link.com/us/support/download/archer-ax21/v3/#Firmware

- VMware VMSA-2023-0008 - https://www.vmware.com/security/advisories/VMSA-2023-0008.html 

[Ficha técnica]

Apresentação: Carlos Cabral

Roteiro: Carlos Cabral e Daniel Venzi

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

Projeto gráfico: Julian Prieto

[Referências do Episódio]

- Tomiris called, they want their Turla malware back - https://securelist.com/tomiris-called-they-want-their-turla-malware-back/109552/

- Thread da Microsoft sobre falhas no sistema de busca do Microsoft 365 - https://twitter.com/MSFT365Status/status/1650458920786247681

- Attackers Abuse Kubernetes RBAC to Deploy Persistent Backdoor - https://www.securityweek.com/attackers-abuse-kubernetes-rbac-to-deploy-persistent-backdoor/

- Using RBAC Authorization - https://kubernetes.io/docs/reference/access-authn-authz/rbac/

[Ficha técnica]

Apresentação: Carlos Cabral

Roteiro: Carlos Cabral e Daniel Venzi

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

Projeto gráfico: Julian Prieto

[Referências do Episódio]

- 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible - https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise

- X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain

- CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog - https://securityaffairs.com/145139/security/known-exploited-vulnerabilities-catalog-minio-papercut-and-chrome.html

- VMSA-2023-0007 - CVE-2023-20864, CVE-2023-20865 - https://www.vmware.com/security/advisories/VMSA-2023-0007.html

- EvilExtractor – All-in-One Stealer - https://www.fortinet.com/blog/threat-research/evil-extractor-all-in-one-stealer

[Ficha técnica]

Apresentação: Carlos Cabral

Roteiro: Carlos Cabral e Daniel Venzi

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

Projeto gráfico: Julian Prieto

[Referências do Episódio]

- Jaguar Tooth - https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/jaguar-tooth/NCSC-MAR-Jaguar-Tooth.pdf

- Play Ransmware Volume Shadow Copy- https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy

- Google fixes zero-day in Chrome - https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html

- Cyber Espionagem in India Decoding APT 36 New Linux Malware- https://www.uptycs.com/blog/cyber_espionage_in_india_decoding_apt_36_new_linux_malware

- Ameaças a Sistemas Baseados em Machine Learning Parte 2 de 5 - 

https://www.sidechannel.blog/ameacas-a-sistemas-baseados-em-machine-learning-parte-2-de-5/

[Ficha técnica]

Apresentação: Daniel Venzi

Roteiro: Carlos Cabral e Daniel Venzi

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

Projeto gráfico: Julian Prieto

[Referências do Episódio]

- SimpleHarm: Tracking MuddyWater’s infrastructure - https://www.group-ib.com/blog/muddywater-infrastructure/

- WHAT MAKES INVALID PRINTER LOADER SO STEALTHY? - https://blog.morphisec.com/in2al5d-p3in4er

- State-sponsored campaigns target global network infrastructure - https://blog.talosintelligence.com/state-sponsored-campaigns-target-global-network-infrastructure/ 

- Triple Threat: NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains - https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/

[Ficha técnica]

Apresentação: Carlos Cabral

Roteiro: Carlos Cabral e Daniel Venzi

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

Projeto gráfico: Julian Prieto

[Referências do Episódio]

- QBot banker delivered through business correspondence - https://securelist.com/qbot-banker-business-correspondence/109535/

- New Zaraza Bot Credential-Stealer Sold on Telegram Targeting 38 Web Browsers - https://thehackernews.com/2023/04/new-zaraza-bot-credential-stealer-sold.html

- Trigona Ransomware Attacking MS-SQL Servers - https://asec.ahnlab.com/en/51343/ 

- Threat Horizons: April 2023 Threat Horizons Report - https://services.google.com/fh/files/blogs/gcat_threathorizons_full_apr2023.pdf

[Ficha técnica]

Apresentação: Carlos Cabral

Roteiro: Carlos Cabral e Daniel Venzi

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

Projeto gráfico: Julian Prieto