{"id":22775,"date":"2025-07-25T00:05:00","date_gmt":"2025-07-25T03:05:00","guid":{"rendered":"https:\/\/www.ethicalhacker.com.br\/site\/?p=22775"},"modified":"2025-07-19T21:24:25","modified_gmt":"2025-07-20T00:24:25","slug":"falha-critica-no-telemessage-sgnl","status":"publish","type":"post","link":"https:\/\/www.ethicalhacker.com.br\/site\/2025\/07\/exploits\/falha-critica-no-telemessage-sgnl\/","title":{"rendered":"Falha cr\u00edtica no TeleMessage SIGN"},"content":{"rendered":"\n<p data-start=\"44\" data-end=\"123\"><strong data-start=\"44\" data-end=\"123\">Falha cr\u00edtica no TeleMessage SGNL (Clone do Signal) expondo dados sens\u00edveis<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"125\" data-end=\"201\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Pesquisadores identificaram a vulnerabilidade <strong data-start=\"46\" data-end=\"64\">CVE\u20112025\u201148927<\/strong> no aplicativo TeleMessage SGNL \u2014 um clone do Signal voltado \u00e0 conformidade, adquirido pela Smarsh. O problema permite que qualquer atacante recupere nomes de usu\u00e1rio, senhas e outros dados cr\u00edticos via endpoint <code data-start=\"276\" data-end=\"287\">\/heapdump<\/code> do Spring Boot Actuator, que estava exposto sem autentica\u00e7\u00e3o adequada em determinadas instala\u00e7\u00f5es<\/span>.<\/p>\n<p data-start=\"125\" data-end=\"201\">\u00a0<\/p>\n<p data-start=\"203\" data-end=\"252\"><strong data-start=\"203\" data-end=\"252\">M\u00faltiplas tentativas de explora\u00e7\u00e3o detectadas<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"254\" data-end=\"330\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">A GreyNoise detectou tentativas de explora\u00e7\u00e3o de diversas origens IPs: at\u00e9 <strong data-start=\"75\" data-end=\"90\">16 de julho<\/strong>, foram identificados pelo menos <strong data-start=\"123\" data-end=\"133\">11 IPs<\/strong> explorando ativamente a falha, com scans direcionados a endpoints <code data-start=\"200\" data-end=\"209\">\/health<\/code> e a busca por <code data-start=\"224\" data-end=\"235\">\/heapdump<\/code>. No total, mais de <strong data-start=\"255\" data-end=\"268\">2\u202f000 IPs<\/strong> procuraram pelo endpoint vulner\u00e1vel nas \u00faltimas semanas<\/span>.<\/p>\n<p data-start=\"254\" data-end=\"330\">\u00a0<\/p>\n<p data-start=\"332\" data-end=\"373\"><strong data-start=\"332\" data-end=\"373\">Natureza e impacto da vulnerabilidade<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"375\" data-end=\"451\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">A falha permite baixar um dump completo da mem\u00f3ria heap do Java \u2014 com potencial de at\u00e9 150\u202fMB \u2014 que pode conter credenciais, tokens e conte\u00fado de mensagens em texto claro. Essas exposi\u00e7\u00f5es ocorrem mesmo em aplica\u00e7\u00f5es que alegam criptografia ponta a ponta, inclusive quando utilizadas por \u00f3rg\u00e3os governamentais, como a Alf\u00e2ndega e Prote\u00e7\u00e3o de Fronteiras dos EUA<\/span>.<\/p>\n<p data-start=\"375\" data-end=\"451\">\u00a0<\/p>\n<p data-start=\"453\" data-end=\"486\"><strong data-start=\"453\" data-end=\"486\">Medidas imediatas e mitiga\u00e7\u00e3o<\/strong><\/p>\n<ul data-start=\"488\" data-end=\"974\">\n<li data-start=\"488\" data-end=\"568\">\n<p data-start=\"491\" data-end=\"568\">Atualize o Spring Boot para uma vers\u00e3o que restrinja endpoints do Actuator.<\/p>\n<\/li>\n<li data-start=\"569\" data-end=\"654\">\n<p data-start=\"572\" data-end=\"654\">Desabilite ou limite o acesso a <code data-start=\"604\" data-end=\"615\">\/heapdump<\/code> via firewall ou configura\u00e7\u00f5es de IP.<\/p>\n<\/li>\n<li data-start=\"655\" data-end=\"773\">\n<p data-start=\"658\" data-end=\"773\">Fa\u00e7a revis\u00e3o completa dos endpoints do Actuator (<code data-start=\"707\" data-end=\"716\">\/health<\/code>, <code data-start=\"718\" data-end=\"728\">\/metrics<\/code>, etc.) para garantir que est\u00e3o protegidos.<\/p>\n<\/li>\n<li data-start=\"774\" data-end=\"864\">\n<p data-start=\"777\" data-end=\"864\">Realize varreduras de logs e auditorias em busca de acessos suspeitos ao <code data-start=\"850\" data-end=\"861\">\/heapdump<\/code>.<\/p>\n<\/li>\n<li data-start=\"865\" data-end=\"974\">\n<p data-start=\"868\" data-end=\"974\">Avalie reinstala\u00e7\u00e3o ou aplica\u00e7\u00e3o de corretivos recomendados pela Smarsh conforme orienta\u00e7\u00e3o de compliance.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p data-start=\"976\" data-end=\"1021\"><strong data-start=\"976\" data-end=\"1021\">Consequ\u00eancias para ambientes corporativos<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"1023\" data-end=\"1391\">A falha reflete o risco de usar clones de mensageiros sem valida\u00e7\u00e3o t\u00e9cnica rigorosa. A exposi\u00e7\u00e3o de dados sens\u00edveis por meio de interfaces administrativas negligenciadas compromete a prote\u00e7\u00e3o de informa\u00e7\u00f5es internas. Al\u00e9m disso, o fato de o endpoint estarem dispon\u00edveis sem autentica\u00e7\u00e3o aponta para falhas organizacionais na configura\u00e7\u00e3o de ambientes de conformidade.<\/p>\n<p data-start=\"1023\" data-end=\"1391\">\u00a0<\/p>\n<p data-start=\"1393\" data-end=\"1428\"><strong data-start=\"1393\" data-end=\"1428\">A\u00e7\u00f5es estrat\u00e9gicas recomendadas<\/strong><\/p>\n<p data-start=\"1430\" data-end=\"1468\">Al\u00e9m da corre\u00e7\u00e3o t\u00e9cnica, \u00e9 essencial:<\/p>\n<ul data-start=\"1470\" data-end=\"1813\">\n<li data-start=\"1470\" data-end=\"1576\">\n<p data-start=\"1472\" data-end=\"1576\">Estabelecer pol\u00edticas internas que limitem o uso de clones de aplicativos seguros apenas se auditados.<\/p>\n<\/li>\n<li data-start=\"1577\" data-end=\"1711\">\n<p data-start=\"1579\" data-end=\"1711\">Integrar scanners de configura\u00e7\u00e3o automatizados nos pipelines CI\/CD, garantindo que endpoints administrativos n\u00e3o fiquem p\u00fablicos.<\/p>\n<\/li>\n<li data-start=\"1712\" data-end=\"1813\">\n<p data-start=\"1714\" data-end=\"1813\">Treinar equipes de DevOps e seguran\u00e7a para gerar awareness sobre riscos de endpoints desprotegidos.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p data-start=\"1815\" data-end=\"1828\"><strong data-start=\"1815\" data-end=\"1828\">Conclus\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"1830\" data-end=\"2391\">A falha CVE\u20112025\u201148927 no TeleMessage SGNL evidencia como c\u00f3pias de aplicativos confi\u00e1veis podem introduzir riscos significativos quando suas interfaces administrativas n\u00e3o s\u00e3o adequadamente configuradas. A exposi\u00e7\u00e3o do endpoint <code data-start=\"2059\" data-end=\"2070\">\/heapdump<\/code> permite vazamentos de credenciais e conte\u00fados em texto claro, impactando desde usu\u00e1rios comuns at\u00e9 \u00f3rg\u00e3os governamentais. A resposta efetiva combina <strong data-start=\"2220\" data-end=\"2336\">patch imediato, revis\u00e3o de configura\u00e7\u00f5es, auditoria cont\u00ednua e restri\u00e7\u00e3o de uso de clones sem supervis\u00e3o t\u00e9cnica<\/strong> \u2014 garantindo prote\u00e7\u00e3o integral em ambientes sens\u00edveis.<\/p>\n<p data-start=\"1830\" data-end=\"2391\">\u00a0<\/p>\n<p data-start=\"2398\" data-end=\"2413\"><strong>Refer\u00eancias Bibliograficas<\/strong><\/p>\n<ul data-start=\"2415\" data-end=\"2759\">\n<li data-start=\"2415\" data-end=\"2616\">\n<p data-start=\"2418\" data-end=\"2616\">CaveiraTech. (18 jul.\u202f2025). <em data-start=\"2447\" data-end=\"2473\">Falha em Clone do Signal<\/em>. Dispon\u00edvel em: <a class=\"\" href=\"https:\/\/caveiratech.com\/post\/falha-em-clone-do-signal-1442405\" target=\"_blank\" rel=\"noopener\" data-start=\"2490\" data-end=\"2616\">https:\/\/caveiratech.com\/post\/falha-em-clone-do-signal-1442405<\/a><\/p>\n<\/li>\n<li data-start=\"2618\" data-end=\"2759\" data-is-last-node=\"\">\n<p data-start=\"2621\" data-end=\"2759\" data-is-last-node=\"\">GrayNoise Intelligence. (2025). <em data-start=\"2653\" data-end=\"2697\">CVE\u20112025\u201148927 monitoring and exploitation<\/em>. Relat\u00f3rio interno. Dispon\u00edvel em: <a href=\"https:\/\/www.greynoise.io\/blog\/greynoise-detects-active-exploitation-cves-black-bastas-leaked-chat-logs\" target=\"_blank\" rel=\"noopener\">https:\/\/www.greynoise.io\/blog\/greynoise-detects-active-exploitation-cves-black-bastas-leaked-chat-logs<\/a><\/p>\n<\/li>\n<\/ul>\n\n\n","protected":false},"excerpt":{"rendered":"<p>Falha cr\u00edtica no TeleMessage SGNL (Clone do Signal) expondo dados sens\u00edveis Pesquisadores identificaram a vulnerabilidade CVE\u20112025\u201148927 no aplicativo TeleMessage SGNL \u2014 um clone do Signal voltado \u00e0 conformidade, adquirido pela Smarsh. O problema permite que qualquer atacante recupere nomes de usu\u00e1rio, senhas e outros dados cr\u00edticos via endpoint \/heapdump do Spring Boot Actuator, que estava [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":22779,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89,100,21,105],"tags":[],"class_list":["post-22775","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-basico","category-diversos","category-exploits","category-noticias"],"_links":{"self":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/22775","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/comments?post=22775"}],"version-history":[{"count":3,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/22775\/revisions"}],"predecessor-version":[{"id":22780,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/22775\/revisions\/22780"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media\/22779"}],"wp:attachment":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media?parent=22775"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/categories?post=22775"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/tags?post=22775"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}