Podcast de cibersegurança produzido pela Tempest com episódios diários, publicados logo pela manhã com aquilo que foi mais relevante nas últimas vinte e quatro ...
706 - Nova campanha de phishing da Rússia afeta contas no WhatsApp
[Referências do Episódio]
New Star Blizzard spear-phishing campaign targets WhatsApp accounts - https://www.microsoft.com/en-us/security/blog/2025/01/16/new-star-blizzard-spear-phishing-campaign-targets-whatsapp-accounts/
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344 - https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/
Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service - https://blog.sekoia.io/sneaky-2fa-exposing-a-new-aitm-phishing-as-a-service/#h-anti-bot-and-anti-analysis-features
Threat Brief: CVE-2025-0282 and CVE-2025-0283 - https://unit42.paloaltonetworks.com/threat-brief-ivanti-cve-2025-0282-cve-2025-0283/
If you think you blocked NTLMv1 in your org, think again - https://www.silverfort.com/blog/ntlmv1-bypass-in-active-directory-technical-deep-dive/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
--------
5:32
705 - Leak afeta 15 mil firewalls Fortinet
[Referências do Episódio]
Hackers leak configs and VPN credentials for 15,000 FortiGate devices - https://www.bleepingcomputer.com/news/security/hackers-leak-configs-and-vpn-credentials-for-15-000-fortigate-devices/
2022 zero day was used to raid Fortigate firewall configs. Somebody just released them. - https://doublepulsar.com/2022-zero-day-was-used-to-raid-fortigate-firewall-configs-somebody-just-released-them-a7a74e0b0c7f
The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads - https://www.malwarebytes.com/blog/news/2025/01/the-great-google-ads-heist-criminals-ransack-advertiser-accounts-via-fake-google-ads
Slew of WavLink vulnerabilities - https://blog.talosintelligence.com/slew-of-wavlink-vulnerabilities/
Operation 99: North Korean State Sponsored Supply Chain Attack on Tech Innovation - https://securityscorecard.com/wp-content/uploads/2025/01/Report_011325_Strike_Operation99.pdf
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
--------
4:35
704 - Patch Tuesday: Zero-days sob exploração em produtos Fortinet e Microsoft
[Referências do Episódio]
Atualizações de Segurança de janeiro de 2025 - https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan
Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws - https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2025-patch-tuesday-fixes-8-zero-days-159-flaws/
January 14, 2025—KB5049981 (OS Builds 19044.5371 and 19045.5371) - https://support.microsoft.com/en-us/topic/january-14-2025-kb5049981-os-builds-19044-5371-and-19045-5371-12f3788f-6e7d-4524-8ab3-27d1666e0510
Microsoft’s January security update fails/reverts on a machine with 2411 Session Recording Agent - https://support.citrix.com/s/article/CTX692505-microsofts-january-security-update-failsreverts-on-a-machine-with-2411-session-recording-agent?language=en_US
Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities - https://blog.talosintelligence.com/january-patch-tuesday-release/
Fortinet Releases Security Updates for Multiple Products - https://www.cisa.gov/news-events/alerts/2025/01/14/fortinet-releases-security-updates-multiple-products
CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild - https://www.tenable.com/blog/cve-2024-55591-fortinet-authentication-bypass-zero-day-vulnerability-exploited-in-the-wild
Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls - https://arcticwolf.com/resources/blog/console-chaos-targets-fortinet-fortigate-firewalls/
Security Advisory Ivanti Avalanche 6.4.7 (Multiple CVEs) - https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-7-Multiple-CVEs?language=en_US
Security Advisory - Ivanti Application Control Engine (CVE-2024-10630) - https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Application-Control-Engine-CVE-2024-10630?language=en_US
Security Advisory EPM January 2025 for EPM 2024 and EPM 2022 SU6 - https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US
Adobe Security Bulletins and Advisories, Jan 14, 2025 - https://helpx.adobe.com/security/security-bulletin.html
Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers - https://www.justice.gov/opa/pr/justice-department-and-fbi-conduct-international-operation-delete-malware-used-china-backed
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains - https://thehackernews.com/2025/01/google-oauth-vulnerability-exposes.html
CISA Releases the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet - https://www.cisa.gov/news-events/alerts/2025/01/14/cisa-releases-jcdc-ai-cybersecurity-collaboration-playbook-and-fact-sheet
Joint Statement on Cryptocurrency Thefts by the Democratic People’s Republic of Korea and Public-Private Collaboration - https://www.state.gov/office-of-the-spokesperson/releases/2025/01/joint-statement-on-cryptocurrency-thefts-by-the-democratic-peoples-republic-of-korea-and-public-private-collaboration
Investigating A Web Shell Intrusion With Trend Micro™ Managed XDR - https://www.trendmicro.com/en_us/research/25/a/investigating-a-web-shell-intrusion-with-trend-micro--managed-xd.html
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
--------
6:07
703 - Campanha de extorsão abusa da criptografia da AWS contra buckets S3
[Referências do Episódio]
TLP Black - https://tlpblack.substack.com/p/n-1-tufoes-na-america-do-norte
Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C - https://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c
Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions - https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-44243-a-macos-system-integrity-protection-bypass-through-kernel-extensions/
CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks - https://thehackernews.com/2025/01/cisa-adds-new-beyondtrust-flaw-to-kev.html
Critical Vulnerabilities in SimpleHelp Remote Support Software - https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/
Hackers exploit critical Aviatrix Controller RCE flaw in attacks - https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-aviatrix-controller-rce-flaw-in-attacks/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
--------
5:55
702 - Novo ransomware usa código gerado por IA
[Referências do Episódio]
FunkSec – Alleged Top Ransomware Group Powered by AI - https://research.checkpoint.com/2025/funksec-alleged-top-ransomware-group-powered-by-ai/
Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices - https://thehackernews.com/2025/01/google-project-zero-researcher-uncovers.html
Transaction Simulation Spoofing: A New Threat in Web3 - https://drops.scamsniffer.io/transaction-simulation-spoofing-a-new-threat-in-web3/
Double-Tap Campaign : Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations - https://blog.sekoia.io/double-tap-campaign-russia-nexus-apt-possibly-related-to-apt28-conducts-cyber-espionage-on-central-asia-and-kazakhstan-diplomatic-relations/
Roteiro e apresentação: Carlos Cabral e Bianca Oliveira
Edição de áudio: Paulo Arruzzo
Narração de encerramento: Bianca Garcia
Podcast de cibersegurança produzido pela Tempest com episódios diários, publicados logo pela manhã com aquilo que foi mais relevante nas últimas vinte e quatro horas em termos de novos ataques, vulnerabilidade ou ameaças.
Tudo em menos de dez minutos e traduzido para uma linguagem fácil, produzido para que você possa ajustar o curso do seu dia de modo a tomar as melhores decisões de cibersegurança para sua empresa.
Brasil