Intelligence, Malware, Reverse Engineering, Tempest Research, THREAT INTELLIGENCE 21/May/2025 Coyote: a stealthy banking trojan targeting dozens of Brazilian financial institutions The new variants analyzed by Tempest feature a new method of dissemination via WhatsApp Web, in a rather unusual approach among banking Trojans targeting Latin America.
Application Security, Web Application Security 16/April/2025 Overview of vulnerabilities in the implementation of the OAuth protocol Although widely used by web applications, if implemented improperly, OAuth can lead to token hijacking, redirection to malicious applications and other possibilities. In this blogpost, we'll discuss some of the vulnerabilities inherent in improper implementation of the protocol and how to mitigate them.
Application Security, Cloud, Cloud & Platform Security 20/March/2025 Event injection in serverless architectures This report is a study of serverless architecture and how this type of environment opens up a new range of injection attacks. This study provides an overview of the architecture, the range of its attack surface, how injection attacks occur and the possible impacts that this kind of vulnerability can bring.
THREAT INTELLIGENCE 14/February/2025 Rise in the use of remote monitoring and management software in malicious campaigns Tempest researchers identify an increase in the use of RMM tools in campaigns targeting Brazil
Web Application Security 10/February/2025 Understanding the Edge Side Include Injection vulnerability The vulnerability occurs through the injection of ESI fragments
THREAT INTELLIGENCE 10/February/2025 Gh0st RAT: malware active for 15 years is still used by threat operators Find out how an open source RAT developed in 2008 is still relevant and has become the basis for different variants present in the most diverse campaigns.
Vulnerability Disclosure 15/July/2024 Cross-Site Scripting (XSS) vulnerabilities and direct unauthenticated access found in the LumisXP Framework This publication focuses on the discovery of flaws that allow the execution of arbitrary scripts (HTML/JavaScript) and unauthorized access in applications using LumisXP, without the need for authentication
Web Application Security 17/June/2024 XSSi: An overview of the vulnerability in 2024 Largely overlooked by both developers and cybersecurity researchers, the vulnerability still represents a source of threat to individuals and businesses
THREAT INTELLIGENCE 10/April/2024 Understanding Ransomware-as-a-Service operations from an affiliate’s perspective Affiliates are individuals or subgroups responsible for conducting intrusions into corporate networks, using as part of their arsenal resources provided by one or more ransomware operations to which they may be linked
Vulnerability Disclosure 28/February/2024 CVEs: Access control vulnerabilities found within Multilaser routers’ web management interface This publication deals with the discovery of security flaws that may enable unauthorized access and control of Multilaser router configurations
Network Security 15/February/2024 What is DoS? How to defend yourself? Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks represent a constant threat to global enterprises, with alarming numbers of incidents. In addition to the direct losses caused by the interruption of services, companies face a new form of attack: Ransom DDoS (RDDoS), where attackers demand payment to cease attacks
Exploit Development 31/January/2024 AFL++ and an introduction to Feedback-Based Fuzzing Many bugs found from fuzzing tests can be signs of serious vulnerabilities
Cloud & Platform Security 17/January/2024 Privilege escalation with IAM on AWS Privilege escalation in AWS consists of having sufficient permissions for administrative access to an organization
Cyber-Physical Systems 28/December/2023 What is cryptojacking? Understand the main points of the cryptojacking phenomenon, its origins, how it works and the consequences for individuals and organizations
Cloud 15/December/2023 The Art of Cloud Security: Proactive Detection of Configuration Errors Implementing a mechanism that detects configuration faults and makes them visible to be handled by the administrators is an excellent alternative for reducing the attack surface on Cloud resources
AI, ML & Data Science 21/November/2023 Detecting bugs in source code with AI Explore one of the techniques for detecting vulnerabilities through Functionally-similar yet Inconsistent Code (FICS), using static analysis to identify inconsistencies in code. Learn more about its customized representation and hierarchical clustering, revealing advantages, results, and potential improvements
Detection Engineering 25/October/2023 False positives in threat detection Understand the need to create exceptions, adjust detection logic and rules, implement processes to handle alerts and manage false positives when identifying cyber threats
Intelligence 06/October/2023 Anti-flapping and correlation techniques in Zabbix to mitigate false positives in an SOC Zabbix is a monitoring platform that offers flexibility in notifying issues in networks, servers, and services, aiming for SOC effectiveness. In this article, we address techniques to reduce false positives and alert flooding, including anti-flapping and logic correlation, strategies that enhance monitoring reliability
Cyber-Physical Systems 22/September/2023 Study of vulnerabilities in MIFARE Classic cards Understand how RFID technology allows remote communication through electronic tags. Discover the details of MIFARE Classic cards, their structure, encryption and potential vulnerabilities
AI, ML & Data Science 08/September/2023 Detecting Anomalies using Machine Learning on Splunk The identification of cyberattacks is crucial to safeguard networks and systems, but signature detection has its limitations. Therefore, the discovery of anomalies through machine learning is a promising approach
Hardware/Embedded 23/August/2023 Mapping vulnerabilities in amazon echo using alexa skills How a malicious developer can use skills development tools to attack users
Malware 14/August/2023 Browser extensions: Friend or Foe? How a supposedly harmless browser extension can harm you without you even knowing it
Web Application Security 14/August/2023 Pickles, Shorts and Jokers: A study on Java deserialization Explore insecure deserialization in Java applications. Learn about serialization, deserialization, Magic Methods, and how attackers use gadgets to cause damage. Learn about mitigation measures and the importance of restricting deserialization to protect your application against this security vulnerability
Cloud & Platform Security 12/July/2023 The importance of establishing new perimeters surrounding the cloud The addition of Single Points of Access (SOPs) for AWS aims to reduce vulnerability exploitation by using administrative users in AWS
THREAT INTELLIGENCE 20/June/2023 Stooge Accounts: the final link in cybercrime money laundering in Brazil Investigation reveals the obscure trade in orange accounts: learn about the values, tactics and risks involved in this criminal practice used by fraudsters to receive money from financial fraud
Network Security 15/June/2023 The importance of a good configuration of IPv6 rules in the firewall The importance of a good IPv6 firewall rule configuration is related to the need to protect an organization's network against potential vulnerabilities and attacks that may exploit the specific characteristics of the IPv6 protocol
Network Security 01/June/2023 Configuring SSH Certificate-Based Authentication Authentication via SSH certificates improves security and offers flexibility and scalability. While its implementation can be complex and not supported by all SSH clients, it is considered an improvement over key or password authentication
Vulnerability Disclosure 18/May/2023 CVE-2023-27233: SQL Command Execution Vulnerability in Piwigo 13.5.0 Survey reveals weakness in the open source software, allowing the execution of arbitrary SQL commands
Vulnerability Disclosure 17/May/2023 CVE-2023-26876: SQL injection vulnerability found in Piwigo image management software Security flaw may allow unauthorized access and retrieval of sensitive server data
AI, ML & Data Science 19/April/2023 Threats to Machine Learning-Based Systems – Part 2 of 5 In this post, we discuss how adversarial attacks affect the physical layer of the OSI model and may potentially shut down wireless communications, such as 5G, by focusing on a modulation classification application
Exploit Development 04/April/2023 Attacking JS engines: Fundamentals for understanding memory corruption crashes It will be possible to better understand the Javascript structures in memory while executing code in browsers or in any other program that makes use of the most famous JS interpreters, such as Firefox, Google Chrome, Internet Explorer and Safari
AI, ML & Data Science 15/March/2023 Threats to Machine Learning-based Systems – Part 1 of 5 Risks and Vulnerabilities Introduced by Machine Learning
Web Application Security 01/March/2023 Web cache poisoning – a practical approach The web cache poisoning vulnerability involves the possibility of using the cache services to deliver malicious pages to the clients of a website
THREAT INTELLIGENCE 15/February/2023 Use of Google Ads and SEO Poisoning for malware dissemination Tempest's Threat Intelligence team has identified in the last 3 months a significant increase in the adoption of Google Ads and SEO Poisoning techniques for the dissemination of several threats, most notably IcedID, Gootkit Loader and the Rhadamanthys, Vidar, Raccoon and RedLine stealers
Corporate Security 01/February/2023 Cloud Security to Reduce the Impact of Shadow-IT It is estimated that 97% of cloud applications are not being managed, making the visibility of these applications difficult for security teams
Community 18/January/2023 Fraud in E-commerces – Brazilian Perspective The success of e-commerces in Brazil is unquestionable and, of course, carries the same burden of fraud growth. In 2021, for example, there was a loss of more than BRL 7 billion related to fraud attempts, an increase of 100% compared to the previous year
HARDENING 05/January/2023 Methodology for Security Analysis in Operating Systems from the Compliance Management Perspective These vulnerable environment scenarios are part of the reality experienced by security teams, who work on the daily assessment of systems in order to protect assets from vulnerabilities that affect critical devices or systems in companies
THREAT INTELLIGENCE 20/December/2022 New Chaes campaign uses Windows Management Instrumentation Command-Line Utility Tempest's Threat Intelligence team recently identified a new campaign by the Chaes malware operators, in which there's a heavy use of Windows Management Instrumentation Command-Line Utility (WMIC) during the infection phase and in the theft of victim data
Software Security 09/December/2022 A Study on C Integers From January up until August 2022, MITRE has already registered 96 CVEs (common vulnerabilities and exposures) involving integers. Therefore, this is a subject that requires attention
Corporate Security 24/November/2022 The dangers of Shadow It – and CASB’s role in protecting the environment There was a time when people considered that data would always be safe behind applications, which were considered to be heavily protected
Detection Engineering 09/November/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 5 of 5 Intrusion Detection using Generative Adversarial Networks
Detection Engineering 26/October/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 4 of 5 Intrusion Detection using Autoencoders
Detection Engineering 13/October/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 3 of 5 One-Class Novelty Detection Intrusion Detection Systems
Vulnerability Disclosure 30/September/2022 CVE-2022-2863: WordPress plugin WPvivid Backup in version 0.9.76 and lower, allows reading of arbitrary files from server Developers of the plugin have patched and released an update correcting the glitch in a later version
Cloud & Platform Security 14/September/2022 Attacks via Misconfiguration on Kubernetes Orchestrators Kubernetes makes it easy to create, delete, and manage these containers. With just one command, you can replicate the action on all the required containers
Web Application Security 01/September/2022 Cross-site Scripting (XSS), variants and correction Constantly mentioned in the OWASP Top Ten, the XSS makes it possible to hijack sessions, modify the application, redirect to malicious websites and more. Here we will cover the concepts and how to prevent it from happening in our applications
Detection Engineering 18/August/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 2 of 5 Clustering-Based Unsupervised Intrusion Detection Systems
Software Security 05/August/2022 Compromise Indicators in incident detection and false positive reduction in practice Given the complexity and advance of threats to computing environments, such as the spread of ransomware attacks that have been growing in recent years (KENNEALLY, 2021), analyzing threats thoroughly and intelligently is crucial
Detection Engineering 20/July/2022 MISP Broker Tempest's team of researchers develop and share a tool to assist in activities carried out by defensive security analysts
THREAT INTELLIGENCE 11/July/2022 Stealers, access sales and ransomware: supply chain and business models in cybercrime Although incidents arising from such activities happen mostly in the computational universe, their impacts are not restricted to the digital world, and can affect people, institutions, cities, or even countries
Detection Engineering 23/June/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 1 of 5 Signature vs. Anomaly-Based Intrusion Detection Systems
Cloud & Platform Security 08/June/2022 Unwanted Permissions that may impact security when using the ReadOnlyAccess policy in AWS With this initial analysis, Tempest researchers identified at least 41 actions that can lead to improper data access
Vulnerability Disclosure 25/May/2022 CVE-2021-46426: phpIPAM 1.4.4 allows reflected XSS and CSRF via subnets functionality Its version 1.4.4 is vulnerable to Reflected Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks
Vulnerability Disclosure 25/May/2022 CVE-2021-30140: XSS Vulnerability Detection in Liquid Files LiquidFiles 3.4.15 has stored XSS via "send email" functionality when emailing a file to an administrator.
THREAT INTELLIGENCE 02/May/2022 Mekotio banking trojan identified in a new campaign against Brazilian account holders The Trojan, which supposedly originated in Brazil, has divided its infection process into multiple stages in order to make the work of malware analysts more difficult
Cybersec Customer Success 26/April/2022 Information Security: Policies for Clean Desks and Screens Information security (IS) is directly related to protecting a set of information, in the sense of preserving the value it holds for an individual or an organization
Mobile 22/April/2022 Facial Biometrics: Major Attacks and Mitigations As with every major new development in the security market, this explosion of systems based on facial biometrics has been followed by new and increasingly sophisticated forms of fraud
Web Application Security 25/March/2022 HTTP Method Override – what it is and how a pentester can use it How this technique can help potential attackers bypass security measures based on HTTP methods
Corporate Security 09/February/2022 Data Leak Prevention Intelligence In this article, the focal point is to present a more conceptual view of the subject for those who have already taken the first plunge into the information security field
Cloud & Platform Security 25/January/2022 Unauth root account email discovery with AWS organizations From the information previously discovered, it's possible to get equipped with information to carry out the next phases and moves of the attack
Corporate Security 12/January/2022 Evaluate, Direct and Monitor – governance goals according to the ISACA COBIT 2019 framework in the context of Managed Detection and Response (MDR) This article aims to comprehensively address the responsibilities and competences of an IT governance system in the organization
Cybersec Customer Success 21/December/2021 A philosophy for quality customer service in the information security market This article addresses this scenario and shares some proposals for achieving this goal
Software Engineering 17/December/2021 A Web Accessibility: how to modify our projects today In this blogpost, we'll address directions and techniques that can be incorporated into our web projects
Vulnerability Management 17/November/2021 How intelligence data can help manage vulnerabilities With the large number of vulnerabilities detected, the question is: how to prioritize what to fix first?
Detection Engineering 03/November/2021 Providing Visibility, Monitoring, and Anomaly Detection with FleetDM and Osquery Nowadays, there is a concern about security and its monitoring
Cloud & Platform Security 28/October/2021 Enumerating Services in AWS Accounts in an Anonymous and Unauthenticated Manner In recent research, we adjusted a enumeration technique used for years to map services on a AWS account to just its account id and with unauthenticated form
Intelligence 22/October/2021 Cobalt Strike: Infrastructure Analysis In a recent review, we described and offered pointers on the most common configurations of this tool, which is one of the most used by criminals
Data Engineering 21/October/2021 Data anonymization: what, why and how is it done? An introduction to the need, concept and application of Data Anonymization techniques in times where information is golden and plentiful everywhere.
Detection Engineering 13/October/2021 Unveiling the SIGMA (YAML) for Detection Engineering Sigma Rules: A Format for Composing Your Discovery Use Case Library
Intelligence 05/October/2021 Fake stores: how Brazilian criminals use SPAM services to boost fake stores Evidence from fraud groups reveals a wide variety of services used to disseminate malicious campaigns
Cybersec Customer Success 15/September/2021 Tracking the customer journey in search of strategic data for both the customer and the provider Nesse artigo, vamos caminhar juntos e entender a jornada do cliente em Customer Success, com o objetivo de deixar clara a importĂąncia de um relacionamento personalizado com o cliente, e de ter sua jornada percorrida de forma plena.
Corporate Security 01/September/2021 DLP technology making your life easier in achieving compliance with major market standards and regulations How to prevent sensitive and/or company-valued data from leaking out of the organization, regardless of the reason
Web Application Security 18/August/2021 URL Filter Subversion How failures related to validating conditions based on URLs can lead to security issues
Software Engineering 04/August/2021 Making it easy to generate GraphQL APIs with Hasura Learn how to use plug-and-play with Postgres database schema
Intelligence 22/July/2021 A Background on DNS over HTTPS and discussions about its implementation The DoH is the protocol that aims to provide greater privacy to users browsing the Internet
Intelligence 14/July/2021 LOLBins: how native tools are used to make threats stealthier Over the years, operating systems' native tools have become both popular and a preponderant mechanisms in the attackers hands whom combine them with malwares
News 02/July/2021 SideChannel: content generation as a driving force in the development of cybersecurity With the constant growth of cyber-attacks, sharing knowledge in the area of cybersecurity becomes essential
Software Engineering 23/June/2021 How to create a project with React? It is necessary to think about everything, in order to structure a project: from folders organization to the coding language to be used, besides tolls and frameworks that will help in its developement
Intelligence 10/June/2021 An overview of the main WhatsApp scams and ways to protect yourself WhatsApp cloning still is one of the biggest applied scam
Reverse Engineering 26/May/2021 USER-STACK: Essential knowledge to Memory Corruption study Study on User-Stack principles in Windows and its defense and attack aspects
Software Engineering 12/May/2021 Creating an API with NestJS Presenting an option to create backends using JavaScript/TypeScript in an organized and easy to maintain way
Intelligence 03/May/2021 Impostor Attendant: How criminals use famous brands to deceive users on social networks Recent campaigns rekindle discussions about the malicious use of social networks
Application Security 30/April/2021 ASCII to UTF-8 Encoding It's a usual encode issue presents a character in the middle of a word
Intelligence 16/April/2021 New banking trojan is identified in campaigns against Brazilian account holders Named SLKRat by Tempest, the malware uses the screen overlay technique to steal bank information
Web Application Security 31/March/2021 Common problems in bad implementations of business rules and absence of data validation – Part 1 This is the first in a series of publications about security flaws in two-factor authentication implementations.
Cloud & Platform Security 12/March/2021 Good security practices using Docker Security must be considered at all levels of a project, from code development to the infrastructure where it will run.
Intelligence 03/March/2021 Jupyter Notebooks for fun and cryptomining Criminals are taking advantage of weaknesses in the data science tool to mine cryptocurrencies
Web Application Security 24/February/2021 SQL Injection: There was a comma halfway How to efficiently exploit a Blind SQL Injection when the vulnerable application removes the character â,â (comma) from the request?
Intelligence 11/February/2021 New Astaroth techniques focus on anti-detection measures Trojan started to exploit websites vulnerable to Cross-Site Scripting attacks and to use the finger command for remote execution of malicious code.
Software Security 27/January/2021 Is it possible to design a good user experience without giving up security? When we build a safe product for the user, we are also assigning security and less damage to the business.
Web Application Security 18/January/2021 Access Control Flaws in Web Applications If there is a vulnerability, an attacker could compromise the application completely
Web Application Security 31/December/2020 Server Side Request Forgery â Attack and Defense Also known as SSRF, is a vulnerability that allows an attacker to make requests through a vulnerable server
Intelligence 09/December/2020 New Vadokrist Trojan campaign uses Pix as phishing bait The threat affects customers of major Brazilian banks, using the DLL Injection technique in its infection process and misusing GitHub
Web Application Security 19/November/2020 A long time ago, in a web far away, the SQL Injection appeared Understand how the SQL Injection works and how to protect yourself against it
Web Application Security 06/November/2020 Letâs go with Cross Site Request Forgery? According to a survey carried out by OWASP in 2013, CSRF was on the list of the 10 most common vulnerabilities founded in Web applications.
Application Security 14/October/2020 HTML to PDF converters, can I hack them? Our goal here was to investigate what kind of vulnerabilities can be inserted in a software through the use of libraries with the above mentioned functionality
Application Security 30/September/2020 Brute Force Attacks: Protection and Mitigation Measures Any system that interacts with the internet must be prepared to defend itself from a large arsenal of techniques and attacks
Software Security 16/September/2020 Safe development practices for agile teams With increasingly tight deadlines for software projects, agile methodologies have been widely used in the area
Hardware/Embedded 02/September/2020 The danger of using the Wifi module ESP8266 to create a backdoor We will detail the necessary steps to perform the firmware upload correctly
Application Security 19/August/2020 Mimikatz: Mitigating credential theft attacks The tool has become indispensable in the arsenal used by both pentesters and attackers and malware in real compromising scenarios
Vulnerability Disclosure 06/August/2020 Path Traversal Vulnerability in SecurEnvoy impacts on remote command execution through file upload Attacks of this type consist of the possibility of traversing directories outside and/or inside the root of the application, thus allowing access to other files or folders in an arbitrary manner
Mobile 23/July/2020 Analyzing some defense mechanisms in mobile browsers For many internet users, browsers have become a fundamental part of our daily lives
Community 13/July/2020 Cybersecurity in Healthcare in the midst of crisis COVID-19 Series: Key Topics to Combat Cyberattacks Taking Place in Hospitals During the Pandemic
Cryptography 08/July/2020 Cryptography: Applications to ensure your privacy It guarantees that the confidentiality of the data can be assured, either in its storage or in its communication process
Vulnerability Disclosure 23/June/2020 DLL Hijacking at the Trend Micro Password Manager (CVE-2020â8469) We will briefly present some basic concepts on the subject, as well as the demonstration of this vulnerability in Trend Micro Password Manager
Intelligence 18/June/2020 Tactics, techniques, and pointers on recent major Double Extortion threats An overview of the actions of the groups operating the Maze, Snake, RagnarLocker, Clop, REvil (Sodinokibi), Netwalker (Mailto), DoppelPaymer, and Nefilim ransomwares
Reverse Engineering 11/June/2020 BA AD F0 0D: Using memory debug code as an anti-debugging technique New anti-debugging techniques are always welcome
Intelligence 08/May/2020 Double Extortion: Data leak combined with ransomware have increased in recent weeks Criminals use various techniques to extract sensitive data and sabotage the environment, requiring payment to prevent leaks
Community 09/April/2020 Bringing Zoom Safety into Perspective COVID-19 series: an analysis of the latest incidents involving the security of the product
Corporate Security 25/March/2020 The strategies behind the new coronavirus-themed attacks COVID-19 series: old scams in new packaging
Corporate Security 19/March/2020 The bare minimum of cybersecurity you need to consider when building an infrastructure in a hurry COVID-19 Series: What topics to prioritize and a few free resources and information providers
Corporate Security 16/March/2020 Cybersecurity in the home office in times of coronavirus: a question of coresponsibility COVID-19 series: tips for protecting company data in your home environment
Vulnerability Disclosure 11/March/2020 Vulnerability in Avast Secure Browser enables escalation of privileges on Windows Exploitation abuses the hardlinks feature, which represents the file content on the NTFS system
Corporate Security 03/March/2020 Case Study â Symantec DLP â Endpoint Environment Analysis of the environment and problems found
Web Application Security 10/February/2020 Once upon a time an account enumeration Identifying valid users in a variety of conditions and ways to protect your systems from this threat
Software Security 24/January/2020 For less Gandalfs and more John Wicks (or, for less magic frameworks and more software engineering) Go is a relatively new language, similar to C but with memory safe, garbage collection, structural typingâŠ
Web Application Security 07/January/2020 The Cypher Injection Saga From descriptive error to BURP extension
Cryptography 12/December/2019 Evil Maid: Attack on computers with encrypted disks The attack allows to obtain data stored on a disk or even to gain remote access to the victimâs computer
Intelligence 05/December/2019 Brazilian fraudsters are using a distributed tool to obtain CVV data Tactic has been used both against legitimate e-commerce websites under the control of the attacker, and against payment gateways
Software Security 26/November/2019 Consuming APIs with Flutter and Redux | Walk through Most of people only meet Redux when they bump into React, and internalize the architecture as a React thing
Intelligence 23/November/2019 New HydraPOS malware dashboard has been identified with data from over 100,000 credit cards Variant of the threat, described by Tempest in 2017, remains in full operation and has dozens of targets in Brazil
Corporate Security 12/November/2019 Information Security Risk Management â Analytical Thinking A brief risk management analysis based on ISO / IEC 27005: 2011 â Information Technology â Security Techniques â Information Security Risk Management
Web Application Security 29/October/2019 A Burp plugin that automates failure detection in the HTML development process The idea of ââcreating another extension for Burp came up in one of the editions of âNa Beira do Rioâ
Cloud 15/October/2019 Cloud Migration: what to consider from a cybersecurity perspective Keeping cloud data secure requires as much or more care and control than data stored on premises
Intelligence 01/October/2019 Phishing campaign spreads malware to Facebook users in Brazil and Mexico Sponsored ads offered discount coupons to distribute a malicious Chrome extension, among other threats
Intelligence 17/September/2019 Research identifies tool used to extract and manipulate email attachments Offered in social networks, tool also allows to validate email credentials
Cryptography 05/September/2019 A brief analysis of data compression security issues Many applications compress data before it is encrypted, which, in some cases, may compromise the confidentiality of the transmitted data
Vulnerability Disclosure 20/August/2019 Trend Micro Maximum Security 2019 vulnerability allows for privilege escalation attacks on Windows Discovered by Tempest analyst, the flaw had a fix released last week
Software Security 14/August/2019 Adequately using relational database privileges in migration tasks How to improve security in the database access using the Principle of Least Privilege
Vulnerability Disclosure 31/July/2019 Vulnerability in Avira Security Suite enables for privilege escalation attacks The flaw is present in a file which, by default, has open access and control permissions for all Windows users
Vulnerability Disclosure 16/July/2019 Tempest identifies weakness in Microsoft security service By exploiting the vulnerability, an attacker can deliver malicious files via email
Intelligence 24/May/2019 Tempest discovers fraud campaign that amassed 2 million payment card data Malware was installed in 2,600 points of sale of commercial businesses throughout Brazil
Intelligence 27/March/2019 GUP: banking malware campaign affects account holders of nine Brazilian institutions Threat is based on overlaying the Internet Banking screen to perform fraudulent transactions while the user accesses the bankâs website
Vulnerability Disclosure 18/December/2018 Critical vulnerability is identified in Aligera products The vulnerability allows an attacker to gain full control of the device
News 29/November/2018 FBI closes multi-million dollar ad-fraud scheme The campaign infected more than 1.7 million computers to generate fake clicks
Intelligence 27/November/2018 Botnet Bushido has increased activity detected This variant would be used in DDoS rental services
Intelligence 26/November/2018 Campaign disseminates banking trojan for clients of Brazilian banks The malware has evasive features that circumvent anti-virus systems and use advanced screen overlay techniques
Intelligence 19/November/2018 Dodge game: a story about document fraud It is a job that depends essentially on digital resources
News 12/November/2018 Vulnerable Adobe ColdFusion servers are targeted by cybercriminals Cybercriminals have used reverse engineering in an Adobe patch in search for vulnerabilities to exploit
News 07/November/2018 Malware campaign in Brazil uses legitimate Windows components Campaign uses WMI and CertUtil functions to attack its victims
News 06/November/2018 Soon, CVSS scores will be assigned by AI NIST is evaluating the use of IBM Watson to perform the task
News 05/November/2018 More than half of SMBs have experienced some security breach in the last year Phishing and Malware are the most common attacks
News 01/November/2018 POS devices have several flaws that allow for different types of attacks Vulnerabilities were found in more than half of the major mobile POS tested terminals
News 29/October/2018 jQuery File Upload: plugin flaw leaves thousands of vulnerable websites Flaw was introduced when Apache disabled security control of .htacceess files
News 25/October/2018 Another Windows Zero-Day vulnerability is disclosed on Twitter New flaw allows for deletion of critical system data and privilege escalation
News 24/October/2018 Cisco and F5 Networks Assess Impact of Vulnerability on Libssh Flaw related to encoding error affects library version 0.6.0
News 23/October/2018 Two critical vulnerabilities have been found on NAS devices Flaws are present on WD My Book, NetGear Stora, SeaGate Home and NAS Medion LifeCloud devices
News 22/October/2018 13 flaws in the Amazon FreeRTOS IoT operating system are found Attackers can take complete control of the system
News 22/October/2018 Chrome 70 optimizes privacy and fixes 23 vulnerabilities Google paid more than $ 20,000 in rewards to researchers reporting flaws
Intelligence 04/September/2018 Garage scheme: scam affects vehicle financing A gang carried out a fraud against financial institutions
Intelligence 28/August/2018 Fake stores, âboletosâ and WhatsApp: Uncovering a Phishing-as-a-Service operation This activity relies on platforms that sell fake e-commerce (fake stores)
Intelligence 21/August/2018 Domain Redirection Attack on Brazilian Banks Affects Intelbras Routers The exposure of these access credentials is due to a vulnerability published in 2015
Intelligence 20/August/2018 Hakai botnet shows signs of intense activity in Latin America This botnet has been detected by our sensors 134 times just this month
Intelligence 01/August/2018 New attempts to attack D-Link devices in Brazil are detected Tempest monitoring team identified the activity of 11 botnets attempting to exploit device flaws
Intelligence 25/July/2018 New variant of the Mirai botnet has activity detected in Brazil Botnet tries to exploit vulnerabilities in routers and monitoring systems
News 20/June/2018 New laws in Europe and the US could threaten Internet fundamentals, experts say None of them is getting the same attention from the market as GDPR
Intelligence 19/April/2018 Chinese government surveillance app is vulnerable to MITM attacks In a report released last week, the Open Technology Fund (OTF) stated that the JingWang app does not protect usersâ private information; and, besides that, it is vulnerable to man-in-the-middle attacks
News 09/April/2018 Do we need to discuss Bitcoinâs impact on global energy production and consumption? Is there any reason for this concern? And, above all: is there enough data to come to any conclusion?
News 28/March/2018 A false Android app is being used to spy on Iranian citizens The malware used in this campaign infects Android users through a fake version of a VPN application called Psiphon
Vulnerability Disclosure 20/March/2018 Hola VPN software flaw could lead to privilege escalation If exploited, the vulnerability allows for privilege escalation in the operating system, allowing the attacker to get full control over the victimâs computer
Vulnerability Disclosure 05/March/2018 Rapid SCADA: Industrial system has elementary flaw in access control The flaw allows the system to become a bridge to access critical infrastructures
Uncategorized 20/February/2018 Cyber security: how old and new problems place companies in a âstate of attentionâ Noticing that security is inserted among such important issues for society does not come as a surprise
News 08/February/2018 EZ-Security joins Tempest creating Brazilâs largest cyber security specialized company We can now offer our customers and partners the largest and most comprehensive portfolio of products and services
Intelligence 01/February/2018 One third of the Internet was under DoS attack, according to study Six university researchers shed some light on this type of attack
News 16/January/2018 New threats expose risk of attacks on satellite communication systems on ships These vulnerabilities would allow access to internal systems of offshore vessels
Vulnerability Disclosure 08/January/2018 Password manager flaw allows for arbitrary command execution The flaw was found in the latest version of the software (4.9.3)
Corporate Security 03/November/2017 Risks involving supply chain attacks We will look at some threats that abuse the supply chain and also address some of the consequences faced by organizations that have been victims of this type of attack
Intelligence 18/October/2017 HydraPOS â Operation of Brazilian fraudsters has accumulated, at least, 1.4 million card data Fraud scheme went unnoticed for four years, targeting several merchants in Brazil
Human Factors 25/September/2017 Digital advertising tools are being used to disseminate phishing campaigns The discovery is the result of research being conducted at El Pescador since 2016
News 13/September/2017 Artificial Intelligence techniques can be used to automate false reviews on websites, study suggests The technique is presented as the next evolution of a practice known as âcrowdturfingâ
News 04/September/2017 Conceptual attack uses replacement parts to take control of mobile devices Two initial attacks are described in the study, both happened after the exchange of an original touchscreen module with a malicious version
News 21/July/2017 Tempest is a co-author of the âBest Practices in Fraud Preventionâ guide for the digital advertising industry The event was part of a series of actions promoted by the IAB, which aims to make advertisers aware of the responsibility of require transparency regarding the investments made in digital advertising
News 30/June/2017 Study assesses risks and implications of cyber attacks on nuclear defense systems Document examines the possibilities of cyberattack to the Tridentâ britain nuclear deterrent program
Uncategorized 23/June/2017 Data leakage is the theme of El Pescadorâs new simulated phishing campaign Cyber threats are constantly being renewed as cybercriminals develop increasingly sophisticated techniques to achieve their goals
Uncategorized 16/June/2017 Pacemakers may be vulnerable to cyberattacks, study finds More than 8,000 vulnerabilities have been discovered in several models. In the UK the number of implanted devices exceeds 400 per million inhabitants
Uncategorized 05/June/2017 Android: failures that are beyond the code In which ways the appropriation of the Android ecosystem affects its security
Uncategorized 26/May/2017 A time bomb: the challenge to fight fraud in the digital advertising industry The HummingBad is one among the various activities that continually harm the digital advertising industry
Uncategorized 26/May/2017 Increase in âCEO Fraudâ attacks highlights risks to corporate environments The number of BEC (Business Email Compromise) attacks has grown about 55% in 2015 in comparison with the previous year
Uncategorized 26/May/2017 Ransomware recent developments and threats New threats, spike in infections and attacks against the healthcare industry
Uncategorized 26/May/2017 Malvertising â recent developments on tactics and techniques Performing Malvertising attacks has already become an established technique in the modus operandi of several cyber crime rings
Uncategorized 26/May/2017 Exploit Kits: The current revival of an old tool that became trend The first campaign that used an EK was spotted a decade ago and it used code that exploited a â0-dayâ vulnerability in Internet Explorer
News 18/May/2017 Inspeckage, mobile application software analysis, has Tempestâs official support This stamp represents the partnership between Tempest and Antonio Martins, developer of the tool and mobile application anaylsis specialist
Uncategorized 12/May/2017 WannaCry ransomware spreads around the world and impacts large enterprises The malware has the behavior of a worm, infecting vulnerable computers that allow connections through Server Message Block (SMB) and Remote Desktop Protocol (RDP) connections
Uncategorized 09/May/2017 GE patches up vulnerability that allows remote power grids shutdown Cyberattacks aimed at infrastructure were considered to be costly, requiring a great amount of resources and knowledge to execute
Uncategorized 03/May/2017 Stolen âOrange is the New Blackâ episodes are leaked online. Attackers threaten other studios The leak occurred after the company refused to pay a ransom of 50 bitcoin that the hacking group demanded in order to not disclose the videos
Uncategorized 28/April/2017 Security incident on corporate chat tool HipChat may have exposed users data It has affected their webservers and allowed others unauthorised access to user content
Uncategorized 05/April/2017 USB-based malware raises suspicions of hostile attacks in air-gapped environments The malware has self-protection features based on volume encryption using the AES128 algorithm, which also creates a single image that should prevent cloning the USB device
Uncategorized 26/March/2017 Cyber war games exercises explained Tempest Security Intelligence has created a unique methodology for running large-scale cyber war games exercises, which we call CYBERDRILL TM
Uncategorized 14/March/2017 Steganography in Malvertising campaigns: attacks continue to improve These attacks have been active at least since 2014 and contain steganography techniques in their execution
News 13/March/2017 Law enforcement agencies adapt proceedings against Dark Markets in Operation Hyperion At the end of October, 2016, an international task force identified thousands of people involved in the buying and selling of illicit products and services in Dark Markets
Intelligence, Malware, Reverse Engineering, Tempest Research, THREAT INTELLIGENCE 21/May/2025 Coyote: a stealthy banking trojan targeting dozens of Brazilian financial institutions The new variants analyzed by Tempest feature a new method of dissemination via WhatsApp Web, in a rather unusual approach among banking Trojans targeting Latin America.
Application Security, Web Application Security 16/April/2025 Overview of vulnerabilities in the implementation of the OAuth protocol Although widely used by web applications, if implemented improperly, OAuth can lead to token hijacking, redirection to malicious applications and other possibilities. In this blogpost, we'll discuss some of the vulnerabilities inherent in improper implementation of the protocol and how to mitigate them.
Application Security, Cloud, Cloud & Platform Security 20/March/2025 Event injection in serverless architectures This report is a study of serverless architecture and how this type of environment opens up a new range of injection attacks. This study provides an overview of the architecture, the range of its attack surface, how injection attacks occur and the possible impacts that this kind of vulnerability can bring.
THREAT INTELLIGENCE 14/February/2025 Rise in the use of remote monitoring and management software in malicious campaigns Tempest researchers identify an increase in the use of RMM tools in campaigns targeting Brazil
Web Application Security 10/February/2025 Understanding the Edge Side Include Injection vulnerability The vulnerability occurs through the injection of ESI fragments
THREAT INTELLIGENCE 10/February/2025 Gh0st RAT: malware active for 15 years is still used by threat operators Find out how an open source RAT developed in 2008 is still relevant and has become the basis for different variants present in the most diverse campaigns.
Vulnerability Disclosure 15/July/2024 Cross-Site Scripting (XSS) vulnerabilities and direct unauthenticated access found in the LumisXP Framework This publication focuses on the discovery of flaws that allow the execution of arbitrary scripts (HTML/JavaScript) and unauthorized access in applications using LumisXP, without the need for authentication
Web Application Security 17/June/2024 XSSi: An overview of the vulnerability in 2024 Largely overlooked by both developers and cybersecurity researchers, the vulnerability still represents a source of threat to individuals and businesses
THREAT INTELLIGENCE 10/April/2024 Understanding Ransomware-as-a-Service operations from an affiliate’s perspective Affiliates are individuals or subgroups responsible for conducting intrusions into corporate networks, using as part of their arsenal resources provided by one or more ransomware operations to which they may be linked
Vulnerability Disclosure 28/February/2024 CVEs: Access control vulnerabilities found within Multilaser routers’ web management interface This publication deals with the discovery of security flaws that may enable unauthorized access and control of Multilaser router configurations
Network Security 15/February/2024 What is DoS? How to defend yourself? Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks represent a constant threat to global enterprises, with alarming numbers of incidents. In addition to the direct losses caused by the interruption of services, companies face a new form of attack: Ransom DDoS (RDDoS), where attackers demand payment to cease attacks
Exploit Development 31/January/2024 AFL++ and an introduction to Feedback-Based Fuzzing Many bugs found from fuzzing tests can be signs of serious vulnerabilities
Cloud & Platform Security 17/January/2024 Privilege escalation with IAM on AWS Privilege escalation in AWS consists of having sufficient permissions for administrative access to an organization
Cyber-Physical Systems 28/December/2023 What is cryptojacking? Understand the main points of the cryptojacking phenomenon, its origins, how it works and the consequences for individuals and organizations
Cloud 15/December/2023 The Art of Cloud Security: Proactive Detection of Configuration Errors Implementing a mechanism that detects configuration faults and makes them visible to be handled by the administrators is an excellent alternative for reducing the attack surface on Cloud resources
AI, ML & Data Science 21/November/2023 Detecting bugs in source code with AI Explore one of the techniques for detecting vulnerabilities through Functionally-similar yet Inconsistent Code (FICS), using static analysis to identify inconsistencies in code. Learn more about its customized representation and hierarchical clustering, revealing advantages, results, and potential improvements
Detection Engineering 25/October/2023 False positives in threat detection Understand the need to create exceptions, adjust detection logic and rules, implement processes to handle alerts and manage false positives when identifying cyber threats
Intelligence 06/October/2023 Anti-flapping and correlation techniques in Zabbix to mitigate false positives in an SOC Zabbix is a monitoring platform that offers flexibility in notifying issues in networks, servers, and services, aiming for SOC effectiveness. In this article, we address techniques to reduce false positives and alert flooding, including anti-flapping and logic correlation, strategies that enhance monitoring reliability
Cyber-Physical Systems 22/September/2023 Study of vulnerabilities in MIFARE Classic cards Understand how RFID technology allows remote communication through electronic tags. Discover the details of MIFARE Classic cards, their structure, encryption and potential vulnerabilities
AI, ML & Data Science 08/September/2023 Detecting Anomalies using Machine Learning on Splunk The identification of cyberattacks is crucial to safeguard networks and systems, but signature detection has its limitations. Therefore, the discovery of anomalies through machine learning is a promising approach
Hardware/Embedded 23/August/2023 Mapping vulnerabilities in amazon echo using alexa skills How a malicious developer can use skills development tools to attack users
Malware 14/August/2023 Browser extensions: Friend or Foe? How a supposedly harmless browser extension can harm you without you even knowing it
Web Application Security 14/August/2023 Pickles, Shorts and Jokers: A study on Java deserialization Explore insecure deserialization in Java applications. Learn about serialization, deserialization, Magic Methods, and how attackers use gadgets to cause damage. Learn about mitigation measures and the importance of restricting deserialization to protect your application against this security vulnerability
Cloud & Platform Security 12/July/2023 The importance of establishing new perimeters surrounding the cloud The addition of Single Points of Access (SOPs) for AWS aims to reduce vulnerability exploitation by using administrative users in AWS
THREAT INTELLIGENCE 20/June/2023 Stooge Accounts: the final link in cybercrime money laundering in Brazil Investigation reveals the obscure trade in orange accounts: learn about the values, tactics and risks involved in this criminal practice used by fraudsters to receive money from financial fraud
Network Security 15/June/2023 The importance of a good configuration of IPv6 rules in the firewall The importance of a good IPv6 firewall rule configuration is related to the need to protect an organization's network against potential vulnerabilities and attacks that may exploit the specific characteristics of the IPv6 protocol
Network Security 01/June/2023 Configuring SSH Certificate-Based Authentication Authentication via SSH certificates improves security and offers flexibility and scalability. While its implementation can be complex and not supported by all SSH clients, it is considered an improvement over key or password authentication
Vulnerability Disclosure 18/May/2023 CVE-2023-27233: SQL Command Execution Vulnerability in Piwigo 13.5.0 Survey reveals weakness in the open source software, allowing the execution of arbitrary SQL commands
Vulnerability Disclosure 17/May/2023 CVE-2023-26876: SQL injection vulnerability found in Piwigo image management software Security flaw may allow unauthorized access and retrieval of sensitive server data
AI, ML & Data Science 19/April/2023 Threats to Machine Learning-Based Systems – Part 2 of 5 In this post, we discuss how adversarial attacks affect the physical layer of the OSI model and may potentially shut down wireless communications, such as 5G, by focusing on a modulation classification application
Exploit Development 04/April/2023 Attacking JS engines: Fundamentals for understanding memory corruption crashes It will be possible to better understand the Javascript structures in memory while executing code in browsers or in any other program that makes use of the most famous JS interpreters, such as Firefox, Google Chrome, Internet Explorer and Safari
AI, ML & Data Science 15/March/2023 Threats to Machine Learning-based Systems – Part 1 of 5 Risks and Vulnerabilities Introduced by Machine Learning
Web Application Security 01/March/2023 Web cache poisoning – a practical approach The web cache poisoning vulnerability involves the possibility of using the cache services to deliver malicious pages to the clients of a website
THREAT INTELLIGENCE 15/February/2023 Use of Google Ads and SEO Poisoning for malware dissemination Tempest's Threat Intelligence team has identified in the last 3 months a significant increase in the adoption of Google Ads and SEO Poisoning techniques for the dissemination of several threats, most notably IcedID, Gootkit Loader and the Rhadamanthys, Vidar, Raccoon and RedLine stealers
Corporate Security 01/February/2023 Cloud Security to Reduce the Impact of Shadow-IT It is estimated that 97% of cloud applications are not being managed, making the visibility of these applications difficult for security teams
Community 18/January/2023 Fraud in E-commerces – Brazilian Perspective The success of e-commerces in Brazil is unquestionable and, of course, carries the same burden of fraud growth. In 2021, for example, there was a loss of more than BRL 7 billion related to fraud attempts, an increase of 100% compared to the previous year
HARDENING 05/January/2023 Methodology for Security Analysis in Operating Systems from the Compliance Management Perspective These vulnerable environment scenarios are part of the reality experienced by security teams, who work on the daily assessment of systems in order to protect assets from vulnerabilities that affect critical devices or systems in companies
THREAT INTELLIGENCE 20/December/2022 New Chaes campaign uses Windows Management Instrumentation Command-Line Utility Tempest's Threat Intelligence team recently identified a new campaign by the Chaes malware operators, in which there's a heavy use of Windows Management Instrumentation Command-Line Utility (WMIC) during the infection phase and in the theft of victim data
Software Security 09/December/2022 A Study on C Integers From January up until August 2022, MITRE has already registered 96 CVEs (common vulnerabilities and exposures) involving integers. Therefore, this is a subject that requires attention
Corporate Security 24/November/2022 The dangers of Shadow It – and CASB’s role in protecting the environment There was a time when people considered that data would always be safe behind applications, which were considered to be heavily protected
Detection Engineering 09/November/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 5 of 5 Intrusion Detection using Generative Adversarial Networks
Detection Engineering 26/October/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 4 of 5 Intrusion Detection using Autoencoders
Detection Engineering 13/October/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 3 of 5 One-Class Novelty Detection Intrusion Detection Systems
Vulnerability Disclosure 30/September/2022 CVE-2022-2863: WordPress plugin WPvivid Backup in version 0.9.76 and lower, allows reading of arbitrary files from server Developers of the plugin have patched and released an update correcting the glitch in a later version
Cloud & Platform Security 14/September/2022 Attacks via Misconfiguration on Kubernetes Orchestrators Kubernetes makes it easy to create, delete, and manage these containers. With just one command, you can replicate the action on all the required containers
Web Application Security 01/September/2022 Cross-site Scripting (XSS), variants and correction Constantly mentioned in the OWASP Top Ten, the XSS makes it possible to hijack sessions, modify the application, redirect to malicious websites and more. Here we will cover the concepts and how to prevent it from happening in our applications
Detection Engineering 18/August/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 2 of 5 Clustering-Based Unsupervised Intrusion Detection Systems
Software Security 05/August/2022 Compromise Indicators in incident detection and false positive reduction in practice Given the complexity and advance of threats to computing environments, such as the spread of ransomware attacks that have been growing in recent years (KENNEALLY, 2021), analyzing threats thoroughly and intelligently is crucial
Detection Engineering 20/July/2022 MISP Broker Tempest's team of researchers develop and share a tool to assist in activities carried out by defensive security analysts
THREAT INTELLIGENCE 11/July/2022 Stealers, access sales and ransomware: supply chain and business models in cybercrime Although incidents arising from such activities happen mostly in the computational universe, their impacts are not restricted to the digital world, and can affect people, institutions, cities, or even countries
Detection Engineering 23/June/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 1 of 5 Signature vs. Anomaly-Based Intrusion Detection Systems
Cloud & Platform Security 08/June/2022 Unwanted Permissions that may impact security when using the ReadOnlyAccess policy in AWS With this initial analysis, Tempest researchers identified at least 41 actions that can lead to improper data access
Vulnerability Disclosure 25/May/2022 CVE-2021-46426: phpIPAM 1.4.4 allows reflected XSS and CSRF via subnets functionality Its version 1.4.4 is vulnerable to Reflected Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks
Vulnerability Disclosure 25/May/2022 CVE-2021-30140: XSS Vulnerability Detection in Liquid Files LiquidFiles 3.4.15 has stored XSS via "send email" functionality when emailing a file to an administrator.
THREAT INTELLIGENCE 02/May/2022 Mekotio banking trojan identified in a new campaign against Brazilian account holders The Trojan, which supposedly originated in Brazil, has divided its infection process into multiple stages in order to make the work of malware analysts more difficult
Cybersec Customer Success 26/April/2022 Information Security: Policies for Clean Desks and Screens Information security (IS) is directly related to protecting a set of information, in the sense of preserving the value it holds for an individual or an organization
Mobile 22/April/2022 Facial Biometrics: Major Attacks and Mitigations As with every major new development in the security market, this explosion of systems based on facial biometrics has been followed by new and increasingly sophisticated forms of fraud
Web Application Security 25/March/2022 HTTP Method Override – what it is and how a pentester can use it How this technique can help potential attackers bypass security measures based on HTTP methods
Corporate Security 09/February/2022 Data Leak Prevention Intelligence In this article, the focal point is to present a more conceptual view of the subject for those who have already taken the first plunge into the information security field
Cloud & Platform Security 25/January/2022 Unauth root account email discovery with AWS organizations From the information previously discovered, it's possible to get equipped with information to carry out the next phases and moves of the attack
Corporate Security 12/January/2022 Evaluate, Direct and Monitor – governance goals according to the ISACA COBIT 2019 framework in the context of Managed Detection and Response (MDR) This article aims to comprehensively address the responsibilities and competences of an IT governance system in the organization
Cybersec Customer Success 21/December/2021 A philosophy for quality customer service in the information security market This article addresses this scenario and shares some proposals for achieving this goal
Software Engineering 17/December/2021 A Web Accessibility: how to modify our projects today In this blogpost, we'll address directions and techniques that can be incorporated into our web projects
Vulnerability Management 17/November/2021 How intelligence data can help manage vulnerabilities With the large number of vulnerabilities detected, the question is: how to prioritize what to fix first?
Detection Engineering 03/November/2021 Providing Visibility, Monitoring, and Anomaly Detection with FleetDM and Osquery Nowadays, there is a concern about security and its monitoring
Cloud & Platform Security 28/October/2021 Enumerating Services in AWS Accounts in an Anonymous and Unauthenticated Manner In recent research, we adjusted a enumeration technique used for years to map services on a AWS account to just its account id and with unauthenticated form
Intelligence 22/October/2021 Cobalt Strike: Infrastructure Analysis In a recent review, we described and offered pointers on the most common configurations of this tool, which is one of the most used by criminals
Data Engineering 21/October/2021 Data anonymization: what, why and how is it done? An introduction to the need, concept and application of Data Anonymization techniques in times where information is golden and plentiful everywhere.
Detection Engineering 13/October/2021 Unveiling the SIGMA (YAML) for Detection Engineering Sigma Rules: A Format for Composing Your Discovery Use Case Library
Intelligence 05/October/2021 Fake stores: how Brazilian criminals use SPAM services to boost fake stores Evidence from fraud groups reveals a wide variety of services used to disseminate malicious campaigns
Cybersec Customer Success 15/September/2021 Tracking the customer journey in search of strategic data for both the customer and the provider Nesse artigo, vamos caminhar juntos e entender a jornada do cliente em Customer Success, com o objetivo de deixar clara a importĂąncia de um relacionamento personalizado com o cliente, e de ter sua jornada percorrida de forma plena.
Corporate Security 01/September/2021 DLP technology making your life easier in achieving compliance with major market standards and regulations How to prevent sensitive and/or company-valued data from leaking out of the organization, regardless of the reason
Web Application Security 18/August/2021 URL Filter Subversion How failures related to validating conditions based on URLs can lead to security issues
Software Engineering 04/August/2021 Making it easy to generate GraphQL APIs with Hasura Learn how to use plug-and-play with Postgres database schema
Intelligence 22/July/2021 A Background on DNS over HTTPS and discussions about its implementation The DoH is the protocol that aims to provide greater privacy to users browsing the Internet
Intelligence 14/July/2021 LOLBins: how native tools are used to make threats stealthier Over the years, operating systems' native tools have become both popular and a preponderant mechanisms in the attackers hands whom combine them with malwares
News 02/July/2021 SideChannel: content generation as a driving force in the development of cybersecurity With the constant growth of cyber-attacks, sharing knowledge in the area of cybersecurity becomes essential
Software Engineering 23/June/2021 How to create a project with React? It is necessary to think about everything, in order to structure a project: from folders organization to the coding language to be used, besides tolls and frameworks that will help in its developement
Intelligence 10/June/2021 An overview of the main WhatsApp scams and ways to protect yourself WhatsApp cloning still is one of the biggest applied scam
Reverse Engineering 26/May/2021 USER-STACK: Essential knowledge to Memory Corruption study Study on User-Stack principles in Windows and its defense and attack aspects
Software Engineering 12/May/2021 Creating an API with NestJS Presenting an option to create backends using JavaScript/TypeScript in an organized and easy to maintain way
Intelligence 03/May/2021 Impostor Attendant: How criminals use famous brands to deceive users on social networks Recent campaigns rekindle discussions about the malicious use of social networks
Application Security 30/April/2021 ASCII to UTF-8 Encoding It's a usual encode issue presents a character in the middle of a word
Intelligence 16/April/2021 New banking trojan is identified in campaigns against Brazilian account holders Named SLKRat by Tempest, the malware uses the screen overlay technique to steal bank information
Web Application Security 31/March/2021 Common problems in bad implementations of business rules and absence of data validation – Part 1 This is the first in a series of publications about security flaws in two-factor authentication implementations.
Cloud & Platform Security 12/March/2021 Good security practices using Docker Security must be considered at all levels of a project, from code development to the infrastructure where it will run.
Intelligence 03/March/2021 Jupyter Notebooks for fun and cryptomining Criminals are taking advantage of weaknesses in the data science tool to mine cryptocurrencies
Web Application Security 24/February/2021 SQL Injection: There was a comma halfway How to efficiently exploit a Blind SQL Injection when the vulnerable application removes the character â,â (comma) from the request?
Intelligence 11/February/2021 New Astaroth techniques focus on anti-detection measures Trojan started to exploit websites vulnerable to Cross-Site Scripting attacks and to use the finger command for remote execution of malicious code.
Software Security 27/January/2021 Is it possible to design a good user experience without giving up security? When we build a safe product for the user, we are also assigning security and less damage to the business.
Web Application Security 18/January/2021 Access Control Flaws in Web Applications If there is a vulnerability, an attacker could compromise the application completely
Web Application Security 31/December/2020 Server Side Request Forgery â Attack and Defense Also known as SSRF, is a vulnerability that allows an attacker to make requests through a vulnerable server
Intelligence 09/December/2020 New Vadokrist Trojan campaign uses Pix as phishing bait The threat affects customers of major Brazilian banks, using the DLL Injection technique in its infection process and misusing GitHub
Web Application Security 19/November/2020 A long time ago, in a web far away, the SQL Injection appeared Understand how the SQL Injection works and how to protect yourself against it
Web Application Security 06/November/2020 Letâs go with Cross Site Request Forgery? According to a survey carried out by OWASP in 2013, CSRF was on the list of the 10 most common vulnerabilities founded in Web applications.
Application Security 14/October/2020 HTML to PDF converters, can I hack them? Our goal here was to investigate what kind of vulnerabilities can be inserted in a software through the use of libraries with the above mentioned functionality
Application Security 30/September/2020 Brute Force Attacks: Protection and Mitigation Measures Any system that interacts with the internet must be prepared to defend itself from a large arsenal of techniques and attacks
Software Security 16/September/2020 Safe development practices for agile teams With increasingly tight deadlines for software projects, agile methodologies have been widely used in the area
Hardware/Embedded 02/September/2020 The danger of using the Wifi module ESP8266 to create a backdoor We will detail the necessary steps to perform the firmware upload correctly
Application Security 19/August/2020 Mimikatz: Mitigating credential theft attacks The tool has become indispensable in the arsenal used by both pentesters and attackers and malware in real compromising scenarios
Vulnerability Disclosure 06/August/2020 Path Traversal Vulnerability in SecurEnvoy impacts on remote command execution through file upload Attacks of this type consist of the possibility of traversing directories outside and/or inside the root of the application, thus allowing access to other files or folders in an arbitrary manner
Mobile 23/July/2020 Analyzing some defense mechanisms in mobile browsers For many internet users, browsers have become a fundamental part of our daily lives
Community 13/July/2020 Cybersecurity in Healthcare in the midst of crisis COVID-19 Series: Key Topics to Combat Cyberattacks Taking Place in Hospitals During the Pandemic
Cryptography 08/July/2020 Cryptography: Applications to ensure your privacy It guarantees that the confidentiality of the data can be assured, either in its storage or in its communication process
Vulnerability Disclosure 23/June/2020 DLL Hijacking at the Trend Micro Password Manager (CVE-2020â8469) We will briefly present some basic concepts on the subject, as well as the demonstration of this vulnerability in Trend Micro Password Manager
Intelligence 18/June/2020 Tactics, techniques, and pointers on recent major Double Extortion threats An overview of the actions of the groups operating the Maze, Snake, RagnarLocker, Clop, REvil (Sodinokibi), Netwalker (Mailto), DoppelPaymer, and Nefilim ransomwares
Reverse Engineering 11/June/2020 BA AD F0 0D: Using memory debug code as an anti-debugging technique New anti-debugging techniques are always welcome
Intelligence 08/May/2020 Double Extortion: Data leak combined with ransomware have increased in recent weeks Criminals use various techniques to extract sensitive data and sabotage the environment, requiring payment to prevent leaks
Community 09/April/2020 Bringing Zoom Safety into Perspective COVID-19 series: an analysis of the latest incidents involving the security of the product
Corporate Security 25/March/2020 The strategies behind the new coronavirus-themed attacks COVID-19 series: old scams in new packaging
Corporate Security 19/March/2020 The bare minimum of cybersecurity you need to consider when building an infrastructure in a hurry COVID-19 Series: What topics to prioritize and a few free resources and information providers
Corporate Security 16/March/2020 Cybersecurity in the home office in times of coronavirus: a question of coresponsibility COVID-19 series: tips for protecting company data in your home environment
Vulnerability Disclosure 11/March/2020 Vulnerability in Avast Secure Browser enables escalation of privileges on Windows Exploitation abuses the hardlinks feature, which represents the file content on the NTFS system
Corporate Security 03/March/2020 Case Study â Symantec DLP â Endpoint Environment Analysis of the environment and problems found
Web Application Security 10/February/2020 Once upon a time an account enumeration Identifying valid users in a variety of conditions and ways to protect your systems from this threat
Software Security 24/January/2020 For less Gandalfs and more John Wicks (or, for less magic frameworks and more software engineering) Go is a relatively new language, similar to C but with memory safe, garbage collection, structural typingâŠ
Web Application Security 07/January/2020 The Cypher Injection Saga From descriptive error to BURP extension
Cryptography 12/December/2019 Evil Maid: Attack on computers with encrypted disks The attack allows to obtain data stored on a disk or even to gain remote access to the victimâs computer
Intelligence 05/December/2019 Brazilian fraudsters are using a distributed tool to obtain CVV data Tactic has been used both against legitimate e-commerce websites under the control of the attacker, and against payment gateways
Software Security 26/November/2019 Consuming APIs with Flutter and Redux | Walk through Most of people only meet Redux when they bump into React, and internalize the architecture as a React thing
Intelligence 23/November/2019 New HydraPOS malware dashboard has been identified with data from over 100,000 credit cards Variant of the threat, described by Tempest in 2017, remains in full operation and has dozens of targets in Brazil
Corporate Security 12/November/2019 Information Security Risk Management â Analytical Thinking A brief risk management analysis based on ISO / IEC 27005: 2011 â Information Technology â Security Techniques â Information Security Risk Management
Web Application Security 29/October/2019 A Burp plugin that automates failure detection in the HTML development process The idea of ââcreating another extension for Burp came up in one of the editions of âNa Beira do Rioâ
Cloud 15/October/2019 Cloud Migration: what to consider from a cybersecurity perspective Keeping cloud data secure requires as much or more care and control than data stored on premises
Intelligence 01/October/2019 Phishing campaign spreads malware to Facebook users in Brazil and Mexico Sponsored ads offered discount coupons to distribute a malicious Chrome extension, among other threats
Intelligence 17/September/2019 Research identifies tool used to extract and manipulate email attachments Offered in social networks, tool also allows to validate email credentials
Cryptography 05/September/2019 A brief analysis of data compression security issues Many applications compress data before it is encrypted, which, in some cases, may compromise the confidentiality of the transmitted data
Vulnerability Disclosure 20/August/2019 Trend Micro Maximum Security 2019 vulnerability allows for privilege escalation attacks on Windows Discovered by Tempest analyst, the flaw had a fix released last week
Software Security 14/August/2019 Adequately using relational database privileges in migration tasks How to improve security in the database access using the Principle of Least Privilege
Vulnerability Disclosure 31/July/2019 Vulnerability in Avira Security Suite enables for privilege escalation attacks The flaw is present in a file which, by default, has open access and control permissions for all Windows users
Vulnerability Disclosure 16/July/2019 Tempest identifies weakness in Microsoft security service By exploiting the vulnerability, an attacker can deliver malicious files via email
Intelligence 24/May/2019 Tempest discovers fraud campaign that amassed 2 million payment card data Malware was installed in 2,600 points of sale of commercial businesses throughout Brazil
Intelligence 27/March/2019 GUP: banking malware campaign affects account holders of nine Brazilian institutions Threat is based on overlaying the Internet Banking screen to perform fraudulent transactions while the user accesses the bankâs website
Vulnerability Disclosure 18/December/2018 Critical vulnerability is identified in Aligera products The vulnerability allows an attacker to gain full control of the device
News 29/November/2018 FBI closes multi-million dollar ad-fraud scheme The campaign infected more than 1.7 million computers to generate fake clicks
Intelligence 27/November/2018 Botnet Bushido has increased activity detected This variant would be used in DDoS rental services
Intelligence 26/November/2018 Campaign disseminates banking trojan for clients of Brazilian banks The malware has evasive features that circumvent anti-virus systems and use advanced screen overlay techniques
Intelligence 19/November/2018 Dodge game: a story about document fraud It is a job that depends essentially on digital resources
News 12/November/2018 Vulnerable Adobe ColdFusion servers are targeted by cybercriminals Cybercriminals have used reverse engineering in an Adobe patch in search for vulnerabilities to exploit
News 07/November/2018 Malware campaign in Brazil uses legitimate Windows components Campaign uses WMI and CertUtil functions to attack its victims
News 06/November/2018 Soon, CVSS scores will be assigned by AI NIST is evaluating the use of IBM Watson to perform the task
News 05/November/2018 More than half of SMBs have experienced some security breach in the last year Phishing and Malware are the most common attacks
News 01/November/2018 POS devices have several flaws that allow for different types of attacks Vulnerabilities were found in more than half of the major mobile POS tested terminals
News 29/October/2018 jQuery File Upload: plugin flaw leaves thousands of vulnerable websites Flaw was introduced when Apache disabled security control of .htacceess files
News 25/October/2018 Another Windows Zero-Day vulnerability is disclosed on Twitter New flaw allows for deletion of critical system data and privilege escalation
News 24/October/2018 Cisco and F5 Networks Assess Impact of Vulnerability on Libssh Flaw related to encoding error affects library version 0.6.0
News 23/October/2018 Two critical vulnerabilities have been found on NAS devices Flaws are present on WD My Book, NetGear Stora, SeaGate Home and NAS Medion LifeCloud devices
News 22/October/2018 13 flaws in the Amazon FreeRTOS IoT operating system are found Attackers can take complete control of the system
News 22/October/2018 Chrome 70 optimizes privacy and fixes 23 vulnerabilities Google paid more than $ 20,000 in rewards to researchers reporting flaws
Intelligence 04/September/2018 Garage scheme: scam affects vehicle financing A gang carried out a fraud against financial institutions
Intelligence 28/August/2018 Fake stores, âboletosâ and WhatsApp: Uncovering a Phishing-as-a-Service operation This activity relies on platforms that sell fake e-commerce (fake stores)
Intelligence 21/August/2018 Domain Redirection Attack on Brazilian Banks Affects Intelbras Routers The exposure of these access credentials is due to a vulnerability published in 2015
Intelligence 20/August/2018 Hakai botnet shows signs of intense activity in Latin America This botnet has been detected by our sensors 134 times just this month
Intelligence 01/August/2018 New attempts to attack D-Link devices in Brazil are detected Tempest monitoring team identified the activity of 11 botnets attempting to exploit device flaws
Intelligence 25/July/2018 New variant of the Mirai botnet has activity detected in Brazil Botnet tries to exploit vulnerabilities in routers and monitoring systems
News 20/June/2018 New laws in Europe and the US could threaten Internet fundamentals, experts say None of them is getting the same attention from the market as GDPR
Intelligence 19/April/2018 Chinese government surveillance app is vulnerable to MITM attacks In a report released last week, the Open Technology Fund (OTF) stated that the JingWang app does not protect usersâ private information; and, besides that, it is vulnerable to man-in-the-middle attacks
News 09/April/2018 Do we need to discuss Bitcoinâs impact on global energy production and consumption? Is there any reason for this concern? And, above all: is there enough data to come to any conclusion?
News 28/March/2018 A false Android app is being used to spy on Iranian citizens The malware used in this campaign infects Android users through a fake version of a VPN application called Psiphon
Vulnerability Disclosure 20/March/2018 Hola VPN software flaw could lead to privilege escalation If exploited, the vulnerability allows for privilege escalation in the operating system, allowing the attacker to get full control over the victimâs computer
Vulnerability Disclosure 05/March/2018 Rapid SCADA: Industrial system has elementary flaw in access control The flaw allows the system to become a bridge to access critical infrastructures
Uncategorized 20/February/2018 Cyber security: how old and new problems place companies in a âstate of attentionâ Noticing that security is inserted among such important issues for society does not come as a surprise
News 08/February/2018 EZ-Security joins Tempest creating Brazilâs largest cyber security specialized company We can now offer our customers and partners the largest and most comprehensive portfolio of products and services
Intelligence 01/February/2018 One third of the Internet was under DoS attack, according to study Six university researchers shed some light on this type of attack
News 16/January/2018 New threats expose risk of attacks on satellite communication systems on ships These vulnerabilities would allow access to internal systems of offshore vessels
Vulnerability Disclosure 08/January/2018 Password manager flaw allows for arbitrary command execution The flaw was found in the latest version of the software (4.9.3)
Corporate Security 03/November/2017 Risks involving supply chain attacks We will look at some threats that abuse the supply chain and also address some of the consequences faced by organizations that have been victims of this type of attack
Intelligence 18/October/2017 HydraPOS â Operation of Brazilian fraudsters has accumulated, at least, 1.4 million card data Fraud scheme went unnoticed for four years, targeting several merchants in Brazil
Human Factors 25/September/2017 Digital advertising tools are being used to disseminate phishing campaigns The discovery is the result of research being conducted at El Pescador since 2016
News 13/September/2017 Artificial Intelligence techniques can be used to automate false reviews on websites, study suggests The technique is presented as the next evolution of a practice known as âcrowdturfingâ
News 04/September/2017 Conceptual attack uses replacement parts to take control of mobile devices Two initial attacks are described in the study, both happened after the exchange of an original touchscreen module with a malicious version
News 21/July/2017 Tempest is a co-author of the âBest Practices in Fraud Preventionâ guide for the digital advertising industry The event was part of a series of actions promoted by the IAB, which aims to make advertisers aware of the responsibility of require transparency regarding the investments made in digital advertising
News 30/June/2017 Study assesses risks and implications of cyber attacks on nuclear defense systems Document examines the possibilities of cyberattack to the Tridentâ britain nuclear deterrent program
Uncategorized 23/June/2017 Data leakage is the theme of El Pescadorâs new simulated phishing campaign Cyber threats are constantly being renewed as cybercriminals develop increasingly sophisticated techniques to achieve their goals
Uncategorized 16/June/2017 Pacemakers may be vulnerable to cyberattacks, study finds More than 8,000 vulnerabilities have been discovered in several models. In the UK the number of implanted devices exceeds 400 per million inhabitants
Uncategorized 05/June/2017 Android: failures that are beyond the code In which ways the appropriation of the Android ecosystem affects its security
Uncategorized 26/May/2017 A time bomb: the challenge to fight fraud in the digital advertising industry The HummingBad is one among the various activities that continually harm the digital advertising industry
Uncategorized 26/May/2017 Increase in âCEO Fraudâ attacks highlights risks to corporate environments The number of BEC (Business Email Compromise) attacks has grown about 55% in 2015 in comparison with the previous year
Uncategorized 26/May/2017 Ransomware recent developments and threats New threats, spike in infections and attacks against the healthcare industry
Uncategorized 26/May/2017 Malvertising â recent developments on tactics and techniques Performing Malvertising attacks has already become an established technique in the modus operandi of several cyber crime rings
Uncategorized 26/May/2017 Exploit Kits: The current revival of an old tool that became trend The first campaign that used an EK was spotted a decade ago and it used code that exploited a â0-dayâ vulnerability in Internet Explorer
News 18/May/2017 Inspeckage, mobile application software analysis, has Tempestâs official support This stamp represents the partnership between Tempest and Antonio Martins, developer of the tool and mobile application anaylsis specialist
Uncategorized 12/May/2017 WannaCry ransomware spreads around the world and impacts large enterprises The malware has the behavior of a worm, infecting vulnerable computers that allow connections through Server Message Block (SMB) and Remote Desktop Protocol (RDP) connections
Uncategorized 09/May/2017 GE patches up vulnerability that allows remote power grids shutdown Cyberattacks aimed at infrastructure were considered to be costly, requiring a great amount of resources and knowledge to execute
Uncategorized 03/May/2017 Stolen âOrange is the New Blackâ episodes are leaked online. Attackers threaten other studios The leak occurred after the company refused to pay a ransom of 50 bitcoin that the hacking group demanded in order to not disclose the videos
Uncategorized 28/April/2017 Security incident on corporate chat tool HipChat may have exposed users data It has affected their webservers and allowed others unauthorised access to user content
Uncategorized 05/April/2017 USB-based malware raises suspicions of hostile attacks in air-gapped environments The malware has self-protection features based on volume encryption using the AES128 algorithm, which also creates a single image that should prevent cloning the USB device
Uncategorized 26/March/2017 Cyber war games exercises explained Tempest Security Intelligence has created a unique methodology for running large-scale cyber war games exercises, which we call CYBERDRILL TM
Uncategorized 14/March/2017 Steganography in Malvertising campaigns: attacks continue to improve These attacks have been active at least since 2014 and contain steganography techniques in their execution
News 13/March/2017 Law enforcement agencies adapt proceedings against Dark Markets in Operation Hyperion At the end of October, 2016, an international task force identified thousands of people involved in the buying and selling of illicit products and services in Dark Markets
