Cyber Morning Call

Tempest Security Intelligence

Podcast de cibersegurança produzido pela Tempest com episódios diários, publicados logo pela manhã com aquilo que foi mais relevante nas últimas vinte e quatro horas em termos de novos ataques, vulnerabilidade ou ameaças. Tudo em menos de dez minutos e traduzido para uma linguagem fácil, produzido para que você possa ajustar o curso do seu dia de modo a tomar as melhores decisões de cibersegurança para sua empresa. read less
TecnologiaTecnologia
REPRODUZIR TRAILER
Cyber Morning Call - Episódio 0
17-01-2022
Cyber Morning Call - Episódio 0
Podcast de cibersegurança produzido pela Tempest com episódios diários, publicados logo pela manhã com aquilo que foi mais relevante nas últimas vinte e quatro horas em termos de novos ataques, vulnerabilidade ou ameaças. Tudo em menos de dez minutos e traduzido para uma linguagem fácil, produzido para que você possa ajustar o curso do seu dia de modo a tomar as melhores decisões de cibersegurança para sua empresa.

Episódios

718 - Identificados pacotes maliciosos no PyPI com temática do DeepSeek
Hoje
718 - Identificados pacotes maliciosos no PyPI com temática do DeepSeek
[Referências do Episódio] Malicious packages deepseek and deepseekai published in Python Package Index - https://www.google.com/url?q=https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/malicious-packages-deepseeek-and-deepseekai-published-in-python-package-index&sa=D&source=docs&ust=1738667193797493&usg=AOvVaw3E9BNcNdMeT3UO3xeP4Sgr  Coral Jasmine on X - https://x.com/Fact_Finder03/status/1885209370868203740  OPA Gatekeeper Bypass Reveals Risks in Kubernetes Policy Engines - https://www.aquasec.com/blog/risks-misconfigured-kubernetes-policy-engines-opa-gatekeeper/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
717 - Meta interrompe campanha de spyware
Ontem
717 - Meta interrompe campanha de spyware
[Referências do Episódio] WhatsApp says journalists and civil society members were target of Israeli spyware  - https://www.theguardian.com/technology/2025/jan/31/whatsapp-israel-spyware  How scammers are exploiting DeepSeek’s rise - https://www.welivesecurity.com/en/cybersecurity/scammers-exploiting-deepseek-hype/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
716 - Trojan bancário Coyote visa novamente alvos brasileiros
Há 4 dias
716 - Trojan bancário Coyote visa novamente alvos brasileiros
[Referências do Episódio] Coyote Banking Trojan: A Stealthy Attack via LNK files  - https://www.fortinet.com/blog/threat-research/coyote-banking-trojan-a-stealthy-attack-via-lnk-files No need to RSVP: a closer look at the Tria Stealer campaign - https://securelist.com/tria-stealer-collects-sms-data-from-android-devices/115295/ HTTP Client Tools Exploitation for Account Takeover Attacks - https://www.proofpoint.com/us/blog/threat-insight/http-client-tools-exploitation-account-takeover-attacks Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
715 - Nova campanha do Lazarus Group visando desenvolvedores
Há 5 dias
715 - Nova campanha do Lazarus Group visando desenvolvedores
[Referências do Episódio] Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign  - https://securityscorecard.com/blog/operation-phantom-circuit-north-koreas-global-data-exfiltration-campaign/ Devil-Traff: A New Bulk SMS Platform Driving Phishing Campaigns - https://slashnext.com/blog/devil-traff-a-new-bulk-sms-platform-driving-phishing-campaigns/ FBI seizes Cracked.io, Nulled.to hacking forums in Operation Talent - https://www.bleepingcomputer.com/news/security/fbi-seizes-crackedio-nulledto-hacking-forums-in-operation-talent/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
714 - Documentado surgimento do backdoor TorNet
Há 6 dias
714 - Documentado surgimento do backdoor TorNet
[Referências do Episódio] New TorNet backdoor seen in widespread campaign - https://blog.talosintelligence.com/new-tornet-backdoor-campaign/ Security Brief: Threat Actors Take Taxes Into Account - https://www.proofpoint.com/us/blog/threat-insight/security-brief-threat-actors-take-taxes-account Critical Vulnerabilities in Node.js Expose Systems to Remote Attacks - https://cyble.com/blog/critical-vulnerabilities-in-node-js-expose-systems/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
713 - Publicada prova de conceito (PoC) para falha crítica no FortiGate
Há uma semana
713 - Publicada prova de conceito (PoC) para falha crítica no FortiGate
para preencher
712 - Tempest analisa suposto ataque do grupo GD LockerSec contra AWS Amazon
27-01-2025
712 - Tempest analisa suposto ataque do grupo GD LockerSec contra AWS Amazon
[Referências do Episódio] Tempest analisa suposto ataque contra AWS Amazon pelo grupo GD LockerSec  Exploit Me, Baby, One More Time: Command Injection in Kubernetes Log Query - https://www.akamai.com/blog/security-research/2025/jan/2024-january-kubernetes-log-query-rce-windows [Security Advisory] CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API - https://discuss.kubernetes.io/t/security-advisory-cve-2024-9042-command-injection-affecting-windows-nodes-via-nodes-logs-query-api/31276 No Honour Among Thieves: Uncovering a Trojanized XWorm RAT Builder Propagated by Threat Actors and Disrupting Its Operations - https://www.cloudsek.com/blog/no-honour-among-thieves-uncovering-a-trojanized-xworm-rat-builder-propagated-by-threat-actors-and-disrupting-its-operations Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
711 - O Cyber Morning Call faz 3 anos!
24-01-2025
711 - O Cyber Morning Call faz 3 anos!
[Referências do Episódio] TLP Black, minha newsletter - https://tlpblack.substack.com/  Product Notice: Urgent Security Notification - SMA 1000 - https://www.sonicwall.com/support/knowledge-base/product-notice-urgent-security-notification-sma-1000/250120090802840  Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications - https://www.cisa.gov/sites/default/files/2025-01/aa25-022a-threat-actors-chained-vulnerabilities-in-ivanti-cloud-service-applications.pdf  Salt Typhoon: An Analysis of Vulnerabilities Exploited by this State-Sponsored Actor - https://www.tenable.com/blog/salt-typhoon-an-analysis-of-vulnerabilities-exploited-by-this-state-sponsored-actor  The J-Magic Show: Magic Packets and Where to find them - https://blog.lumen.com/the-j-magic-show-magic-packets-and-where-to-find-them/  Lumma Stealer: Fake CAPTCHAs & New Techniques to Evade Detection - https://www.netskope.com/blog/lumma-stealer-fake-captchas-new-techniques-to-evade-detection  CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List - https://thehackernews.com/2025/01/cisa-adds-five-year-old-jquery-xss-flaw.html  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
710 - Extensões maliciosas do Chrome afetam centenas de milhares de usuários
23-01-2025
710 - Extensões maliciosas do Chrome afetam centenas de milhares de usuários
[Referências do Episódio] Targeted supply chain attack against Chrome browser extensions - https://blog.sekoia.io/targeted-supply-chain-attack-against-chrome-browser-extensions/  ClamAV OLE2 File Format Decryption Denial of Service Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA  Cisco BroadWorks SIP Denial of Service Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-sip-dos-mSySbrmt  Cisco Meeting Management REST API Privilege Escalation Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-privesc-uy2Vf8pc  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
709 - Quadrilhas usam MS Teams para disseminar ransomware
22-01-2025
709 - Quadrilhas usam MS Teams para disseminar ransomware
[Referências do Episódio]Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing” - https://news.sophos.com/en-us/2025/01/21/sophos-mdr-tracks-two-ransomware-campaigns-using-email-bombing-microsoft-teams-vishing/ Mass Campaign of Murdoc Botnet Mirai: A New Variant of Corona Mirai - https://blog.qualys.com/vulnerabilities-threat-research/2025/01/21/mass-campaign-of-murdoc-botnet-mirai-a-new-variant-of-corona-mirai Record-breaking 5.6 Tbps DDoS attack and global DDoS trends for 2024 Q4 - https://blog.cloudflare.com/ddos-threat-report-for-2024-q4/ PlushDaemon compromises supply chain of Korean VPN service - https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/ Oracle Critical Patch Update Advisory - January 2025 - https://www.oracle.com/security-alerts/cpujan2025.html Roteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia
708 - GamaCopy imita Gamaredom em ataques com arquivos 7z-SFX
21-01-2025
708 - GamaCopy imita Gamaredom em ataques com arquivos 7z-SFX
[Referências do Episódio] Love and hate under war: The GamaCopy organization, which imitates the Russian Gamaredon, uses military — related bait to launch attacks on Russia - https://medium.com/@knownsec404team/love-and-hate-under-war-the-gamacopy-organization-which-imitates-the-russian-gamaredon-uses-560ba5e633fa  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
707 - EUA sanciona envolvidos nos ataques do Silk Typhoon e Salt Typhoon
20-01-2025
707 - EUA sanciona envolvidos nos ataques do Silk Typhoon e Salt Typhoon
[Referências do Episódio] Treasury Sanctions Company Associated with Salt Typhoon and Hacker Associated with Treasury Compromise - https://home.treasury.gov/news/press-releases/jy2792  ANDROID MALWARE IN DONOT APT OPERATIONS - https://www.cyfirma.com/research/android-malware-in-donot-apt-operations/  Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation - https://thehackernews.com/2025/01/critical-flaws-in-wgs-804hpt-switches.html  Hack The Emulated Planet: Vulnerability Hunting Planet WGS-804HPT Industrial Switch - https://claroty.com/team82/research/hack-the-emulated-planet-vulnerability-hunting-planet-wgs-804hpt-industrial-switch  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
706 - Nova campanha de phishing da Rússia afeta contas no WhatsApp
17-01-2025
706 - Nova campanha de phishing da Rússia afeta contas no WhatsApp
[Referências do Episódio] New Star Blizzard spear-phishing campaign targets WhatsApp accounts - https://www.microsoft.com/en-us/security/blog/2025/01/16/new-star-blizzard-spear-phishing-campaign-targets-whatsapp-accounts/  Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344 - https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/   Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service - https://blog.sekoia.io/sneaky-2fa-exposing-a-new-aitm-phishing-as-a-service/#h-anti-bot-and-anti-analysis-features  Threat Brief: CVE-2025-0282 and CVE-2025-0283 - https://unit42.paloaltonetworks.com/threat-brief-ivanti-cve-2025-0282-cve-2025-0283/  If you think you blocked NTLMv1 in your org, think again - https://www.silverfort.com/blog/ntlmv1-bypass-in-active-directory-technical-deep-dive/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
705 - Leak afeta 15 mil firewalls Fortinet
16-01-2025
705 - Leak afeta 15 mil firewalls Fortinet
[Referências do Episódio] Hackers leak configs and VPN credentials for 15,000 FortiGate devices - https://www.bleepingcomputer.com/news/security/hackers-leak-configs-and-vpn-credentials-for-15-000-fortigate-devices/  2022 zero day was used to raid Fortigate firewall configs. Somebody just released them. - https://doublepulsar.com/2022-zero-day-was-used-to-raid-fortigate-firewall-configs-somebody-just-released-them-a7a74e0b0c7f  The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads - https://www.malwarebytes.com/blog/news/2025/01/the-great-google-ads-heist-criminals-ransack-advertiser-accounts-via-fake-google-ads  Slew of WavLink vulnerabilities - https://blog.talosintelligence.com/slew-of-wavlink-vulnerabilities/  Operation 99: North Korean State Sponsored Supply Chain Attack on Tech Innovation - https://securityscorecard.com/wp-content/uploads/2025/01/Report_011325_Strike_Operation99.pdf  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
704 - Patch Tuesday: Zero-days sob exploração em produtos Fortinet e Microsoft
15-01-2025
704 - Patch Tuesday: Zero-days sob exploração em produtos Fortinet e Microsoft
[Referências do Episódio] Atualizações de Segurança de janeiro de 2025 - https://msrc.microsoft.com/update-guide/releaseNote/2025-Jan  Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws - https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2025-patch-tuesday-fixes-8-zero-days-159-flaws/  January 14, 2025—KB5049981 (OS Builds 19044.5371 and 19045.5371) - https://support.microsoft.com/en-us/topic/january-14-2025-kb5049981-os-builds-19044-5371-and-19045-5371-12f3788f-6e7d-4524-8ab3-27d1666e0510  Microsoft’s January security update fails/reverts on a machine with 2411 Session Recording Agent - https://support.citrix.com/s/article/CTX692505-microsofts-january-security-update-failsreverts-on-a-machine-with-2411-session-recording-agent?language=en_US  Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities - https://blog.talosintelligence.com/january-patch-tuesday-release/  Fortinet Releases Security Updates for Multiple Products - https://www.cisa.gov/news-events/alerts/2025/01/14/fortinet-releases-security-updates-multiple-products  CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild - https://www.tenable.com/blog/cve-2024-55591-fortinet-authentication-bypass-zero-day-vulnerability-exploited-in-the-wild  Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls - https://arcticwolf.com/resources/blog/console-chaos-targets-fortinet-fortigate-firewalls/  Security Advisory Ivanti Avalanche 6.4.7 (Multiple CVEs) - https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-7-Multiple-CVEs?language=en_US  Security Advisory - Ivanti Application Control Engine (CVE-2024-10630) - https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Application-Control-Engine-CVE-2024-10630?language=en_US  Security Advisory EPM January 2025 for EPM 2024 and EPM 2022 SU6 - https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US  Adobe Security Bulletins and Advisories, Jan 14, 2025 - https://helpx.adobe.com/security/security-bulletin.html  Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers - https://www.justice.gov/opa/pr/justice-department-and-fbi-conduct-international-operation-delete-malware-used-china-backed  Google OAuth Vulnerability Exposes Millions via Failed Startup Domains - https://thehackernews.com/2025/01/google-oauth-vulnerability-exposes.html  CISA Releases the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet - https://www.cisa.gov/news-events/alerts/2025/01/14/cisa-releases-jcdc-ai-cybersecurity-collaboration-playbook-and-fact-sheet  Joint Statement on Cryptocurrency Thefts by the Democratic People’s Republic of Korea and Public-Private Collaboration -  https://www.state.gov/office-of-the-spokesperson/releases/2025/01/joint-statement-on-cryptocurrency-thefts-by-the-democratic-peoples-republic-of-korea-and-public-private-collaboration Investigating A Web Shell Intrusion With Trend Micro™ Managed XDR - https://www.trendmicro.com/en_us/research/25/a/investigating-a-web-shell-intrusion-with-trend-micro--managed-xd.html   Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
703 - Campanha de extorsão abusa da criptografia da AWS contra buckets S3
14-01-2025
703 - Campanha de extorsão abusa da criptografia da AWS contra buckets S3
[Referências do Episódio] TLP Black - https://tlpblack.substack.com/p/n-1-tufoes-na-america-do-norte  Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C - https://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c  Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions - https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-44243-a-macos-system-integrity-protection-bypass-through-kernel-extensions/  CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks - https://thehackernews.com/2025/01/cisa-adds-new-beyondtrust-flaw-to-kev.html  Critical Vulnerabilities in SimpleHelp Remote Support Software - https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/  Hackers exploit critical Aviatrix Controller RCE flaw in attacks - https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-aviatrix-controller-rce-flaw-in-attacks/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
702 - Novo ransomware usa código gerado por IA
13-01-2025
702 - Novo ransomware usa código gerado por IA
[Referências do Episódio] FunkSec – Alleged Top Ransomware Group Powered by AI - https://research.checkpoint.com/2025/funksec-alleged-top-ransomware-group-powered-by-ai/  Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices - https://thehackernews.com/2025/01/google-project-zero-researcher-uncovers.html  Transaction Simulation Spoofing: A New Threat in Web3 - https://drops.scamsniffer.io/transaction-simulation-spoofing-a-new-threat-in-web3/  Double-Tap Campaign : Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations - https://blog.sekoia.io/double-tap-campaign-russia-nexus-apt-possibly-related-to-apt28-conducts-cyber-espionage-on-central-asia-and-kazakhstan-diplomatic-relations/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
701 - APT RedDelta inclui alvos no Brasil
10-01-2025
701 - APT RedDelta inclui alvos no Brasil
[Referências do Episódio] Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain - https://www.recordedfuture.com/research/reddelta-chinese-state-sponsored-group-targets-mongolia-taiwan-southeast-asia  Banshee: The Stealer That “Stole Code” From MacOS XProtect - https://research.checkpoint.com/2025/banshee-macos-stealer-that-stole-code-from-macos-xprotect/  The Hunt for RedCurl - https://www.huntress.com/blog/the-hunt-for-redcurl-2  Ecovacs robot vacuums get hacked - https://www.kaspersky.com/blog/ecovacs-robot-vacuums-hacked-in-real-life/52837/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
700 - CHEGAMOS AOS 700 EPISÓDIOS!!!!
09-01-2025
700 - CHEGAMOS AOS 700 EPISÓDIOS!!!!
[Referências do Episódio] Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-0282, CVE-2025-0283) - https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283?language=en_US  Security Update: Ivanti Connect Secure, Policy Secure and Neurons for ZTA Gateways - https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways  SonicWall warns of an exploitable SonicOS vulnerability - https://securityaffairs.com/172823/security/sonicwall-sonicos-authentication-bypass-flaw.html  Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit - https://www.trendmicro.com/en_us/research/25/a/information-stealer-masquerades-as-ldapnightmare-poc-exploit.html  Backdooring Your Backdoors - Another $20 Domain, More Governments - https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/  PAN-SA-2025-0001 Expedition: Multiple Vulnerabilities in Expedition Migration Tool Lead to Exposure of Firewall Credentials - https://security.paloaltonetworks.com/PAN-SA-2025-0001  2025-01 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 24.1R2 release - https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release?language=en_US  2025-01 Security Bulletin: Junos OS and Junos OS Evolved: Multiple vulnerabilities resolved in OpenSSH - https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSH?language=en_US  2025-01 Security Bulletin: Junos OS and Junos OS Evolved: When BGP traceoptions are configured, receipt of malformed BGP packets causes RPD to crash (CVE-2025-21598) - https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-traceoptions-are-configured-receipt-of-malformed-BGP-packets-causes-RPD-to-crash-CVE-2025-21598?language=en_US  2025-01 Security Bulletin: Junos OS Evolved: Receipt of specifically malformed IPv6 packets causes kernel memory exhaustion leading to Denial of Service (CVE-2025-21599) - https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-Evolved-Receipt-of-specifically-malformed-IPv6-packets-causes-kernel-memory-exhaustion-leading-to-Denial-of-Service-CVE-2025-21599?language=en_US  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
699 - Android solta primeiro pacote de patches de 2025
08-01-2025
699 - Android solta primeiro pacote de patches de 2025
[Referências do Episódio] Android Security Bulletin January 2025 - https://source.android.com/docs/security/bulletin/2025-01-01 MediaTek reveals host of security vulnerabilities, so patch now - https://www.techradar.com/pro/security/mediatek-reveals-host-of-security-vulnerabilities-so-patch-now Genetic Engineering Meets Reverse Engineering: DNA Sequencer's Vulnerable BIOS - https://eclypsium.com/blog/genetic-engineering-meets-reverse-engineering-dna-sequencers-vulnerable-bios/ Tracking Deployment of Russian Surveillance Technologies in Central Asia and Latin America - https://go.recordedfuture.com/hubfs/reports/ta-ru-2025-0107.pdf CISA Adds Three Known Exploited Vulnerabilities to Catalog - https://www.cisa.gov/news-events/alerts/2025/01/07/cisa-adds-three-known-exploited-vulnerabilities-catalog Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia