Cyber Morning Call Tempest Security Intelligence

[Referências do Episódio]


Howling at the Inbox: Sticky Werewolf’s Latest Malicious Aviation Attacks - https://blog.morphisec.com/sticky-werewolfs-aviation-attacks


New Gitloker attacks wipe GitHub repos in extortion scheme - https://www.bleepingcomputer.com/news/security/new-gitloker-attacks-wipe-github-repos-in-extortion-scheme/#google_vignette


Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers - https://www.trendmicro.com/en_us/research/24/f/commando-cat-a-novel-cryptojacking-attack-.html



Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]


TargetCompany’s Linux Variant Targets ESXi Environments - https://www.trendmicro.com/en_us/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html 


RansomHub: New Ransomware has Origins in Older Knight - https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomhub-knight-ransomware 


DarkGate switches up its tactics with new payload, email templates - https://blog.talosintelligence.com/darkgate-remote-template-injection/ 


2024: Old CVEs, New Targets — Active Exploitation of ThinkPHP - https://www.akamai.com/blog/security-research/2024/jun/2024-thinkphp-applications-exploit-1-days-dama-webshell 


Operation Crimson Palace: Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government - https://news.sophos.com/en-us/2024/06/05/operation-crimson-palace-sophos-threat-hunting-unveils-multiple-clusters-of-chinese-state-sponsored-activity-targeting-southeast-asia/ 


Muhstik Malware Targets Message Queuing Services Applications - https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/ 


Phishing for Gold: Cyber Threats Facing the 2024 Paris Olympics - https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-2024-paris-olympics/ 



Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]


Threat Actors’ Systems Can Also Be Exposed and Used by Other Threat Actors - https://asec.ahnlab.com/en/66372/ 


Cybercriminals Attack Banking Customers In EU With V3B Phishing Kit - https://www.resecurity.com/blog/article/cybercriminals-attack-banking-customers-in-eu-with-v3b-phishing-kit 


UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine’s Ministry of Defence - https://cyble.com/blog/unc1151-strikes-again-unveiling-their-tactics-against-ukraines-ministry-of-defence/ 


Zyxel security advisory for multiple vulnerabilities in NAS products - https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024 


Five new vulnerabilities found in Zyxel NAS devices (including code execution and privilege escalation) - https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/ 



Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]


DarkGate again but... Improved? - https://www.trellix.com/blogs/research/darkgate-again-but-improved/ 


Hacking Millions of Modems (and Investigating Who Hacked My Modem) - https://samcurry.net/hacking-millions-of-modems 


Ransomware Rebounds: Extortion Threat Surges in 2023, Attackers Rely on Publicly Available and Legitimate Tools - https://cloud.google.com/blog/topics/threat-intelligence/ransomware-attacks-surge-rely-on-public-legitimate-tools/ 



Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia

[Referências do Episódio]


New banking trojan “CarnavalHeist” targets Brazil with overlay attacks - https://blog.talosintelligence.com/new-banking-trojan-carnavalheist-targets-brazil/ 


LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader - https://blog.talosintelligence.com/lilacsquid/ 


Disrupting FlyingYeti's campaign targeting Ukraine - https://blog.cloudflare.com/disrupting-flyingyeti-campaign-targeting-ukraine 


The Pumpkin Eclipse - https://blog.lumen.com/the-pumpkin-eclipse/ 


PikaBot: a Guide to its Deep Secrets and Operations - https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/ 


GRU's BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns - https://www.recordedfuture.com/grus-bluedelta-targets-key-networks-in-europe-with-multi-phase-espionage-camp 


Russian influence efforts converge on 2024 Paris Olympic Games - https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/MTAC_Report_Russian_Influence_and_Paris_2024.pdf 


RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit - https://www.akamai.com/blog/security-research/2024/may/2024-redtail-cryptominer-pan-os-cve-exploit 



Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Carlos Cabral

[Referências do Episódio]


Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - https://www.microsoft.com/en-us/security/blog/2024/05/28/moonstone-sleet-emerges-as-new-north-korean-threat-actor-with-new-bag-of-tricks/ 


Kiteshield Packer is Being Abused by Linux Cyber Threat Actors - https://blog.xlab.qianxin.com/kiteshield_packer_is_being_abused_by_linux_cyber_threat_actors/ 


STATIC UNPACKING FOR THE WIDESPREAD NSIS-BASED MALICIOUS PACKER FAMILY - https://research.checkpoint.com/2024/static-unpacking-for-the-widespread-nsis-based-malicious-packer-family/ 


Thread da ESET sobre o Grandoreiro - https://x.com/ESETresearch/status/1795437280016154955 



Roteiro e apresentação: Carlos Cabral e Bianca Oliveira

Edição de áudio: Paulo Arruzzo

Narração de encerramento: Bianca Garcia