Cyber Morning Call Tempest Security Intelligence

[Referências do Episódio]


Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation - https://www.recordedfuture.com/redjuliett-intensifies-taiwanese-cyber-espionage-via-network-perimeter




Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032) – Overview and Mitigations - https://www.wiz.io/blog/probllama-ollama-vulnerability-cve-2024-37032


XZ backdoor: Hook analysis - https://securelist.com/xz-backdoor-part-3-hooking-ssh/113007/

Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]


SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques - https://blog.talosintelligence.com/sneakychef-sugarghost-rat/ 


Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia - https://blog.talosintelligence.com/new-spicerat-sneakychef/ 


Sustained Campaign Using Chinese Espionage Tools Targets Telcos - https://symantec-enterprise-blogs.security.com/threat-intelligence/telecoms-espionage-asia 


ANALYSIS OF PHANTOM#SPIKE: ATTACKERS LEVERAGING CHM FILES TO RUN CUSTOM CSHARP BACKDOORS LIKELY TARGETING VICTIMS ASSOCIATED WITH PAKISTAN - https://www.securonix.com/blog/analysis-of-phantomspike-attackers-leveraging-chm-files-to-run-custom-csharp-backdoors-likely-targeting-victims-associated-with-pakistan/ 



Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]


UEFICANHAZBUFFEROVERFLOW: WIDESPREAD IMPACT FROM VULNERABILITY IN POPULAR PC AND SERVER FIRMWARE - https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/ 


SolarWinds Serv-U path traversal flaw actively exploited in attacks - https://www.bleepingcomputer.com/news/security/solarwinds-serv-u-path-traversal-flaw-actively-exploited-in-attacks/ 


SolarWinds Serv-U Directory Transversal Vulnerability (CVE-2024-28995) - https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28995 


CVE-2024-28995 - https://attackerkb.com/topics/2k7UrkHyl3/cve-2024-28995/rapid7-analysis 


SolarWinds Serv-U (CVE-2024-28995) exploitation: We see you! - https://www.labs.greynoise.io/grimoire/2024-06-solarwinds-serv-u/ 


RAFEL RAT, ANDROID MALWARE FROM ESPIONAGE TO RANSOMWARE OPERATIONS - https://research.checkpoint.com/2024/rafel-rat-android-malware-from-espionage-to-ransomware-operations/ 



Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]


É HOJE!!!!   TURING DAY 2024 - https://www.even3.com.br/tempest-turing-day-2024/




LevelBlue Labs Discovers Highly Evasive, New Loader Targeting Chinese Organizations - https://cybersecurity.att.com/blogs/labs-research/highly-evasive-squidloader-targets-chinese-organizations 


AN UNPATCHED BUG ALLOWS ANYONE TO IMPERSONATE MICROSOFT CORPORATE EMAIL ACCOUNTS - https://securityaffairs.com/164675/hacking/expert-warns-of-a-spoofing-bug.html


Thread sobre a possível falha no Outlook - https://x.com/slonser_/status/1801521692314927433 


Fickle Stealer Distributed via Multiple Attack Chain - https://www.fortinet.com/blog/threat-research/fickle-stealer-distributed-via-multiple-attack-chain 



Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]


TURING DAY 2024 - https://www.even3.com.br/tempest-turing-day-2024/




Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework - https://www.trendmicro.com/en_us/research/24/f/behind-the-great-wall-void-arachne-targets-chinese-speaking-user.html 


虫潮降临：Zergeca僵尸网络分析报告 - https://blog.xlab.qianxin.com/the-swarm-awakens-a-deep-dive-into-the-zergeca-botnet-cn/ 


ExCobalt: GoRed, the hidden-tunnel technique - https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/excobalt-gored-the-hidden-tunnel-technique/ 


New Diamorphine rootkit variant seen undetected in the wild - https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/ 


Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion - https://www.trellix.com/blogs/research/how-attackers-repackaged-a-threat-into-something-that-looked-benign/ 


Rising Wave of QR Code Phishing Attacks: Chinese Citizens Targeted Using Fake Official Documents - https://cyble.com/blog/rising-wave-of-qr-code-phishing-attacks-chinese-citizens-targeted-using-fake-official-documents/ 


Cloaked and Covert: Uncovering UNC3886 Espionage Operations - https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations/ 



Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]


TURING DAY 2024 - https://www.even3.com.br/tempest-turing-day-2024/




China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence - https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ 


VMSA-2024-0012:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081) - https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453 



Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia