Cyber Morning Call Tempest Security Intelligence

[Referências do Episódio]


TURING DAY 2024 - https://www.even3.com.br/tempest-turing-day-2024/




There Are No Secrets || Exploiting Veeam CVE-2024-29855 - https://summoning.team/blog/veeam-recovery-orchestrator-auth-bypass-cve-2024-29855/ 


UNC3944 Targets SaaS Applications - https://cloud.google.com/blog/topics/threat-intelligence/unc3944-targets-saas-applications/ 


Operation Celestial Force employs mobile and desktop malware to target Indian entities - https://blog.talosintelligence.com/cosmic-leopard/ 



  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]


TURING DAY 2024 - https://www.even3.com.br/tempest-turing-day-2024/


Insights on Cyber Threats Targeting Users and Enterprises in Brazil - https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-targeting-brazil/ 


Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day - https://symantec-enterprise-blogs.security.com/threat-intelligence/black-basta-ransomware-zero-day 


CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution Vulnerability - https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/ 


Security Advisory May 2024 - https://forums.ivanti.com/s/article/Security-Advisory-May-2024?language=en_US 


Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day - https://thehackernews.com/2024/06/google-warns-of-pixel-firmware-security.html 


Атакували провідне підприємство у Нідерландах та Бельгії: поліцейські викрили пособника російських хакерів - https://cyberpolice.gov.ua/news/atakuvaly-providne-pidpryyemstvo-u-niderlandax-ta-belgiyi-policzejski-vykryly-posobnyka-rosijskyx-xakeriv-4010/ 



Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]


June 2024 Security Updates - https://msrc.microsoft.com/update-guide/releaseNote/2024-Jun 


ARM ZERO-DAY IN MALI GPU DRIVERS ACTIVELY EXPLOITED IN THE WILD - https://securityaffairs.com/164430/hacking/arm-zero-day-actively-exploited.html 


CVE-2024-23110 - Multiple buffer overflows in diag npu command - https://fortiguard.fortinet.com/psirt/FG-IR-23-460 


You’ve Got Mail: Critical Microsoft Outlook Vulnerability Executes as Email is Opened - https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability 


TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers - https://www.bleepingcomputer.com/news/security/tellyouthepass-ransomware-exploits-recent-php-rce-flaw-to-breach-servers/ 


Dipping into Danger: The WARMCOOKIE backdoor - https://www.elastic.co/security-labs/dipping-into-danger 


A Brief History of SmokeLoader, Part 1 - https://www.zscaler.com/blogs/security-research/brief-history-smokeloader-part-1 


Aanhoudende statelijke cyberspionagecampagne via kwetsbare edge devices - https://www.ncsc.nl/actueel/nieuws/2024/juni/10/aanhoudende-statelijke-cyberspionagecampagne-via-kwetsbare-edge-devices 


Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups - https://www.trendmicro.com/en_us/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html 



Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]


TURING DAY 2024 - https://www.even3.com.br/tempest-turing-day-2024/


UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion - https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion/ 


CVE-2024-29849 - https://github.com/sinsinology/CVE-2024-29849?tab=readme-ov-file 

[Referências do Episódio]


New Agent Tesla Campaign Targeting Spanish-Speaking People - https://www.fortinet.com/blog/threat-research/new-agent-tesla-campaign-targeting-spanish-speaking-people


Microsoft rolls back ‘dumbest cybersecurity move in a decade’ - https://cyberscoop.com/microsoft-rolls-back-dumbest-cybersecurity-move-in-a-decade/ 


Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster. - https://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465e 


PHP ADDRESSED CRITICAL RCE FLAW POTENTIALLY IMPACTING MILLIONS OF SERVERS - https://securityaffairs.com/164302/breaking-news/php-critical-rce.html

[Referências do Episódio]


Howling at the Inbox: Sticky Werewolf’s Latest Malicious Aviation Attacks - https://blog.morphisec.com/sticky-werewolfs-aviation-attacks


New Gitloker attacks wipe GitHub repos in extortion scheme - https://www.bleepingcomputer.com/news/security/new-gitloker-attacks-wipe-github-repos-in-extortion-scheme/#google_vignette


Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers - https://www.trendmicro.com/en_us/research/24/f/commando-cat-a-novel-cryptojacking-attack-.html



Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia