SideChannel – Tempest

Cybersec Customer Success

20/June/2025

PRINCE2 – Tempest’s best practices on project management in a controlled environment

A cybersecurity company isn't just about...cybersecurity. Just like any other business model, at Tempest there are professionals from different areas of expertise who work together to achieve results focused on delivering value to the client, while of course respecting good information security practices. This article, which will be divided into two parts, will present how good project management practices help to maximize positive results by identifying and correcting possible gaps in internal processes while delivering value to the client. In this first publication, we'll cover general concepts about projects, controlled environments, project management methodologies and we'll also give a short introduction to our experience at Tempest after adopting PRINCE2 as the basic methodology for our project management office. In the second part, to be published shortly, the results presented here in summary form will be further detailed, along with other metrics achieved during this standardization journey.

Intelligence, Malware, Reverse Engineering, Tempest Research, THREAT INTELLIGENCE

21/May/2025

Coyote: a stealthy banking trojan targeting dozens of Brazilian financial institutions

The new variants analyzed by Tempest feature a new method of dissemination via WhatsApp Web, in a rather unusual approach among banking Trojans targeting Latin America.

Application Security, Web Application Security

16/April/2025

Overview of vulnerabilities in the implementation of the OAuth protocol

Although widely used by web applications, if implemented improperly, OAuth can lead to token hijacking, redirection to malicious applications and other possibilities. In this blogpost, we'll discuss some of the vulnerabilities inherent in improper implementation of the protocol and how to mitigate them.

Application Security, Cloud, Cloud & Platform Security

20/March/2025

Event injection in serverless architectures

This report is a study of serverless architecture and how this type of environment opens up a new range of injection attacks. This study provides an overview of the architecture, the range of its attack surface, how injection attacks occur and the possible impacts that this kind of vulnerability can bring.

THREAT INTELLIGENCE

14/February/2025

Rise in the use of remote monitoring and management software in malicious campaigns

Tempest researchers identify an increase in the use of RMM tools in campaigns targeting Brazil

Web Application Security

10/February/2025

Understanding the Edge Side Include Injection vulnerability

The vulnerability occurs through the injection of ESI fragments

THREAT INTELLIGENCE

10/February/2025

Gh0st RAT: malware active for 15 years is still used by threat operators

Find out how an open source RAT developed in 2008 is still relevant and has become the basis for different variants present in the most diverse campaigns.

Vulnerability Disclosure

15/July/2024

Cross-Site Scripting (XSS) vulnerabilities and direct unauthenticated access found in the LumisXP Framework

This publication focuses on the discovery of flaws that allow the execution of arbitrary scripts (HTML/JavaScript) and unauthorized access in applications using LumisXP, without the need for authentication

Web Application Security

17/June/2024

XSSi: An overview of the vulnerability in 2024

Largely overlooked by both developers and cybersecurity researchers, the vulnerability still represents a source of threat to individuals and businesses

THREAT INTELLIGENCE

10/April/2024

Understanding Ransomware-as-a-Service operations from an affiliate’s perspective

Affiliates are individuals or subgroups responsible for conducting intrusions into corporate networks, using as part of their arsenal resources provided by one or more ransomware operations to which they may be linked

Vulnerability Disclosure

28/February/2024

CVEs: Access control vulnerabilities found within Multilaser routers’ web management interface

This publication deals with the discovery of security flaws that may enable unauthorized access and control of Multilaser router configurations

Network Security

15/February/2024

What is DoS? How to defend yourself?

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks represent a constant threat to global enterprises, with alarming numbers of incidents. In addition to the direct losses caused by the interruption of services, companies face a new form of attack: Ransom DDoS (RDDoS), where attackers demand payment to cease attacks

Exploit Development

31/January/2024

AFL++ and an introduction to Feedback-Based Fuzzing

Many bugs found from fuzzing tests can be signs of serious vulnerabilities

Cloud & Platform Security

17/January/2024

Privilege escalation with IAM on AWS

Privilege escalation in AWS consists of having sufficient permissions for administrative access to an organization

Cyber-Physical Systems

28/December/2023

What is cryptojacking?

Understand the main points of the cryptojacking phenomenon, its origins, how it works and the consequences for individuals and organizations

15/December/2023

The Art of Cloud Security: Proactive Detection of Configuration Errors

Implementing a mechanism that detects configuration faults and makes them visible to be handled by the administrators is an excellent alternative for reducing the attack surface on Cloud resources

AI, ML & Data Science

21/November/2023

Detecting bugs in source code with AI

Explore one of the techniques for detecting vulnerabilities through Functionally-similar yet Inconsistent Code (FICS), using static analysis to identify inconsistencies in code. Learn more about its customized representation and hierarchical clustering, revealing advantages, results, and potential improvements

Detection Engineering

25/October/2023

False positives in threat detection

Understand the need to create exceptions, adjust detection logic and rules, implement processes to handle alerts and manage false positives when identifying cyber threats

06/October/2023

Anti-flapping and correlation techniques in Zabbix to mitigate false positives in an SOC

Zabbix is a monitoring platform that offers flexibility in notifying issues in networks, servers, and services, aiming for SOC effectiveness. In this article, we address techniques to reduce false positives and alert flooding, including anti-flapping and logic correlation, strategies that enhance monitoring reliability

Cyber-Physical Systems

22/September/2023

Study of vulnerabilities in MIFARE Classic cards

Understand how RFID technology allows remote communication through electronic tags. Discover the details of MIFARE Classic cards, their structure, encryption and potential vulnerabilities

AI, ML & Data Science

08/September/2023

Detecting Anomalies using Machine Learning on Splunk

The identification of cyberattacks is crucial to safeguard networks and systems, but signature detection has its limitations. Therefore, the discovery of anomalies through machine learning is a promising approach

Hardware/Embedded

23/August/2023

Mapping vulnerabilities in amazon echo using alexa skills

How a malicious developer can use skills development tools to attack users

14/August/2023

Browser extensions: Friend or Foe?

How a supposedly harmless browser extension can harm you without you even knowing it

Web Application Security

14/August/2023

Pickles, Shorts and Jokers: A study on Java deserialization

Explore insecure deserialization in Java applications. Learn about serialization, deserialization, Magic Methods, and how attackers use gadgets to cause damage. Learn about mitigation measures and the importance of restricting deserialization to protect your application against this security vulnerability

Cloud & Platform Security

12/July/2023

The importance of establishing new perimeters surrounding the cloud

The addition of Single Points of Access (SOPs) for AWS aims to reduce vulnerability exploitation by using administrative users in AWS

THREAT INTELLIGENCE

20/June/2023

Stooge Accounts: the final link in cybercrime money laundering in Brazil

Investigation reveals the obscure trade in orange accounts: learn about the values, tactics and risks involved in this criminal practice used by fraudsters to receive money from financial fraud

Network Security

15/June/2023

The importance of a good configuration of IPv6 rules in the firewall

The importance of a good IPv6 firewall rule configuration is related to the need to protect an organization's network against potential vulnerabilities and attacks that may exploit the specific characteristics of the IPv6 protocol

Network Security

01/June/2023

Configuring SSH Certificate-Based Authentication

Authentication via SSH certificates improves security and offers flexibility and scalability. While its implementation can be complex and not supported by all SSH clients, it is considered an improvement over key or password authentication

Vulnerability Disclosure

18/May/2023

CVE-2023-27233: SQL Command Execution Vulnerability in Piwigo 13.5.0

Survey reveals weakness in the open source software, allowing the execution of arbitrary SQL commands

Vulnerability Disclosure

17/May/2023

CVE-2023-26876: SQL injection vulnerability found in Piwigo image management software

Security flaw may allow unauthorized access and retrieval of sensitive server data

AI, ML & Data Science

19/April/2023

Threats to Machine Learning-Based Systems – Part 2 of 5

In this post, we discuss how adversarial attacks affect the physical layer of the OSI model and may potentially shut down wireless communications, such as 5G, by focusing on a modulation classification application

Exploit Development

04/April/2023

Attacking JS engines: Fundamentals for understanding memory corruption crashes

It will be possible to better understand the Javascript structures in memory while executing code in browsers or in any other program that makes use of the most famous JS interpreters, such as Firefox, Google Chrome, Internet Explorer and Safari

AI, ML & Data Science

15/March/2023

Threats to Machine Learning-based Systems – Part 1 of 5

Risks and Vulnerabilities Introduced by Machine Learning

Web Application Security

01/March/2023

Web cache poisoning – a practical approach

The web cache poisoning vulnerability involves the possibility of using the cache services to deliver malicious pages to the clients of a website

THREAT INTELLIGENCE

15/February/2023

Use of Google Ads and SEO Poisoning for malware dissemination

Tempest's Threat Intelligence team has identified in the last 3 months a significant increase in the adoption of Google Ads and SEO Poisoning techniques for the dissemination of several threats, most notably IcedID, Gootkit Loader and the Rhadamanthys, Vidar, Raccoon and RedLine stealers

Corporate Security

01/February/2023

Cloud Security to Reduce the Impact of Shadow-IT

It is estimated that 97% of cloud applications are not being managed, making the visibility of these applications difficult for security teams

18/January/2023

Fraud in E-commerces – Brazilian Perspective

The success of e-commerces in Brazil is unquestionable and, of course, carries the same burden of fraud growth. In 2021, for example, there was a loss of more than BRL 7 billion related to fraud attempts, an increase of 100% compared to the previous year

05/January/2023

Methodology for Security Analysis in Operating Systems from the Compliance Management Perspective

These vulnerable environment scenarios are part of the reality experienced by security teams, who work on the daily assessment of systems in order to protect assets from vulnerabilities that affect critical devices or systems in companies

THREAT INTELLIGENCE

20/December/2022

New Chaes campaign uses Windows Management Instrumentation Command-Line Utility

Tempest's Threat Intelligence team recently identified a new campaign by the Chaes malware operators, in which there's a heavy use of Windows Management Instrumentation Command-Line Utility (WMIC) during the infection phase and in the theft of victim data

Software Security

09/December/2022

A Study on C Integers

From January up until August 2022, MITRE has already registered 96 CVEs (common vulnerabilities and exposures) involving integers. Therefore, this is a subject that requires attention

Corporate Security

24/November/2022

The dangers of Shadow It – and CASB’s role in protecting the environment

There was a time when people considered that data would always be safe behind applications, which were considered to be heavily protected

Detection Engineering

09/November/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 5 of 5

Intrusion Detection using Generative Adversarial Networks

Detection Engineering

26/October/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 4 of 5

Intrusion Detection using Autoencoders

Detection Engineering

13/October/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 3 of 5

One-Class Novelty Detection Intrusion Detection Systems

Vulnerability Disclosure

30/September/2022

CVE-2022-2863: WordPress plugin WPvivid Backup in version 0.9.76 and lower, allows reading of arbitrary files from server

Developers of the plugin have patched and released an update correcting the glitch in a later version

Cloud & Platform Security

14/September/2022

Attacks via Misconfiguration on Kubernetes Orchestrators

Kubernetes makes it easy to create, delete, and manage these containers. With just one command, you can replicate the action on all the required containers

Web Application Security

01/September/2022

Cross-site Scripting (XSS), variants and correction

Constantly mentioned in the OWASP Top Ten, the XSS makes it possible to hijack sessions, modify the application, redirect to malicious websites and more. Here we will cover the concepts and how to prevent it from happening in our applications

Detection Engineering

18/August/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 2 of 5

Clustering-Based Unsupervised Intrusion Detection Systems

Software Security

05/August/2022

Compromise Indicators in incident detection and false positive reduction in practice

Given the complexity and advance of threats to computing environments, such as the spread of ransomware attacks that have been growing in recent years (KENNEALLY, 2021), analyzing threats thoroughly and intelligently is crucial

Detection Engineering

20/July/2022

MISP Broker

Tempest's team of researchers develop and share a tool to assist in activities carried out by defensive security analysts

THREAT INTELLIGENCE

11/July/2022

Stealers, access sales and ransomware: supply chain and business models in cybercrime

Although incidents arising from such activities happen mostly in the computational universe, their impacts are not restricted to the digital world, and can affect people, institutions, cities, or even countries

Detection Engineering

23/June/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 1 of 5

Signature vs. Anomaly-Based Intrusion Detection Systems

Cloud & Platform Security

08/June/2022

Unwanted Permissions that may impact security when using the ReadOnlyAccess policy in AWS

With this initial analysis, Tempest researchers identified at least 41 actions that can lead to improper data access

Vulnerability Disclosure

25/May/2022

CVE-2021-46426: phpIPAM 1.4.4 allows reflected XSS and CSRF via subnets functionality

Its version 1.4.4 is vulnerable to Reflected Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks

Vulnerability Disclosure

25/May/2022

CVE-2021-30140: XSS Vulnerability Detection in Liquid Files

LiquidFiles 3.4.15 has stored XSS via "send email" functionality when emailing a file to an administrator.

THREAT INTELLIGENCE

02/May/2022

Mekotio banking trojan identified in a new campaign against Brazilian account holders

The Trojan, which supposedly originated in Brazil, has divided its infection process into multiple stages in order to make the work of malware analysts more difficult

Cybersec Customer Success

26/April/2022

Information Security: Policies for Clean Desks and Screens

Information security (IS) is directly related to protecting a set of information, in the sense of preserving the value it holds for an individual or an organization

22/April/2022

Facial Biometrics: Major Attacks and Mitigations

As with every major new development in the security market, this explosion of systems based on facial biometrics has been followed by new and increasingly sophisticated forms of fraud

Web Application Security

25/March/2022

HTTP Method Override – what it is and how a pentester can use it

How this technique can help potential attackers bypass security measures based on HTTP methods

Corporate Security

09/February/2022

Data Leak Prevention Intelligence

In this article, the focal point is to present a more conceptual view of the subject for those who have already taken the first plunge into the information security field

Cloud & Platform Security

25/January/2022

Unauth root account email discovery with AWS organizations

From the information previously discovered, it's possible to get equipped with information to carry out the next phases and moves of the attack

Corporate Security

12/January/2022

Evaluate, Direct and Monitor – governance goals according to the ISACA COBIT 2019 framework in the context of Managed Detection and Response (MDR)

This article aims to comprehensively address the responsibilities and competences of an IT governance system in the organization

Cybersec Customer Success

21/December/2021

A philosophy for quality customer service in the information security market

This article addresses this scenario and shares some proposals for achieving this goal

Software Engineering

17/December/2021

A Web Accessibility: how to modify our projects today

In this blogpost, we'll address directions and techniques that can be incorporated into our web projects

Vulnerability Management

17/November/2021

How intelligence data can help manage vulnerabilities

With the large number of vulnerabilities detected, the question is: how to prioritize what to fix first?

Detection Engineering

03/November/2021

Providing Visibility, Monitoring, and Anomaly Detection with FleetDM and Osquery

Nowadays, there is a concern about security and its monitoring

Cloud & Platform Security

28/October/2021

Enumerating Services in AWS Accounts in an Anonymous and Unauthenticated Manner

In recent research, we adjusted a enumeration technique used for years to map services on a AWS account to just its account id and with unauthenticated form

22/October/2021

Cobalt Strike: Infrastructure Analysis

In a recent review, we described and offered pointers on the most common configurations of this tool, which is one of the most used by criminals

Data Engineering

21/October/2021

Data anonymization: what, why and how is it done?

An introduction to the need, concept and application of Data Anonymization techniques in times where information is golden and plentiful everywhere.

Detection Engineering

13/October/2021

Unveiling the SIGMA (YAML) for Detection Engineering

Sigma Rules: A Format for Composing Your Discovery Use Case Library

05/October/2021

Fake stores: how Brazilian criminals use SPAM services to boost fake stores

Evidence from fraud groups reveals a wide variety of services used to disseminate malicious campaigns

Cybersec Customer Success

15/September/2021

Tracking the customer journey in search of strategic data for both the customer and the provider

Nesse artigo, vamos caminhar juntos e entender a jornada do cliente em Customer Success, com o objetivo de deixar clara a importância de um relacionamento personalizado com o cliente, e de ter sua jornada percorrida de forma plena.

Corporate Security

01/September/2021

DLP technology making your life easier in achieving compliance with major market standards and regulations

How to prevent sensitive and/or company-valued data from leaking out of the organization, regardless of the reason

Web Application Security

18/August/2021

URL Filter Subversion

How failures related to validating conditions based on URLs can lead to security issues

Software Engineering

04/August/2021

Making it easy to generate GraphQL APIs with Hasura

Learn how to use plug-and-play with Postgres database schema

22/July/2021

A Background on DNS over HTTPS and discussions about its implementation

The DoH is the protocol that aims to provide greater privacy to users browsing the Internet

14/July/2021

LOLBins: how native tools are used to make threats stealthier

Over the years, operating systems' native tools have become both popular and a preponderant mechanisms in the attackers hands whom combine them with malwares

02/July/2021

SideChannel: content generation as a driving force in the development of cybersecurity

With the constant growth of cyber-attacks, sharing knowledge in the area of cybersecurity becomes essential

Software Engineering

23/June/2021

How to create a project with React?

It is necessary to think about everything, in order to structure a project: from folders organization to the coding language to be used, besides tolls and frameworks that will help in its developement

10/June/2021

An overview of the main WhatsApp scams and ways to protect yourself

WhatsApp cloning still is one of the biggest applied scam

Reverse Engineering

26/May/2021

USER-STACK: Essential knowledge to Memory Corruption study

Study on User-Stack principles in Windows and its defense and attack aspects

Software Engineering

12/May/2021

Creating an API with NestJS

Presenting an option to create backends using JavaScript/TypeScript in an organized and easy to maintain way

03/May/2021

Impostor Attendant: How criminals use famous brands to deceive users on social networks

Recent campaigns rekindle discussions about the malicious use of social networks

Application Security

30/April/2021

ASCII to UTF-8 Encoding

It's a usual encode issue presents a character in the middle of a word

16/April/2021

New banking trojan is identified in campaigns against Brazilian account holders

Named SLKRat by Tempest, the malware uses the screen overlay technique to steal bank information

Web Application Security

31/March/2021

Common problems in bad implementations of business rules and absence of data validation – Part 1

This is the first in a series of publications about security flaws in two-factor authentication implementations.

Cloud & Platform Security

12/March/2021

Good security practices using Docker

Security must be considered at all levels of a project, from code development to the infrastructure where it will run.

03/March/2021

Jupyter Notebooks for fun and cryptomining

Criminals are taking advantage of weaknesses in the data science tool to mine cryptocurrencies

Web Application Security

24/February/2021

SQL Injection: There was a comma halfway

How to efficiently exploit a Blind SQL Injection when the vulnerable application removes the character “,” (comma) from the request?

11/February/2021

New Astaroth techniques focus on anti-detection measures

Trojan started to exploit websites vulnerable to Cross-Site Scripting attacks and to use the finger command for remote execution of malicious code.

Software Security

27/January/2021

Is it possible to design a good user experience without giving up security?

When we build a safe product for the user, we are also assigning security and less damage to the business.

Web Application Security

18/January/2021

Access Control Flaws in Web Applications

If there is a vulnerability, an attacker could compromise the application completely

Web Application Security

31/December/2020

Server Side Request Forgery — Attack and Defense

Also known as SSRF, is a vulnerability that allows an attacker to make requests through a vulnerable server

09/December/2020

New Vadokrist Trojan campaign uses Pix as phishing bait

The threat affects customers of major Brazilian banks, using the DLL Injection technique in its infection process and misusing GitHub

Web Application Security

19/November/2020

A long time ago, in a web far away, the SQL Injection appeared

Understand how the SQL Injection works and how to protect yourself against it

Web Application Security

06/November/2020

Let’s go with Cross Site Request Forgery?

According to a survey carried out by OWASP in 2013, CSRF was on the list of the 10 most common vulnerabilities founded in Web applications.

Application Security

14/October/2020

HTML to PDF converters, can I hack them?

Our goal here was to investigate what kind of vulnerabilities can be inserted in a software through the use of libraries with the above mentioned functionality

Application Security

30/September/2020

Brute Force Attacks: Protection and Mitigation Measures

Any system that interacts with the internet must be prepared to defend itself from a large arsenal of techniques and attacks

Software Security

16/September/2020

Safe development practices for agile teams

With increasingly tight deadlines for software projects, agile methodologies have been widely used in the area

Hardware/Embedded

02/September/2020

The danger of using the Wifi module ESP8266 to create a backdoor

We will detail the necessary steps to perform the firmware upload correctly

Application Security

19/August/2020

Mimikatz: Mitigating credential theft attacks

The tool has become indispensable in the arsenal used by both pentesters and attackers and malware in real compromising scenarios

Vulnerability Disclosure

06/August/2020

Path Traversal Vulnerability in SecurEnvoy impacts on remote command execution through file upload

Attacks of this type consist of the possibility of traversing directories outside and/or inside the root of the application, thus allowing access to other files or folders in an arbitrary manner

23/July/2020

Analyzing some defense mechanisms in mobile browsers

For many internet users, browsers have become a fundamental part of our daily lives

13/July/2020

Cybersecurity in Healthcare in the midst of crisis

COVID-19 Series: Key Topics to Combat Cyberattacks Taking Place in Hospitals During the Pandemic

08/July/2020

Cryptography: Applications to ensure your privacy

It guarantees that the confidentiality of the data can be assured, either in its storage or in its communication process

Vulnerability Disclosure

23/June/2020

DLL Hijacking at the Trend Micro Password Manager (CVE-2020–8469)

We will briefly present some basic concepts on the subject, as well as the demonstration of this vulnerability in Trend Micro Password Manager

18/June/2020

Tactics, techniques, and pointers on recent major Double Extortion threats

An overview of the actions of the groups operating the Maze, Snake, RagnarLocker, Clop, REvil (Sodinokibi), Netwalker (Mailto), DoppelPaymer, and Nefilim ransomwares

Reverse Engineering

11/June/2020

BA AD F0 0D: Using memory debug code as an anti-debugging technique

New anti-debugging techniques are always welcome

08/May/2020

Double Extortion: Data leak combined with ransomware have increased in recent weeks

Criminals use various techniques to extract sensitive data and sabotage the environment, requiring payment to prevent leaks

09/April/2020

Bringing Zoom Safety into Perspective

COVID-19 series: an analysis of the latest incidents involving the security of the product

Corporate Security

25/March/2020

The strategies behind the new coronavirus-themed attacks

COVID-19 series: old scams in new packaging

Corporate Security

19/March/2020

The bare minimum of cybersecurity you need to consider when building an infrastructure in a hurry

COVID-19 Series: What topics to prioritize and a few free resources and information providers

Corporate Security

16/March/2020

Cybersecurity in the home office in times of coronavirus: a question of coresponsibility

COVID-19 series: tips for protecting company data in your home environment

Vulnerability Disclosure

11/March/2020

Vulnerability in Avast Secure Browser enables escalation of privileges on Windows

Exploitation abuses the hardlinks feature, which represents the file content on the NTFS system

Corporate Security

03/March/2020

Case Study — Symantec DLP — Endpoint Environment

Analysis of the environment and problems found

Web Application Security

10/February/2020

Once upon a time an account enumeration

Identifying valid users in a variety of conditions and ways to protect your systems from this threat

Software Security

24/January/2020

For less Gandalfs and more John Wicks (or, for less magic frameworks and more software engineering)

Go is a relatively new language, similar to C but with memory safe, garbage collection, structural typing…

Web Application Security

07/January/2020

The Cypher Injection Saga

From descriptive error to BURP extension

12/December/2019

Evil Maid: Attack on computers with encrypted disks

The attack allows to obtain data stored on a disk or even to gain remote access to the victim’s computer

05/December/2019

Brazilian fraudsters are using a distributed tool to obtain CVV data

Tactic has been used both against legitimate e-commerce websites under the control of the attacker, and against payment gateways

Software Security

26/November/2019

Consuming APIs with Flutter and Redux | Walk through

Most of people only meet Redux when they bump into React, and internalize the architecture as a React thing

23/November/2019

New HydraPOS malware dashboard has been identified with data from over 100,000 credit cards

Variant of the threat, described by Tempest in 2017, remains in full operation and has dozens of targets in Brazil

Corporate Security

12/November/2019

Information Security Risk Management — Analytical Thinking

A brief risk management analysis based on ISO / IEC 27005: 2011 — Information Technology — Security Techniques — Information Security Risk Management

Web Application Security

29/October/2019

A Burp plugin that automates failure detection in the HTML development process

The idea of creating another extension for Burp came up in one of the editions of “Na Beira do Rio”

15/October/2019

Cloud Migration: what to consider from a cybersecurity perspective

Keeping cloud data secure requires as much or more care and control than data stored on premises

01/October/2019

Phishing campaign spreads malware to Facebook users in Brazil and Mexico

Sponsored ads offered discount coupons to distribute a malicious Chrome extension, among other threats

17/September/2019

Research identifies tool used to extract and manipulate email attachments

Offered in social networks, tool also allows to validate email credentials

05/September/2019

A brief analysis of data compression security issues

Many applications compress data before it is encrypted, which, in some cases, may compromise the confidentiality of the transmitted data

Vulnerability Disclosure

20/August/2019

Trend Micro Maximum Security 2019 vulnerability allows for privilege escalation attacks on Windows

Discovered by Tempest analyst, the flaw had a fix released last week

Software Security

14/August/2019

Adequately using relational database privileges in migration tasks

How to improve security in the database access using the Principle of Least Privilege

Vulnerability Disclosure

31/July/2019

Vulnerability in Avira Security Suite enables for privilege escalation attacks

The flaw is present in a file which, by default, has open access and control permissions for all Windows users

Vulnerability Disclosure

16/July/2019

Tempest identifies weakness in Microsoft security service

By exploiting the vulnerability, an attacker can deliver malicious files via email

24/May/2019

Tempest discovers fraud campaign that amassed 2 million payment card data

Malware was installed in 2,600 points of sale of commercial businesses throughout Brazil

27/March/2019

GUP: banking malware campaign affects account holders of nine Brazilian institutions

Threat is based on overlaying the Internet Banking screen to perform fraudulent transactions while the user accesses the bank’s website

Vulnerability Disclosure

18/December/2018

Critical vulnerability is identified in Aligera products

The vulnerability allows an attacker to gain full control of the device

29/November/2018

FBI closes multi-million dollar ad-fraud scheme

The campaign infected more than 1.7 million computers to generate fake clicks

27/November/2018

Botnet Bushido has increased activity detected

This variant would be used in DDoS rental services

26/November/2018

Campaign disseminates banking trojan for clients of Brazilian banks

The malware has evasive features that circumvent anti-virus systems and use advanced screen overlay techniques

19/November/2018

Dodge game: a story about document fraud

It is a job that depends essentially on digital resources

12/November/2018

Vulnerable Adobe ColdFusion servers are targeted by cybercriminals

Cybercriminals have used reverse engineering in an Adobe patch in search for vulnerabilities to exploit

07/November/2018

Malware campaign in Brazil uses legitimate Windows components

Campaign uses WMI and CertUtil functions to attack its victims

06/November/2018

Soon, CVSS scores will be assigned by AI

NIST is evaluating the use of IBM Watson to perform the task

05/November/2018

More than half of SMBs have experienced some security breach in the last year

Phishing and Malware are the most common attacks

01/November/2018

POS devices have several flaws that allow for different types of attacks

Vulnerabilities were found in more than half of the major mobile POS tested terminals

29/October/2018

jQuery File Upload: plugin flaw leaves thousands of vulnerable websites

Flaw was introduced when Apache disabled security control of .htacceess files

25/October/2018

Another Windows Zero-Day vulnerability is disclosed on Twitter

New flaw allows for deletion of critical system data and privilege escalation

24/October/2018

Cisco and F5 Networks Assess Impact of Vulnerability on Libssh

Flaw related to encoding error affects library version 0.6.0

23/October/2018

Two critical vulnerabilities have been found on NAS devices

Flaws are present on WD My Book, NetGear Stora, SeaGate Home and NAS Medion LifeCloud devices

22/October/2018

13 flaws in the Amazon FreeRTOS IoT operating system are found

Attackers can take complete control of the system

22/October/2018

Chrome 70 optimizes privacy and fixes 23 vulnerabilities

Google paid more than $ 20,000 in rewards to researchers reporting flaws

04/September/2018

Garage scheme: scam affects vehicle financing

A gang carried out a fraud against financial institutions

28/August/2018

Fake stores, “boletos” and WhatsApp: Uncovering a Phishing-as-a-Service operation

This activity relies on platforms that sell fake e-commerce (fake stores)

21/August/2018

Domain Redirection Attack on Brazilian Banks Affects Intelbras Routers

The exposure of these access credentials is due to a vulnerability published in 2015

20/August/2018

Hakai botnet shows signs of intense activity in Latin America

This botnet has been detected by our sensors 134 times just this month

01/August/2018

New attempts to attack D-Link devices in Brazil are detected

Tempest monitoring team identified the activity of 11 botnets attempting to exploit device flaws

25/July/2018

New variant of the Mirai botnet has activity detected in Brazil

Botnet tries to exploit vulnerabilities in routers and monitoring systems

20/June/2018

New laws in Europe and the US could threaten Internet fundamentals, experts say

None of them is getting the same attention from the market as GDPR

19/April/2018

Chinese government surveillance app is vulnerable to MITM attacks

In a report released last week, the Open Technology Fund (OTF) stated that the JingWang app does not protect users’ private information; and, besides that, it is vulnerable to man-in-the-middle attacks

09/April/2018

Do we need to discuss Bitcoin’s impact on global energy production and consumption?

Is there any reason for this concern? And, above all: is there enough data to come to any conclusion?

28/March/2018

A false Android app is being used to spy on Iranian citizens

The malware used in this campaign infects Android users through a fake version of a VPN application called Psiphon

Vulnerability Disclosure

20/March/2018

Hola VPN software flaw could lead to privilege escalation

If exploited, the vulnerability allows for privilege escalation in the operating system, allowing the attacker to get full control over the victim’s computer

Vulnerability Disclosure

05/March/2018

Rapid SCADA: Industrial system has elementary flaw in access control

The flaw allows the system to become a bridge to access critical infrastructures

20/February/2018

Cyber security: how old and new problems place companies in a “state of attention”

Noticing that security is inserted among such important issues for society does not come as a surprise

08/February/2018

EZ-Security joins Tempest creating Brazil’s largest cyber security specialized company

We can now offer our customers and partners the largest and most comprehensive portfolio of products and services

01/February/2018

One third of the Internet was under DoS attack, according to study

Six university researchers shed some light on this type of attack

16/January/2018

New threats expose risk of attacks on satellite communication systems on ships

These vulnerabilities would allow access to internal systems of offshore vessels

Vulnerability Disclosure

08/January/2018

Password manager flaw allows for arbitrary command execution

The flaw was found in the latest version of the software (4.9.3)

Corporate Security

03/November/2017

Risks involving supply chain attacks

We will look at some threats that abuse the supply chain and also address some of the consequences faced by organizations that have been victims of this type of attack

18/October/2017

HydraPOS — Operation of Brazilian fraudsters has accumulated, at least, 1.4 million card data

Fraud scheme went unnoticed for four years, targeting several merchants in Brazil

25/September/2017

Digital advertising tools are being used to disseminate phishing campaigns

The discovery is the result of research being conducted at El Pescador since 2016

13/September/2017

Artificial Intelligence techniques can be used to automate false reviews on websites, study suggests

The technique is presented as the next evolution of a practice known as “crowdturfing”

04/September/2017

Conceptual attack uses replacement parts to take control of mobile devices

Two initial attacks are described in the study, both happened after the exchange of an original touchscreen module with a malicious version

21/July/2017

Tempest is a co-author of the “Best Practices in Fraud Prevention” guide for the digital advertising industry

The event was part of a series of actions promoted by the IAB, which aims to make advertisers aware of the responsibility of require transparency regarding the investments made in digital advertising

30/June/2017

Study assesses risks and implications of cyber attacks on nuclear defense systems

Document examines the possibilities of cyberattack to the Trident— britain nuclear deterrent program

23/June/2017

Data leakage is the theme of El Pescador’s new simulated phishing campaign

Cyber threats are constantly being renewed as cybercriminals develop increasingly sophisticated techniques to achieve their goals

16/June/2017

Pacemakers may be vulnerable to cyberattacks, study finds

More than 8,000 vulnerabilities have been discovered in several models. In the UK the number of implanted devices exceeds 400 per million inhabitants

05/June/2017

Android: failures that are beyond the code

In which ways the appropriation of the Android ecosystem affects its security

26/May/2017

A time bomb: the challenge to fight fraud in the digital advertising industry

The HummingBad is one among the various activities that continually harm the digital advertising industry

26/May/2017

Increase in ‘CEO Fraud’ attacks highlights risks to corporate environments

The number of BEC (Business Email Compromise) attacks has grown about 55% in 2015 in comparison with the previous year

26/May/2017

Ransomware recent developments and threats

New threats, spike in infections and attacks against the healthcare industry

26/May/2017

Malvertising — recent developments on tactics and techniques

Performing Malvertising attacks has already become an established technique in the modus operandi of several cyber crime rings

26/May/2017

Exploit Kits: The current revival of an old tool that became trend

The first campaign that used an EK was spotted a decade ago and it used code that exploited a ‘0-day’ vulnerability in Internet Explorer

18/May/2017

Inspeckage, mobile application software analysis, has Tempest’s official support

This stamp represents the partnership between Tempest and Antonio Martins, developer of the tool and mobile application anaylsis specialist

12/May/2017

WannaCry ransomware spreads around the world and impacts large enterprises

The malware has the behavior of a worm, infecting vulnerable computers that allow connections through Server Message Block (SMB) and Remote Desktop Protocol (RDP) connections

09/May/2017

GE patches up vulnerability that allows remote power grids shutdown

Cyberattacks aimed at infrastructure were considered to be costly, requiring a great amount of resources and knowledge to execute

03/May/2017

Stolen “Orange is the New Black” episodes are leaked online. Attackers threaten other studios

The leak occurred after the company refused to pay a ransom of 50 bitcoin that the hacking group demanded in order to not disclose the videos

28/April/2017

Security incident on corporate chat tool HipChat may have exposed users data

It has affected their webservers and allowed others unauthorised access to user content

05/April/2017

USB-based malware raises suspicions of hostile attacks in air-gapped environments

The malware has self-protection features based on volume encryption using the AES128 algorithm, which also creates a single image that should prevent cloning the USB device

26/March/2017

Cyber war games exercises explained

Tempest Security Intelligence has created a unique methodology for running large-scale cyber war games exercises, which we call CYBERDRILL TM

14/March/2017

Steganography in Malvertising campaigns: attacks continue to improve

These attacks have been active at least since 2014 and contain steganography techniques in their execution

13/March/2017

Law enforcement agencies adapt proceedings against Dark Markets in Operation Hyperion

At the end of October, 2016, an international task force identified thousands of people involved in the buying and selling of illicit products and services in Dark Markets

Cybersec Customer Success

20/June/2025

PRINCE2 – Tempest’s best practices on project management in a controlled environment

A cybersecurity company isn't just about...cybersecurity. Just like any other business model, at Tempest there are professionals from different areas of expertise who work together to achieve results focused on delivering value to the client, while of course respecting good information security practices. This article, which will be divided into two parts, will present how good project management practices help to maximize positive results by identifying and correcting possible gaps in internal processes while delivering value to the client. In this first publication, we'll cover general concepts about projects, controlled environments, project management methodologies and we'll also give a short introduction to our experience at Tempest after adopting PRINCE2 as the basic methodology for our project management office. In the second part, to be published shortly, the results presented here in summary form will be further detailed, along with other metrics achieved during this standardization journey.

Intelligence, Malware, Reverse Engineering, Tempest Research, THREAT INTELLIGENCE

21/May/2025

Coyote: a stealthy banking trojan targeting dozens of Brazilian financial institutions

The new variants analyzed by Tempest feature a new method of dissemination via WhatsApp Web, in a rather unusual approach among banking Trojans targeting Latin America.

Application Security, Web Application Security

16/April/2025

Overview of vulnerabilities in the implementation of the OAuth protocol

Although widely used by web applications, if implemented improperly, OAuth can lead to token hijacking, redirection to malicious applications and other possibilities. In this blogpost, we'll discuss some of the vulnerabilities inherent in improper implementation of the protocol and how to mitigate them.

Application Security, Cloud, Cloud & Platform Security

20/March/2025

Event injection in serverless architectures

This report is a study of serverless architecture and how this type of environment opens up a new range of injection attacks. This study provides an overview of the architecture, the range of its attack surface, how injection attacks occur and the possible impacts that this kind of vulnerability can bring.

THREAT INTELLIGENCE

14/February/2025

Rise in the use of remote monitoring and management software in malicious campaigns

Tempest researchers identify an increase in the use of RMM tools in campaigns targeting Brazil

Web Application Security

10/February/2025

Understanding the Edge Side Include Injection vulnerability

The vulnerability occurs through the injection of ESI fragments

THREAT INTELLIGENCE

10/February/2025

Gh0st RAT: malware active for 15 years is still used by threat operators

Find out how an open source RAT developed in 2008 is still relevant and has become the basis for different variants present in the most diverse campaigns.

Vulnerability Disclosure

15/July/2024

Cross-Site Scripting (XSS) vulnerabilities and direct unauthenticated access found in the LumisXP Framework

This publication focuses on the discovery of flaws that allow the execution of arbitrary scripts (HTML/JavaScript) and unauthorized access in applications using LumisXP, without the need for authentication

Web Application Security

17/June/2024

XSSi: An overview of the vulnerability in 2024

Largely overlooked by both developers and cybersecurity researchers, the vulnerability still represents a source of threat to individuals and businesses

THREAT INTELLIGENCE

10/April/2024

Understanding Ransomware-as-a-Service operations from an affiliate’s perspective

Affiliates are individuals or subgroups responsible for conducting intrusions into corporate networks, using as part of their arsenal resources provided by one or more ransomware operations to which they may be linked

Vulnerability Disclosure

28/February/2024

CVEs: Access control vulnerabilities found within Multilaser routers’ web management interface

This publication deals with the discovery of security flaws that may enable unauthorized access and control of Multilaser router configurations

Network Security

15/February/2024

What is DoS? How to defend yourself?

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks represent a constant threat to global enterprises, with alarming numbers of incidents. In addition to the direct losses caused by the interruption of services, companies face a new form of attack: Ransom DDoS (RDDoS), where attackers demand payment to cease attacks

Exploit Development

31/January/2024

AFL++ and an introduction to Feedback-Based Fuzzing

Many bugs found from fuzzing tests can be signs of serious vulnerabilities

Cloud & Platform Security

17/January/2024

Privilege escalation with IAM on AWS

Privilege escalation in AWS consists of having sufficient permissions for administrative access to an organization

Cyber-Physical Systems

28/December/2023

What is cryptojacking?

Understand the main points of the cryptojacking phenomenon, its origins, how it works and the consequences for individuals and organizations

15/December/2023

The Art of Cloud Security: Proactive Detection of Configuration Errors

Implementing a mechanism that detects configuration faults and makes them visible to be handled by the administrators is an excellent alternative for reducing the attack surface on Cloud resources

AI, ML & Data Science

21/November/2023

Detecting bugs in source code with AI

Explore one of the techniques for detecting vulnerabilities through Functionally-similar yet Inconsistent Code (FICS), using static analysis to identify inconsistencies in code. Learn more about its customized representation and hierarchical clustering, revealing advantages, results, and potential improvements

Detection Engineering

25/October/2023

False positives in threat detection

Understand the need to create exceptions, adjust detection logic and rules, implement processes to handle alerts and manage false positives when identifying cyber threats

06/October/2023

Anti-flapping and correlation techniques in Zabbix to mitigate false positives in an SOC

Zabbix is a monitoring platform that offers flexibility in notifying issues in networks, servers, and services, aiming for SOC effectiveness. In this article, we address techniques to reduce false positives and alert flooding, including anti-flapping and logic correlation, strategies that enhance monitoring reliability

Cyber-Physical Systems

22/September/2023

Study of vulnerabilities in MIFARE Classic cards

Understand how RFID technology allows remote communication through electronic tags. Discover the details of MIFARE Classic cards, their structure, encryption and potential vulnerabilities

AI, ML & Data Science

08/September/2023

Detecting Anomalies using Machine Learning on Splunk

The identification of cyberattacks is crucial to safeguard networks and systems, but signature detection has its limitations. Therefore, the discovery of anomalies through machine learning is a promising approach

Hardware/Embedded

23/August/2023

Mapping vulnerabilities in amazon echo using alexa skills

How a malicious developer can use skills development tools to attack users

14/August/2023

Browser extensions: Friend or Foe?

How a supposedly harmless browser extension can harm you without you even knowing it

Web Application Security

14/August/2023

Pickles, Shorts and Jokers: A study on Java deserialization

Explore insecure deserialization in Java applications. Learn about serialization, deserialization, Magic Methods, and how attackers use gadgets to cause damage. Learn about mitigation measures and the importance of restricting deserialization to protect your application against this security vulnerability

Cloud & Platform Security

12/July/2023

The importance of establishing new perimeters surrounding the cloud

The addition of Single Points of Access (SOPs) for AWS aims to reduce vulnerability exploitation by using administrative users in AWS

THREAT INTELLIGENCE

20/June/2023

Stooge Accounts: the final link in cybercrime money laundering in Brazil

Investigation reveals the obscure trade in orange accounts: learn about the values, tactics and risks involved in this criminal practice used by fraudsters to receive money from financial fraud

Network Security

15/June/2023

The importance of a good configuration of IPv6 rules in the firewall

The importance of a good IPv6 firewall rule configuration is related to the need to protect an organization's network against potential vulnerabilities and attacks that may exploit the specific characteristics of the IPv6 protocol

Network Security

01/June/2023

Configuring SSH Certificate-Based Authentication

Authentication via SSH certificates improves security and offers flexibility and scalability. While its implementation can be complex and not supported by all SSH clients, it is considered an improvement over key or password authentication

Vulnerability Disclosure

18/May/2023

CVE-2023-27233: SQL Command Execution Vulnerability in Piwigo 13.5.0

Survey reveals weakness in the open source software, allowing the execution of arbitrary SQL commands

Vulnerability Disclosure

17/May/2023

CVE-2023-26876: SQL injection vulnerability found in Piwigo image management software

Security flaw may allow unauthorized access and retrieval of sensitive server data

AI, ML & Data Science

19/April/2023

Threats to Machine Learning-Based Systems – Part 2 of 5

In this post, we discuss how adversarial attacks affect the physical layer of the OSI model and may potentially shut down wireless communications, such as 5G, by focusing on a modulation classification application

Exploit Development

04/April/2023

Attacking JS engines: Fundamentals for understanding memory corruption crashes

It will be possible to better understand the Javascript structures in memory while executing code in browsers or in any other program that makes use of the most famous JS interpreters, such as Firefox, Google Chrome, Internet Explorer and Safari

AI, ML & Data Science

15/March/2023

Threats to Machine Learning-based Systems – Part 1 of 5

Risks and Vulnerabilities Introduced by Machine Learning

Web Application Security

01/March/2023

Web cache poisoning – a practical approach

The web cache poisoning vulnerability involves the possibility of using the cache services to deliver malicious pages to the clients of a website

THREAT INTELLIGENCE

15/February/2023

Use of Google Ads and SEO Poisoning for malware dissemination

Tempest's Threat Intelligence team has identified in the last 3 months a significant increase in the adoption of Google Ads and SEO Poisoning techniques for the dissemination of several threats, most notably IcedID, Gootkit Loader and the Rhadamanthys, Vidar, Raccoon and RedLine stealers

Corporate Security

01/February/2023

Cloud Security to Reduce the Impact of Shadow-IT

It is estimated that 97% of cloud applications are not being managed, making the visibility of these applications difficult for security teams

18/January/2023

Fraud in E-commerces – Brazilian Perspective

The success of e-commerces in Brazil is unquestionable and, of course, carries the same burden of fraud growth. In 2021, for example, there was a loss of more than BRL 7 billion related to fraud attempts, an increase of 100% compared to the previous year

05/January/2023

Methodology for Security Analysis in Operating Systems from the Compliance Management Perspective

These vulnerable environment scenarios are part of the reality experienced by security teams, who work on the daily assessment of systems in order to protect assets from vulnerabilities that affect critical devices or systems in companies

THREAT INTELLIGENCE

20/December/2022

New Chaes campaign uses Windows Management Instrumentation Command-Line Utility

Tempest's Threat Intelligence team recently identified a new campaign by the Chaes malware operators, in which there's a heavy use of Windows Management Instrumentation Command-Line Utility (WMIC) during the infection phase and in the theft of victim data

Software Security

09/December/2022

A Study on C Integers

From January up until August 2022, MITRE has already registered 96 CVEs (common vulnerabilities and exposures) involving integers. Therefore, this is a subject that requires attention

Corporate Security

24/November/2022

The dangers of Shadow It – and CASB’s role in protecting the environment

There was a time when people considered that data would always be safe behind applications, which were considered to be heavily protected

Detection Engineering

09/November/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 5 of 5

Intrusion Detection using Generative Adversarial Networks

Detection Engineering

26/October/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 4 of 5

Intrusion Detection using Autoencoders

Detection Engineering

13/October/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 3 of 5

One-Class Novelty Detection Intrusion Detection Systems

Vulnerability Disclosure

30/September/2022

CVE-2022-2863: WordPress plugin WPvivid Backup in version 0.9.76 and lower, allows reading of arbitrary files from server

Developers of the plugin have patched and released an update correcting the glitch in a later version

Cloud & Platform Security

14/September/2022

Attacks via Misconfiguration on Kubernetes Orchestrators

Kubernetes makes it easy to create, delete, and manage these containers. With just one command, you can replicate the action on all the required containers

Web Application Security

01/September/2022

Cross-site Scripting (XSS), variants and correction

Constantly mentioned in the OWASP Top Ten, the XSS makes it possible to hijack sessions, modify the application, redirect to malicious websites and more. Here we will cover the concepts and how to prevent it from happening in our applications

Detection Engineering

18/August/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 2 of 5

Clustering-Based Unsupervised Intrusion Detection Systems

Software Security

05/August/2022

Compromise Indicators in incident detection and false positive reduction in practice

Given the complexity and advance of threats to computing environments, such as the spread of ransomware attacks that have been growing in recent years (KENNEALLY, 2021), analyzing threats thoroughly and intelligently is crucial

Detection Engineering

20/July/2022

MISP Broker

Tempest's team of researchers develop and share a tool to assist in activities carried out by defensive security analysts

THREAT INTELLIGENCE

11/July/2022

Stealers, access sales and ransomware: supply chain and business models in cybercrime

Although incidents arising from such activities happen mostly in the computational universe, their impacts are not restricted to the digital world, and can affect people, institutions, cities, or even countries

Detection Engineering

23/June/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 1 of 5

Signature vs. Anomaly-Based Intrusion Detection Systems

Cloud & Platform Security

08/June/2022

Unwanted Permissions that may impact security when using the ReadOnlyAccess policy in AWS

With this initial analysis, Tempest researchers identified at least 41 actions that can lead to improper data access

Vulnerability Disclosure

25/May/2022

CVE-2021-46426: phpIPAM 1.4.4 allows reflected XSS and CSRF via subnets functionality

Its version 1.4.4 is vulnerable to Reflected Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks

Vulnerability Disclosure

25/May/2022

CVE-2021-30140: XSS Vulnerability Detection in Liquid Files

LiquidFiles 3.4.15 has stored XSS via "send email" functionality when emailing a file to an administrator.

THREAT INTELLIGENCE

02/May/2022

Mekotio banking trojan identified in a new campaign against Brazilian account holders

The Trojan, which supposedly originated in Brazil, has divided its infection process into multiple stages in order to make the work of malware analysts more difficult

Cybersec Customer Success

26/April/2022

Information Security: Policies for Clean Desks and Screens

Information security (IS) is directly related to protecting a set of information, in the sense of preserving the value it holds for an individual or an organization

22/April/2022

Facial Biometrics: Major Attacks and Mitigations

As with every major new development in the security market, this explosion of systems based on facial biometrics has been followed by new and increasingly sophisticated forms of fraud

Web Application Security

25/March/2022

HTTP Method Override – what it is and how a pentester can use it

How this technique can help potential attackers bypass security measures based on HTTP methods

Corporate Security

09/February/2022

Data Leak Prevention Intelligence

In this article, the focal point is to present a more conceptual view of the subject for those who have already taken the first plunge into the information security field

Cloud & Platform Security

25/January/2022

Unauth root account email discovery with AWS organizations

From the information previously discovered, it's possible to get equipped with information to carry out the next phases and moves of the attack

Corporate Security

12/January/2022

Evaluate, Direct and Monitor – governance goals according to the ISACA COBIT 2019 framework in the context of Managed Detection and Response (MDR)

This article aims to comprehensively address the responsibilities and competences of an IT governance system in the organization

Cybersec Customer Success

21/December/2021

A philosophy for quality customer service in the information security market

This article addresses this scenario and shares some proposals for achieving this goal

Software Engineering

17/December/2021

A Web Accessibility: how to modify our projects today

In this blogpost, we'll address directions and techniques that can be incorporated into our web projects

Vulnerability Management

17/November/2021

How intelligence data can help manage vulnerabilities

With the large number of vulnerabilities detected, the question is: how to prioritize what to fix first?

Detection Engineering

03/November/2021

Providing Visibility, Monitoring, and Anomaly Detection with FleetDM and Osquery

Nowadays, there is a concern about security and its monitoring

Cloud & Platform Security

28/October/2021

Enumerating Services in AWS Accounts in an Anonymous and Unauthenticated Manner

In recent research, we adjusted a enumeration technique used for years to map services on a AWS account to just its account id and with unauthenticated form

22/October/2021

Cobalt Strike: Infrastructure Analysis

In a recent review, we described and offered pointers on the most common configurations of this tool, which is one of the most used by criminals

Data Engineering

21/October/2021

Data anonymization: what, why and how is it done?

An introduction to the need, concept and application of Data Anonymization techniques in times where information is golden and plentiful everywhere.

Detection Engineering

13/October/2021

Unveiling the SIGMA (YAML) for Detection Engineering

Sigma Rules: A Format for Composing Your Discovery Use Case Library

05/October/2021

Fake stores: how Brazilian criminals use SPAM services to boost fake stores

Evidence from fraud groups reveals a wide variety of services used to disseminate malicious campaigns

Cybersec Customer Success

15/September/2021

Tracking the customer journey in search of strategic data for both the customer and the provider

Nesse artigo, vamos caminhar juntos e entender a jornada do cliente em Customer Success, com o objetivo de deixar clara a importância de um relacionamento personalizado com o cliente, e de ter sua jornada percorrida de forma plena.

Corporate Security

01/September/2021

DLP technology making your life easier in achieving compliance with major market standards and regulations

How to prevent sensitive and/or company-valued data from leaking out of the organization, regardless of the reason

Web Application Security

18/August/2021

URL Filter Subversion

How failures related to validating conditions based on URLs can lead to security issues

Software Engineering

04/August/2021

Making it easy to generate GraphQL APIs with Hasura

Learn how to use plug-and-play with Postgres database schema

22/July/2021

A Background on DNS over HTTPS and discussions about its implementation

The DoH is the protocol that aims to provide greater privacy to users browsing the Internet

14/July/2021

LOLBins: how native tools are used to make threats stealthier

Over the years, operating systems' native tools have become both popular and a preponderant mechanisms in the attackers hands whom combine them with malwares

02/July/2021

SideChannel: content generation as a driving force in the development of cybersecurity

With the constant growth of cyber-attacks, sharing knowledge in the area of cybersecurity becomes essential

Software Engineering

23/June/2021

How to create a project with React?

It is necessary to think about everything, in order to structure a project: from folders organization to the coding language to be used, besides tolls and frameworks that will help in its developement

10/June/2021

An overview of the main WhatsApp scams and ways to protect yourself

WhatsApp cloning still is one of the biggest applied scam

Reverse Engineering

26/May/2021

USER-STACK: Essential knowledge to Memory Corruption study

Study on User-Stack principles in Windows and its defense and attack aspects

Software Engineering

12/May/2021

Creating an API with NestJS

Presenting an option to create backends using JavaScript/TypeScript in an organized and easy to maintain way

03/May/2021

Impostor Attendant: How criminals use famous brands to deceive users on social networks

Recent campaigns rekindle discussions about the malicious use of social networks

Application Security

30/April/2021

ASCII to UTF-8 Encoding

It's a usual encode issue presents a character in the middle of a word

16/April/2021

New banking trojan is identified in campaigns against Brazilian account holders

Named SLKRat by Tempest, the malware uses the screen overlay technique to steal bank information

Web Application Security

31/March/2021

Common problems in bad implementations of business rules and absence of data validation – Part 1

This is the first in a series of publications about security flaws in two-factor authentication implementations.

Cloud & Platform Security

12/March/2021

Good security practices using Docker

Security must be considered at all levels of a project, from code development to the infrastructure where it will run.

03/March/2021

Jupyter Notebooks for fun and cryptomining

Criminals are taking advantage of weaknesses in the data science tool to mine cryptocurrencies

Web Application Security

24/February/2021

SQL Injection: There was a comma halfway

How to efficiently exploit a Blind SQL Injection when the vulnerable application removes the character “,” (comma) from the request?

11/February/2021

New Astaroth techniques focus on anti-detection measures

Trojan started to exploit websites vulnerable to Cross-Site Scripting attacks and to use the finger command for remote execution of malicious code.

Software Security

27/January/2021

Is it possible to design a good user experience without giving up security?

When we build a safe product for the user, we are also assigning security and less damage to the business.

Web Application Security

18/January/2021

Access Control Flaws in Web Applications

If there is a vulnerability, an attacker could compromise the application completely

Web Application Security

31/December/2020

Server Side Request Forgery — Attack and Defense

Also known as SSRF, is a vulnerability that allows an attacker to make requests through a vulnerable server

09/December/2020

New Vadokrist Trojan campaign uses Pix as phishing bait

The threat affects customers of major Brazilian banks, using the DLL Injection technique in its infection process and misusing GitHub

Web Application Security

19/November/2020

A long time ago, in a web far away, the SQL Injection appeared

Understand how the SQL Injection works and how to protect yourself against it

Web Application Security

06/November/2020

Let’s go with Cross Site Request Forgery?

According to a survey carried out by OWASP in 2013, CSRF was on the list of the 10 most common vulnerabilities founded in Web applications.

Application Security

14/October/2020

HTML to PDF converters, can I hack them?

Our goal here was to investigate what kind of vulnerabilities can be inserted in a software through the use of libraries with the above mentioned functionality

Application Security

30/September/2020

Brute Force Attacks: Protection and Mitigation Measures

Any system that interacts with the internet must be prepared to defend itself from a large arsenal of techniques and attacks

Software Security

16/September/2020

Safe development practices for agile teams

With increasingly tight deadlines for software projects, agile methodologies have been widely used in the area

Hardware/Embedded

02/September/2020

The danger of using the Wifi module ESP8266 to create a backdoor

We will detail the necessary steps to perform the firmware upload correctly

Application Security

19/August/2020

Mimikatz: Mitigating credential theft attacks

The tool has become indispensable in the arsenal used by both pentesters and attackers and malware in real compromising scenarios

Vulnerability Disclosure

06/August/2020

Path Traversal Vulnerability in SecurEnvoy impacts on remote command execution through file upload

Attacks of this type consist of the possibility of traversing directories outside and/or inside the root of the application, thus allowing access to other files or folders in an arbitrary manner

23/July/2020

Analyzing some defense mechanisms in mobile browsers

For many internet users, browsers have become a fundamental part of our daily lives

13/July/2020

Cybersecurity in Healthcare in the midst of crisis

COVID-19 Series: Key Topics to Combat Cyberattacks Taking Place in Hospitals During the Pandemic

08/July/2020

Cryptography: Applications to ensure your privacy

It guarantees that the confidentiality of the data can be assured, either in its storage or in its communication process

Vulnerability Disclosure

23/June/2020

DLL Hijacking at the Trend Micro Password Manager (CVE-2020–8469)

We will briefly present some basic concepts on the subject, as well as the demonstration of this vulnerability in Trend Micro Password Manager

18/June/2020

Tactics, techniques, and pointers on recent major Double Extortion threats

An overview of the actions of the groups operating the Maze, Snake, RagnarLocker, Clop, REvil (Sodinokibi), Netwalker (Mailto), DoppelPaymer, and Nefilim ransomwares

Reverse Engineering

11/June/2020

BA AD F0 0D: Using memory debug code as an anti-debugging technique

New anti-debugging techniques are always welcome

08/May/2020

Double Extortion: Data leak combined with ransomware have increased in recent weeks

Criminals use various techniques to extract sensitive data and sabotage the environment, requiring payment to prevent leaks

09/April/2020

Bringing Zoom Safety into Perspective

COVID-19 series: an analysis of the latest incidents involving the security of the product

Corporate Security

25/March/2020

The strategies behind the new coronavirus-themed attacks

COVID-19 series: old scams in new packaging

Corporate Security

19/March/2020

The bare minimum of cybersecurity you need to consider when building an infrastructure in a hurry

COVID-19 Series: What topics to prioritize and a few free resources and information providers

Corporate Security

16/March/2020

Cybersecurity in the home office in times of coronavirus: a question of coresponsibility

COVID-19 series: tips for protecting company data in your home environment

Vulnerability Disclosure

11/March/2020

Vulnerability in Avast Secure Browser enables escalation of privileges on Windows

Exploitation abuses the hardlinks feature, which represents the file content on the NTFS system

Corporate Security

03/March/2020

Case Study — Symantec DLP — Endpoint Environment

Analysis of the environment and problems found

Web Application Security

10/February/2020

Once upon a time an account enumeration

Identifying valid users in a variety of conditions and ways to protect your systems from this threat

Software Security

24/January/2020

For less Gandalfs and more John Wicks (or, for less magic frameworks and more software engineering)

Go is a relatively new language, similar to C but with memory safe, garbage collection, structural typing…

Web Application Security

07/January/2020

The Cypher Injection Saga

From descriptive error to BURP extension

12/December/2019

Evil Maid: Attack on computers with encrypted disks

The attack allows to obtain data stored on a disk or even to gain remote access to the victim’s computer

05/December/2019

Brazilian fraudsters are using a distributed tool to obtain CVV data

Tactic has been used both against legitimate e-commerce websites under the control of the attacker, and against payment gateways

Software Security

26/November/2019

Consuming APIs with Flutter and Redux | Walk through

Most of people only meet Redux when they bump into React, and internalize the architecture as a React thing

23/November/2019

New HydraPOS malware dashboard has been identified with data from over 100,000 credit cards

Variant of the threat, described by Tempest in 2017, remains in full operation and has dozens of targets in Brazil

Corporate Security

12/November/2019

Information Security Risk Management — Analytical Thinking

A brief risk management analysis based on ISO / IEC 27005: 2011 — Information Technology — Security Techniques — Information Security Risk Management

Web Application Security

29/October/2019

A Burp plugin that automates failure detection in the HTML development process

The idea of creating another extension for Burp came up in one of the editions of “Na Beira do Rio”

15/October/2019

Cloud Migration: what to consider from a cybersecurity perspective

Keeping cloud data secure requires as much or more care and control than data stored on premises

01/October/2019

Phishing campaign spreads malware to Facebook users in Brazil and Mexico

Sponsored ads offered discount coupons to distribute a malicious Chrome extension, among other threats

17/September/2019

Research identifies tool used to extract and manipulate email attachments

Offered in social networks, tool also allows to validate email credentials

05/September/2019

A brief analysis of data compression security issues

Many applications compress data before it is encrypted, which, in some cases, may compromise the confidentiality of the transmitted data

Vulnerability Disclosure

20/August/2019

Trend Micro Maximum Security 2019 vulnerability allows for privilege escalation attacks on Windows

Discovered by Tempest analyst, the flaw had a fix released last week

Software Security

14/August/2019

Adequately using relational database privileges in migration tasks

How to improve security in the database access using the Principle of Least Privilege

Vulnerability Disclosure

31/July/2019

Vulnerability in Avira Security Suite enables for privilege escalation attacks

The flaw is present in a file which, by default, has open access and control permissions for all Windows users

Vulnerability Disclosure

16/July/2019

Tempest identifies weakness in Microsoft security service

By exploiting the vulnerability, an attacker can deliver malicious files via email

24/May/2019

Tempest discovers fraud campaign that amassed 2 million payment card data

Malware was installed in 2,600 points of sale of commercial businesses throughout Brazil

27/March/2019

GUP: banking malware campaign affects account holders of nine Brazilian institutions

Threat is based on overlaying the Internet Banking screen to perform fraudulent transactions while the user accesses the bank’s website

Vulnerability Disclosure

18/December/2018

Critical vulnerability is identified in Aligera products

The vulnerability allows an attacker to gain full control of the device

29/November/2018

FBI closes multi-million dollar ad-fraud scheme

The campaign infected more than 1.7 million computers to generate fake clicks

27/November/2018

Botnet Bushido has increased activity detected

This variant would be used in DDoS rental services

26/November/2018

Campaign disseminates banking trojan for clients of Brazilian banks

The malware has evasive features that circumvent anti-virus systems and use advanced screen overlay techniques

19/November/2018

Dodge game: a story about document fraud

It is a job that depends essentially on digital resources

12/November/2018

Vulnerable Adobe ColdFusion servers are targeted by cybercriminals

Cybercriminals have used reverse engineering in an Adobe patch in search for vulnerabilities to exploit

07/November/2018

Malware campaign in Brazil uses legitimate Windows components

Campaign uses WMI and CertUtil functions to attack its victims

06/November/2018

Soon, CVSS scores will be assigned by AI

NIST is evaluating the use of IBM Watson to perform the task

05/November/2018

More than half of SMBs have experienced some security breach in the last year

Phishing and Malware are the most common attacks

01/November/2018

POS devices have several flaws that allow for different types of attacks

Vulnerabilities were found in more than half of the major mobile POS tested terminals

29/October/2018

jQuery File Upload: plugin flaw leaves thousands of vulnerable websites

Flaw was introduced when Apache disabled security control of .htacceess files

25/October/2018

Another Windows Zero-Day vulnerability is disclosed on Twitter

New flaw allows for deletion of critical system data and privilege escalation

24/October/2018

Cisco and F5 Networks Assess Impact of Vulnerability on Libssh

Flaw related to encoding error affects library version 0.6.0

23/October/2018

Two critical vulnerabilities have been found on NAS devices

Flaws are present on WD My Book, NetGear Stora, SeaGate Home and NAS Medion LifeCloud devices

22/October/2018

13 flaws in the Amazon FreeRTOS IoT operating system are found

Attackers can take complete control of the system

22/October/2018

Chrome 70 optimizes privacy and fixes 23 vulnerabilities

Google paid more than $ 20,000 in rewards to researchers reporting flaws

04/September/2018

Garage scheme: scam affects vehicle financing

A gang carried out a fraud against financial institutions

28/August/2018

Fake stores, “boletos” and WhatsApp: Uncovering a Phishing-as-a-Service operation

This activity relies on platforms that sell fake e-commerce (fake stores)

21/August/2018

Domain Redirection Attack on Brazilian Banks Affects Intelbras Routers

The exposure of these access credentials is due to a vulnerability published in 2015

20/August/2018

Hakai botnet shows signs of intense activity in Latin America

This botnet has been detected by our sensors 134 times just this month

01/August/2018

New attempts to attack D-Link devices in Brazil are detected

Tempest monitoring team identified the activity of 11 botnets attempting to exploit device flaws

25/July/2018

New variant of the Mirai botnet has activity detected in Brazil

Botnet tries to exploit vulnerabilities in routers and monitoring systems

20/June/2018

New laws in Europe and the US could threaten Internet fundamentals, experts say

None of them is getting the same attention from the market as GDPR

19/April/2018

Chinese government surveillance app is vulnerable to MITM attacks

In a report released last week, the Open Technology Fund (OTF) stated that the JingWang app does not protect users’ private information; and, besides that, it is vulnerable to man-in-the-middle attacks

09/April/2018

Do we need to discuss Bitcoin’s impact on global energy production and consumption?

Is there any reason for this concern? And, above all: is there enough data to come to any conclusion?

28/March/2018

A false Android app is being used to spy on Iranian citizens

The malware used in this campaign infects Android users through a fake version of a VPN application called Psiphon

Vulnerability Disclosure

20/March/2018

Hola VPN software flaw could lead to privilege escalation

If exploited, the vulnerability allows for privilege escalation in the operating system, allowing the attacker to get full control over the victim’s computer

Vulnerability Disclosure

05/March/2018

Rapid SCADA: Industrial system has elementary flaw in access control

The flaw allows the system to become a bridge to access critical infrastructures

20/February/2018

Cyber security: how old and new problems place companies in a “state of attention”

Noticing that security is inserted among such important issues for society does not come as a surprise

08/February/2018

EZ-Security joins Tempest creating Brazil’s largest cyber security specialized company

We can now offer our customers and partners the largest and most comprehensive portfolio of products and services

01/February/2018

One third of the Internet was under DoS attack, according to study

Six university researchers shed some light on this type of attack

16/January/2018

New threats expose risk of attacks on satellite communication systems on ships

These vulnerabilities would allow access to internal systems of offshore vessels

Vulnerability Disclosure

08/January/2018

Password manager flaw allows for arbitrary command execution

The flaw was found in the latest version of the software (4.9.3)

Corporate Security

03/November/2017

Risks involving supply chain attacks

We will look at some threats that abuse the supply chain and also address some of the consequences faced by organizations that have been victims of this type of attack

18/October/2017

HydraPOS — Operation of Brazilian fraudsters has accumulated, at least, 1.4 million card data

Fraud scheme went unnoticed for four years, targeting several merchants in Brazil

25/September/2017

Digital advertising tools are being used to disseminate phishing campaigns

The discovery is the result of research being conducted at El Pescador since 2016

13/September/2017

Artificial Intelligence techniques can be used to automate false reviews on websites, study suggests

The technique is presented as the next evolution of a practice known as “crowdturfing”

04/September/2017

Conceptual attack uses replacement parts to take control of mobile devices

Two initial attacks are described in the study, both happened after the exchange of an original touchscreen module with a malicious version

21/July/2017

Tempest is a co-author of the “Best Practices in Fraud Prevention” guide for the digital advertising industry

The event was part of a series of actions promoted by the IAB, which aims to make advertisers aware of the responsibility of require transparency regarding the investments made in digital advertising

30/June/2017

Study assesses risks and implications of cyber attacks on nuclear defense systems

Document examines the possibilities of cyberattack to the Trident— britain nuclear deterrent program

23/June/2017

Data leakage is the theme of El Pescador’s new simulated phishing campaign

Cyber threats are constantly being renewed as cybercriminals develop increasingly sophisticated techniques to achieve their goals

16/June/2017

Pacemakers may be vulnerable to cyberattacks, study finds

More than 8,000 vulnerabilities have been discovered in several models. In the UK the number of implanted devices exceeds 400 per million inhabitants

05/June/2017

Android: failures that are beyond the code

In which ways the appropriation of the Android ecosystem affects its security

26/May/2017

A time bomb: the challenge to fight fraud in the digital advertising industry

The HummingBad is one among the various activities that continually harm the digital advertising industry

26/May/2017

Increase in ‘CEO Fraud’ attacks highlights risks to corporate environments

The number of BEC (Business Email Compromise) attacks has grown about 55% in 2015 in comparison with the previous year

26/May/2017

Ransomware recent developments and threats

New threats, spike in infections and attacks against the healthcare industry

26/May/2017

Malvertising — recent developments on tactics and techniques

Performing Malvertising attacks has already become an established technique in the modus operandi of several cyber crime rings

26/May/2017

Exploit Kits: The current revival of an old tool that became trend

The first campaign that used an EK was spotted a decade ago and it used code that exploited a ‘0-day’ vulnerability in Internet Explorer

18/May/2017

Inspeckage, mobile application software analysis, has Tempest’s official support

This stamp represents the partnership between Tempest and Antonio Martins, developer of the tool and mobile application anaylsis specialist

12/May/2017

WannaCry ransomware spreads around the world and impacts large enterprises

The malware has the behavior of a worm, infecting vulnerable computers that allow connections through Server Message Block (SMB) and Remote Desktop Protocol (RDP) connections

09/May/2017

GE patches up vulnerability that allows remote power grids shutdown

Cyberattacks aimed at infrastructure were considered to be costly, requiring a great amount of resources and knowledge to execute

03/May/2017

Stolen “Orange is the New Black” episodes are leaked online. Attackers threaten other studios

The leak occurred after the company refused to pay a ransom of 50 bitcoin that the hacking group demanded in order to not disclose the videos

28/April/2017

Security incident on corporate chat tool HipChat may have exposed users data

It has affected their webservers and allowed others unauthorised access to user content

05/April/2017

USB-based malware raises suspicions of hostile attacks in air-gapped environments

The malware has self-protection features based on volume encryption using the AES128 algorithm, which also creates a single image that should prevent cloning the USB device

26/March/2017

Cyber war games exercises explained

Tempest Security Intelligence has created a unique methodology for running large-scale cyber war games exercises, which we call CYBERDRILL TM

14/March/2017

Steganography in Malvertising campaigns: attacks continue to improve

These attacks have been active at least since 2014 and contain steganography techniques in their execution

13/March/2017

Law enforcement agencies adapt proceedings against Dark Markets in Operation Hyperion

At the end of October, 2016, an international task force identified thousands of people involved in the buying and selling of illicit products and services in Dark Markets