Daniel Bastos 🇧🇷

@danielbastos

Founder of @Viper_IT | Cybersecurity , AI, Innovation & Business Strategy. Sharing insights for resilient and future-ready companies.

Brasil

Joined June 2008

424 Following

1.6K Followers

30.3K Posts

danielbastos retweeted

Cyber Security News

@The_Cyber_News

12 days ago

🚨 New 7-Zip Flaws Let Attackers Execute Arbitrary Code and Compromise Systems Source: https://t.co/WqnpW3mfn2 A critical heap buffer overflow vulnerability has been disclosed in 7-Zip version 26.00, enabling attackers to achieve arbitrary code execution via a vtable hijack by exploiting a defect in the tool's NTFS archive handler. Tracked as CVE-2026-48095 and assigned advisory GHSL-2026-140, the flaw resides in the CInStream::GetCuSize() function inside NtfsHandler.cpp. The function computes the NTFS compression-unit buffer size using a 32-bit shift operation: (UInt32)1 << (BlockSizeLog + CompressionUnit). Users are strongly advised to update 7-Zip to a patched version v26.01 immediately and avoid opening untrusted archive files or disk images of any extension until a fix is applied. #cybersecuritynews

The_Cyber_News's tweet photo. 🚨 New 7-Zip Flaws Let Attackers Execute Arbitrary Code and Compromise Systems

Source: https://t.co/WqnpW3mfn2

A critical heap buffer overflow vulnerability has been disclosed in 7-Zip version 26.00, enabling attackers to achieve arbitrary code execution via a vtable hijack by exploiting a defect in the tool's NTFS archive handler.

Tracked as CVE-2026-48095 and assigned advisory GHSL-2026-140, the flaw resides in the CInStream::GetCuSize() function inside NtfsHandler.cpp. The function computes the NTFS compression-unit buffer size using a 32-bit shift operation: (UInt32)1 << (BlockSizeLog + CompressionUnit).

Users are strongly advised to update 7-Zip to a patched version v26.01 immediately and avoid opening untrusted archive files or disk images of any extension until a fix is applied.

#cybersecuritynews

436

144

161

31K

danielbastos retweeted

Merill Fernando

@merill

13 days ago

Did you know you can stop drive by phishing attacks like this? I made this video showing how you can conditional access policies like Require Compliant Device to stop attackers from using this method. https://t.co/DtzomO75Y4

danielbastos retweeted

Ridgeline Cyber

@RidgelineCyber

13 days ago

Conditional Access policies won’t stop token theft—and standard MFA won't fix it either. When teams roll out Microsoft Authenticator push codes or SMS, some assume the cloud perimeter is safe. But sophisticated actors have moved completely past brute-forcing passwords. They use Adversary-in-the-Middle (AiTM) phishing frameworks like Evilginx. The attack flow is clean: The proxy site mirrors your Entra ID login page. The user enters credentials and solves the genuine MFA challenge. Once Entra ID validates the session, it issues an ESTSAUTH session cookie. The malicious proxy server snatches that cookie before passing it back to the victim’s browser. The Result: The attacker drops that stolen cookie into their own machine. Because the session has already passed the MFA verification loop, they gain instant access to the mailbox or cloud apps. They bypass standard Conditional Access rules seamlessly. , when an identical session jumps between network or device contexts Advanced features like Continuous Access Evaluation (CAE), Token Protection session controls, or strict device compliance rules can mitigate this. But they are rarely part of an organization’s "default" browser-based setups. Because a stolen token completely bypasses the sign-in loop, you cannot hunt for it by looking for failed logins. You have to hunt for Session Anomalies—specifically when an identical session jumps network or device context mid-lifecycle. From Sentinel or Entra ID Advanced Hunting, you can run the below KQL query to identify active token replays across interactive and non-interactive sign-ins:

RidgelineCyber's tweet photo. Conditional Access policies won’t stop token theft—and standard MFA won't fix it either.

When teams roll out Microsoft Authenticator push codes or SMS, some assume the cloud perimeter is safe. But sophisticated actors have moved completely past brute-forcing passwords. They use Adversary-in-the-Middle (AiTM) phishing frameworks like Evilginx.

The attack flow is clean: The proxy site mirrors your Entra ID login page. The user enters credentials and solves the genuine MFA challenge.

Once Entra ID validates the session, it issues an ESTSAUTH session cookie. The malicious proxy server snatches that cookie before passing it back to the victim’s browser.

The Result: The attacker drops that stolen cookie into their own machine. Because the session has already passed the MFA verification loop, they gain instant access to the mailbox or cloud apps. They bypass standard Conditional Access rules seamlessly.
, when an identical session jumps between network or device contexts
Advanced features like Continuous Access Evaluation (CAE), Token Protection session controls, or strict device compliance rules can mitigate this. But they are rarely part of an organization’s "default" browser-based setups.

Because a stolen token completely bypasses the sign-in loop, you cannot hunt for it by looking for failed logins. You have to hunt for Session Anomalies—specifically when an identical session jumps network or device context mid-lifecycle.

From Sentinel or Entra ID Advanced Hunting, you can run the below KQL query to identify active token replays across interactive and non-interactive sign-ins:

447

648

61K

Daniel Bastos 🇧🇷

@danielbastos

27 days ago

@johnk3r Good job! I've posted and mentioned you on my LinkedIn post. Thank you for the post. https://t.co/HwcA0pppga

244

Who to follow

Mahesh Sheshadri

@MaheshSheshadri

Dad First 👨‍👧 Dog Lover 🐶 🐾 Co-Founder @ HumanAlpha. I write on Leadership, Strategy & Technology.

Philip Miller

@PhilipMillerBD

Product Marketing Director & AI Strategist @ProgressSW | Making AI Practical | #data #ai #practicalai #Content #tech | My thoughts are my own

Sandeep Sitoke

@sandeep_sitoke

🤵 Head of Digital Marketing @PushpMasale | 🎨 Crafting wild AI visuals with Nano Banana Pro • Midjourney • Kling | Prompt Engineer & Growth Hacker

danielbastos retweeted

Digitalearn @DIGITALEARN_1

about 1 month ago

From Phishing & Malware to DDoS, SQL Injection & Brute Force — knowing cyber attack types is the first step to staying secure. Awareness = Defense. #CyberSecurity #InfoSec #CyberAwareness #DigitalSafety

DIGITALEARN_1's tweet photo. From Phishing & Malware to DDoS, SQL Injection & Brute Force — knowing cyber attack types is the first step to staying secure. Awareness = Defense.
#CyberSecurity #InfoSec #CyberAwareness #DigitalSafety https://t.co/Mu8jsTj2ff

194

danielbastos retweeted

Nicolas Krassas

@Dinosn

about 1 month ago

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook https://t.co/oOBRrDokNq

Daniel Bastos 🇧🇷

@danielbastos

about 2 months ago

Sabe aquele alerta de RDP que muita gente ignora… ele mudou. Nas atualizações recentes do Windows, a Microsoft passou a exibir avisos mais claros para conexões remotas não verificadas, inclusive dentro da rede interna. Na prática, isso evidencia um ponto importante: Muitos ambientes ainda operam sem validação adequada de identidade no acesso remoto. Sem certificados confiáveis e sem controle estruturado, o risco aumenta, mesmo que tudo “pareça funcionar”. Esse movimento reforça uma tendência clara do mercado: mais identidade, menos confiança implícita na rede. Vale a reflexão: seu ambiente está preparado para esse modelo? Tecnologia sob controle. Sempre. #RDP #Microsoft #WindowsUpdate #CyberSecurity #Ciberseguranca

danielbastos's tweet photo. Sabe aquele alerta de RDP que muita gente ignora… ele mudou.

Nas atualizações recentes do Windows, a Microsoft passou a exibir avisos mais claros para conexões remotas não verificadas, inclusive dentro da rede interna.

Na prática, isso evidencia um ponto importante: Muitos ambientes ainda operam sem validação adequada de identidade no acesso remoto.

Sem certificados confiáveis e sem controle estruturado, o risco aumenta, mesmo que tudo “pareça funcionar”.

Esse movimento reforça uma tendência clara do mercado: mais identidade, menos confiança implícita na rede.

Vale a reflexão: seu ambiente está preparado para esse modelo?

Tecnologia sob controle. Sempre.

#RDP
#Microsoft
#WindowsUpdate
#CyberSecurity
#Ciberseguranca

Daniel Bastos 🇧🇷

@danielbastos

2 months ago

Sua equipe gasta mais tempo "apagando incêndios" ou construindo o futuro do produto? A investigação manual de incidentes é um dos maiores gargalos de produtividade em tecnologia. A correlação básica de dados consome horas preciosas de talentos caros. A nova fronteira da AWS traz agentes de IA que atuam como engenheiros DevOps dedicados à investigação automatizada. 📌 O diferencial real:Não é apenas um alerta dizendo "algo quebrou". É um diagnóstico dizendo "isso quebrou por causa da mudança X no serviço Y, e aqui está como resolver". Isso não substitui o engenheiro. Isso potencializa o engenheiro. O papel do DevOps evolui de um "detetive de logs" para um "tomador de decisões estratégicas". A era da observabilidade passiva acabou. O futuro é a investigação assistida. Como você vê o papel da IA no seu fluxo de deploy hoje? Comenta aqui embaixo! 👇 #Inovação #Cloud #AWSCloud #DevOpsLife #IA #TechStrategy #Efficiency

danielbastos's tweet photo. Sua equipe gasta mais tempo "apagando incêndios" ou construindo o futuro do produto?

A investigação manual de incidentes é um dos maiores gargalos de produtividade em tecnologia. A correlação básica de dados consome horas preciosas de talentos caros.

A nova fronteira da AWS traz agentes de IA que atuam como engenheiros DevOps dedicados à investigação automatizada.

📌 O diferencial real:Não é apenas um alerta dizendo "algo quebrou". É um diagnóstico dizendo "isso quebrou por causa da mudança X no serviço Y, e aqui está como resolver".
Isso não substitui o engenheiro. Isso potencializa o engenheiro. O papel do DevOps evolui de um "detetive de logs" para um "tomador de decisões estratégicas".

A era da observabilidade passiva acabou. O futuro é a investigação assistida.

Como você vê o papel da IA no seu fluxo de deploy hoje? Comenta aqui embaixo! 👇

#Inovação #Cloud #AWSCloud #DevOpsLife #IA #TechStrategy #Efficiency

154

danielbastos retweeted

Ayaan 🐧

@twtayaan

2 months ago

DevOps engineers after AWS DevOps Agent announcement

124

738

Daniel Bastos 🇧🇷

@danielbastos

2 months ago

@brunoclz Parabéns pelo trabalho, mas não esqueça da Rosie, Serenata do Amor, que perseguiram até sair do ar.

309

danielbastos retweeted

Steven Lim

@0x534c

2 months ago

🔥🤖 M365 Connector for Claude – Why SecOps Must Care Monitoring the M365 Connector for Claude is critical because when ResultType=0, it means an Entra Global Admin has granted permissions, enabling Claude to directly access SharePoint, OneDrive, Outlook, and Teams—a governance decision with major security implications that SecOps must track closely. Meanwhile, ResultType=90095 shows end users attempting to use the connector without the admin grant, signaling demand, shadow IT risk, and adoption pressure. By watching both signals, defenders gain visibility into where governance decisions meet user behavior, ensuring connector risks are managed before they escalate. KQL Code: https://t.co/NGuwSLgvKF #Cybersecurity #M365ConnectorClaude #Entra #Governance

0x534c's tweet photo. 🔥🤖 M365 Connector for Claude – Why SecOps Must Care

Monitoring the M365 Connector for Claude is critical because when ResultType=0, it means an Entra Global Admin has granted permissions, enabling Claude to directly access SharePoint, OneDrive, Outlook, and Teams—a governance decision with major security implications that SecOps must track closely. Meanwhile, ResultType=90095 shows end users attempting to use the connector without the admin grant, signaling demand, shadow IT risk, and adoption pressure. By watching both signals, defenders gain visibility into where governance decisions meet user behavior, ensuring connector risks are managed before they escalate.

KQL Code:
https://t.co/NGuwSLgvKF

#Cybersecurity #M365ConnectorClaude #Entra #Governance

685

136

854

65K

Daniel Bastos 🇧🇷

@danielbastos

2 months ago

Option 3 (stronger, LinkedIn style) The era of lonely drives is over. OpenAI has integrated ChatGPT into Apple Car. Cars are evolving from simple transportation into intelligent companions. #chatgpt #openai

Daniel Bastos 🇧🇷

@danielbastos

2 months ago

@joaosenzi 😂😂😂😂😂😂

danielbastos retweeted

Simo

@SimoKohonen

2 months ago

Citrix, F5, now Fortinet - all in one week.. what next?

123

34K

Daniel Bastos 🇧🇷

@danielbastos

2 months ago

@namcios Ontem vi que o GitHub Copilot liberou a funcionalidade de autopilot, o qual evita ficar o tempo todo pedindo confirmação para tarefas.

154

Daniel Bastos 🇧🇷

@danielbastos

3 months ago

Hoje é o Dia do π (3.14). Um número aparentemente simples, mas que sustenta engenharia, física, computação e praticamente toda a tecnologia moderna. Antes de existir cloud, inteligência artificial ou algoritmos complexos, π já estava lá, descrevendo como o mundo funciona. É curioso pensar que boa parte da tecnologia que usamos hoje nasce de ideias matemáticas descobertas há milhares de anos. Tecnologia muda rápido. Princípios fundamentais não. Feliz Dia do π. #PiDay #Matemática #Tecnologia #Engenharia #Ciência #Inovação

Daniel Bastos 🇧🇷

@danielbastos

3 months ago

**Dispositivos FortiGate Explorados para Invadir Redes** Ataques cibernéticos exploram falhas em dispositivos FortiGate para invadir redes corporativas, conforme alerta do The Hacker News. Hackers usam bypass de autenticação no FortiCloud SSO (CVEs 2025-59718/59719) para criar contas administrativas e roubar configurações. ## Detalhes da Exploração Atacantes enviam mensagens SAML manipuladas para contornar autenticação, mesmo em dispositivos atualizados, adicionando contas persistentes e ativando VPNs. Configurações roubadas revelam credenciais, topologias de rede e políticas de segurança, pavimentando caminho para ransomware ou espionagem. ## Escala do Incidente Desde janeiro de 2026, varreduras automatizadas atingiram centenas de FortiGate em 55 países, focando portas de gerenciamento expostas (443/8443). Setores críticos e governos foram principais alvos, conforme relatórios da Fortinet e Arctic Wolf. ## Recomendações Urgentes Desative o FortiCloud SSO, limite acesso às interfaces de admin a redes internas e aplique MFA rigorosa. Monitore logs por contas suspeitas e atualize firmwares para mitigar persistência. #Fortinet #viperit #cyberseguranca

Daniel Bastos 🇧🇷

@danielbastos

3 months ago

FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials https://t.co/wVL012fMl9 via @TheHackersNews

danielbastos retweeted

Cyber Security News

@The_Cyber_News

3 months ago

🛡️ Windows 11 23H2 to 25H2 Upgrade Allegedly Breaking Internet Connectivity Source: https://t.co/YotLv45V40 A persistent bug in Windows 11 in-place upgrades is reportedly wiping critical 802.1X wired authentication configurations, leaving enterprise workstations completely offline until manual intervention is performed. During an in-place Windows 11 upgrade, the contents of the C:\Windows\dot3svc\Policies folder that stores 802.1X wired network (LAN) authentication profiles applied via Group Policy are silently deleted. #windows11 #cybersecuritynews

$The_Cyber_News's tweet photo. 🛡️ Windows 11 23H2 to 25H2 Upgrade Allegedly Breaking Internet Connectivity Source: https://t.co/YotLv45V40 A persistent bug in Windows 11 in-place upgrades is reportedly wiping critical 802.1X wired authentication configurations, leaving enterprise workstations completely offline until manual intervention is performed. During an in-place Windows 11 upgrade, the contents of the C:\Windows\dot3svc\Policies folder that stores 802.1X wired network (LAN) authentication profiles applied via Group Policy are silently deleted. #windows11 #cybersecuritynews$

257

101

19K

danielbastos retweeted

Cyber Security News

@The_Cyber_News

3 months ago

🚨 Hackers Allegedly Selling Exploit for Windows Remote Desktop Services 0-Day Flaw Source: https://t.co/AGeE7ozFpf A threat actor identified is allegedly selling a zero-day exploit for a Windows Remote Desktop Services privilege escalation vulnerability, tracked as CVE-2026-21533, for a staggering $220,000 on a dark web forum. This highly priced exploit targets improper privilege management to grant attackers local administrative control. While CVE-2026-21533 was initially published by Microsoft in February 2026, the availability of a functional, weaponized exploit presents a severe risk to enterprise environments. #cybersecuritynews

The_Cyber_News's tweet photo. 🚨 Hackers Allegedly Selling Exploit for Windows Remote Desktop Services 0-Day Flaw

Source: https://t.co/AGeE7ozFpf

A threat actor identified is allegedly selling a zero-day exploit for a Windows Remote Desktop Services privilege escalation vulnerability, tracked as CVE-2026-21533, for a staggering $220,000 on a dark web forum.

This highly priced exploit targets improper privilege management to grant attackers local administrative control. While CVE-2026-21533 was initially published by Microsoft in February 2026, the availability of a functional, weaponized exploit presents a severe risk to enterprise environments.

#cybersecuritynews

216

13K

Daniel Bastos 🇧🇷

@danielbastos

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users