DISCLOSURE POLICY WHITE MODE DARK MODE
  • EN
  • PT
Application Security, Web Application Security
16/April/2025

Overview of vulnerabilities in the implementation of the OAuth protocol

Although widely used by web applications, if implemented improperly, OAuth can lead to token hijacking, redirection to malicious applications and other possibilities. In this blogpost, we'll discuss some of the vulnerabilities inherent in improper implementation of the protocol and how to mitigate them.
Application Security, Cloud, Cloud & Platform Security
20/March/2025

Event injection in serverless architectures

This report is a study of serverless architecture and how this type of environment opens up a new range of injection attacks. This study provides an overview of the architecture, the range of its attack surface, how injection attacks occur and the possible impacts that this kind of vulnerability can bring.
THREAT INTELLIGENCE
14/February/2025

Rise in the use of remote monitoring and management software in malicious campaigns

Tempest researchers identify an increase in the use of RMM tools in campaigns targeting Brazil
Web Application Security
10/February/2025

Understanding the Edge Side Include Injection vulnerability

The vulnerability occurs through the injection of ESI fragments
THREAT INTELLIGENCE
10/February/2025

Gh0st RAT: malware active for 15 years is still used by threat operators

Find out how an open source RAT developed in 2008 is still relevant and has become the basis for different variants present in the most diverse campaigns.
Vulnerability Disclosure
15/July/2024

Cross-Site Scripting (XSS) vulnerabilities and direct unauthenticated access found in the LumisXP Framework

This publication focuses on the discovery of flaws that allow the execution of arbitrary scripts (HTML/JavaScript) and unauthorized access in applications using LumisXP, without the need for authentication
Web Application Security
17/June/2024

XSSi: An overview of the vulnerability in 2024

Largely overlooked by both developers and cybersecurity researchers, the vulnerability still represents a source of threat to individuals and businesses
THREAT INTELLIGENCE
10/April/2024

Understanding Ransomware-as-a-Service operations from an affiliate’s perspective

Affiliates are individuals or subgroups responsible for conducting intrusions into corporate networks, using as part of their arsenal resources provided by one or more ransomware operations to which they may be linked
Vulnerability Disclosure
28/February/2024

CVEs: Access control vulnerabilities found within Multilaser routers’ web management interface

This publication deals with the discovery of security flaws that may enable unauthorized access and control of Multilaser router configurations
Network Security
15/February/2024

What is DoS? How to defend yourself?

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks represent a constant threat to global enterprises, with alarming numbers of incidents. In addition to the direct losses caused by the interruption of services, companies face a new form of attack: Ransom DDoS (RDDoS), where attackers demand payment to cease attacks
Exploit Development
31/January/2024

AFL++ and an introduction to Feedback-Based Fuzzing

Many bugs found from fuzzing tests can be signs of serious vulnerabilities
Cloud & Platform Security
17/January/2024

Privilege escalation with IAM on AWS

Privilege escalation in AWS consists of having sufficient permissions for administrative access to an organization
Cyber-Physical Systems
28/December/2023

What is cryptojacking?

Understand the main points of the cryptojacking phenomenon, its origins, how it works and the consequences for individuals and organizations
Cloud
15/December/2023

The Art of Cloud Security: Proactive Detection of Configuration Errors

Implementing a mechanism that detects configuration faults and makes them visible to be handled by the administrators is an excellent alternative for reducing the attack surface on Cloud resources
AI, ML & Data Science
21/November/2023

Detecting bugs in source code with AI

Explore one of the techniques for detecting vulnerabilities through Functionally-similar yet Inconsistent Code (FICS), using static analysis to identify inconsistencies in code. Learn more about its customized representation and hierarchical clustering, revealing advantages, results, and potential improvements
Detection Engineering
25/October/2023

False positives in threat detection

Understand the need to create exceptions, adjust detection logic and rules, implement processes to handle alerts and manage false positives when identifying cyber threats
Intelligence
06/October/2023

Anti-flapping and correlation techniques in Zabbix to mitigate false positives in an SOC

Zabbix is a monitoring platform that offers flexibility in notifying issues in networks, servers, and services, aiming for SOC effectiveness. In this article, we address techniques to reduce false positives and alert flooding, including anti-flapping and logic correlation, strategies that enhance monitoring reliability
Cyber-Physical Systems
22/September/2023

Study of vulnerabilities in MIFARE Classic cards

Understand how RFID technology allows remote communication through electronic tags. Discover the details of MIFARE Classic cards, their structure, encryption and potential vulnerabilities
AI, ML & Data Science
08/September/2023

Detecting Anomalies using Machine Learning on Splunk

The identification of cyberattacks is crucial to safeguard networks and systems, but signature detection has its limitations. Therefore, the discovery of anomalies through machine learning is a promising approach
Hardware/Embedded
23/August/2023

Mapping vulnerabilities in amazon echo using alexa skills

How a malicious developer can use skills development tools to attack users
Malware
14/August/2023

Browser extensions: Friend or Foe?

How a supposedly harmless browser extension can harm you without you even knowing it
Web Application Security
14/August/2023

Pickles, Shorts and Jokers: A study on Java deserialization

Explore insecure deserialization in Java applications. Learn about serialization, deserialization, Magic Methods, and how attackers use gadgets to cause damage. Learn about mitigation measures and the importance of restricting deserialization to protect your application against this security vulnerability
Cloud & Platform Security
12/July/2023

The importance of establishing new perimeters surrounding the cloud

The addition of Single Points of Access (SOPs) for AWS aims to reduce vulnerability exploitation by using administrative users in AWS
THREAT INTELLIGENCE
20/June/2023

Stooge Accounts: the final link in cybercrime money laundering in Brazil

Investigation reveals the obscure trade in orange accounts: learn about the values, tactics and risks involved in this criminal practice used by fraudsters to receive money from financial fraud
Network Security
15/June/2023

The importance of a good configuration of IPv6 rules in the firewall

The importance of a good IPv6 firewall rule configuration is related to the need to protect an organization's network against potential vulnerabilities and attacks that may exploit the specific characteristics of the IPv6 protocol
Network Security
01/June/2023

Configuring SSH Certificate-Based Authentication

Authentication via SSH certificates improves security and offers flexibility and scalability. While its implementation can be complex and not supported by all SSH clients, it is considered an improvement over key or password authentication
Vulnerability Disclosure
18/May/2023

CVE-2023-27233: SQL Command Execution Vulnerability in Piwigo 13.5.0

Survey reveals weakness in the open source software, allowing the execution of arbitrary SQL commands
Vulnerability Disclosure
17/May/2023

CVE-2023-26876: SQL injection vulnerability found in Piwigo image management software

Security flaw may allow unauthorized access and retrieval of sensitive server data
AI, ML & Data Science
19/April/2023

Threats to Machine Learning-Based Systems – Part 2 of 5

In this post, we discuss how adversarial attacks affect the physical layer of the OSI model and may potentially shut down wireless communications, such as 5G, by focusing on a modulation classification application
Exploit Development
04/April/2023

Attacking JS engines: Fundamentals for understanding memory corruption crashes

It will be possible to better understand the Javascript structures in memory while executing code in browsers or in any other program that makes use of the most famous JS interpreters, such as Firefox, Google Chrome, Internet Explorer and Safari
AI, ML & Data Science
15/March/2023

Threats to Machine Learning-based Systems – Part 1 of 5

Risks and Vulnerabilities Introduced by Machine Learning
Web Application Security
01/March/2023

Web cache poisoning – a practical approach

The web cache poisoning vulnerability involves the possibility of using the cache services to deliver malicious pages to the clients of a website
THREAT INTELLIGENCE
15/February/2023

Use of Google Ads and SEO Poisoning for malware dissemination

Tempest's Threat Intelligence team has identified in the last 3 months a significant increase in the adoption of Google Ads and SEO Poisoning techniques for the dissemination of several threats, most notably IcedID, Gootkit Loader and the Rhadamanthys, Vidar, Raccoon and RedLine stealers
Corporate Security
01/February/2023

Cloud Security to Reduce the Impact of Shadow-IT

It is estimated that 97% of cloud applications are not being managed, making the visibility of these applications difficult for security teams
Community
18/January/2023

Fraud in E-commerces – Brazilian Perspective

The success of e-commerces in Brazil is unquestionable and, of course, carries the same burden of fraud growth. In 2021, for example, there was a loss of more than BRL 7 billion related to fraud attempts, an increase of 100% compared to the previous year
HARDENING
05/January/2023

Methodology for Security Analysis in Operating Systems from the Compliance Management Perspective

These vulnerable environment scenarios are part of the reality experienced by security teams, who work on the daily assessment of systems in order to protect assets from vulnerabilities that affect critical devices or systems in companies
THREAT INTELLIGENCE
20/December/2022

New Chaes campaign uses Windows Management Instrumentation Command-Line Utility

Tempest's Threat Intelligence team recently identified a new campaign by the Chaes malware operators, in which there's a heavy use of Windows Management Instrumentation Command-Line Utility (WMIC) during the infection phase and in the theft of victim data
Software Security
09/December/2022

A Study on C Integers

From January up until August 2022, MITRE has already registered 96 CVEs (common vulnerabilities and exposures) involving integers. Therefore, this is a subject that requires attention
Corporate Security
24/November/2022

The dangers of Shadow It – and CASB’s role in protecting the environment

There was a time when people considered that data would always be safe behind applications, which were considered to be heavily protected
Detection Engineering
09/November/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 5 of 5

Intrusion Detection using Generative Adversarial Networks
Detection Engineering
26/October/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 4 of 5

Intrusion Detection using Autoencoders
Detection Engineering
13/October/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 3 of 5

One-Class Novelty Detection Intrusion Detection Systems
Vulnerability Disclosure
30/September/2022

CVE-2022-2863: WordPress plugin WPvivid Backup in version 0.9.76 and lower, allows reading of arbitrary files from server

Developers of the plugin have patched and released an update correcting the glitch in a later version
Cloud & Platform Security
14/September/2022

Attacks via Misconfiguration on Kubernetes Orchestrators

Kubernetes makes it easy to create, delete, and manage these containers. With just one command, you can replicate the action on all the required containers
Web Application Security
01/September/2022

Cross-site Scripting (XSS), variants and correction

Constantly mentioned in the OWASP Top Ten, the XSS makes it possible to hijack sessions, modify the application, redirect to malicious websites and more. Here we will cover the concepts and how to prevent it from happening in our applications
Detection Engineering
18/August/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 2 of 5

Clustering-Based Unsupervised Intrusion Detection Systems
Software Security
05/August/2022

Compromise Indicators in incident detection and false positive reduction in practice

Given the complexity and advance of threats to computing environments, such as the spread of ransomware attacks that have been growing in recent years (KENNEALLY, 2021), analyzing threats thoroughly and intelligently is crucial
Detection Engineering
20/July/2022

MISP Broker

Tempest's team of researchers develop and share a tool to assist in activities carried out by defensive security analysts
THREAT INTELLIGENCE
11/July/2022

Stealers, access sales and ransomware: supply chain and business models in cybercrime

Although incidents arising from such activities happen mostly in the computational universe, their impacts are not restricted to the digital world, and can affect people, institutions, cities, or even countries
Detection Engineering
23/June/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 1 of 5

Signature vs. Anomaly-Based Intrusion Detection Systems
Cloud & Platform Security
08/June/2022

Unwanted Permissions that may impact security when using the ReadOnlyAccess policy in AWS

With this initial analysis, Tempest researchers identified at least 41 actions that can lead to improper data access
Vulnerability Disclosure
25/May/2022

CVE-2021-46426: phpIPAM 1.4.4 allows reflected XSS and CSRF via subnets functionality

Its version 1.4.4 is vulnerable to Reflected Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks
Vulnerability Disclosure
25/May/2022

CVE-2021-30140: XSS Vulnerability Detection in Liquid Files

LiquidFiles 3.4.15 has stored XSS via "send email" functionality when emailing a file to an administrator.
THREAT INTELLIGENCE
02/May/2022

Mekotio banking trojan identified in a new campaign against Brazilian account holders

The Trojan, which supposedly originated in Brazil, has divided its infection process into multiple stages in order to make the work of malware analysts more difficult
Cybersec Customer Success
26/April/2022

Information Security: Policies for Clean Desks and Screens

Information security (IS) is directly related to protecting a set of information, in the sense of preserving the value it holds for an individual or an organization
Mobile
22/April/2022

Facial Biometrics: Major Attacks and Mitigations

As with every major new development in the security market, this explosion of systems based on facial biometrics has been followed by new and increasingly sophisticated forms of fraud
Web Application Security
25/March/2022

HTTP Method Override – what it is and how a pentester can use it

How this technique can help potential attackers bypass security measures based on HTTP methods
Corporate Security
09/February/2022

Data Leak Prevention Intelligence

In this article, the focal point is to present a more conceptual view of the subject for those who have already taken the first plunge into the information security field
Cloud & Platform Security
25/January/2022

Unauth root account email discovery with AWS organizations

From the information previously discovered, it's possible to get equipped with information to carry out the next phases and moves of the attack
Corporate Security
12/January/2022

Evaluate, Direct and Monitor – governance goals according to the ISACA COBIT 2019 framework in the context of Managed Detection and Response (MDR)

This article aims to comprehensively address the responsibilities and competences of an IT governance system in the organization
Cybersec Customer Success
21/December/2021

A philosophy for quality customer service in the information security market

This article addresses this scenario and shares some proposals for achieving this goal
Software Engineering
17/December/2021

A Web Accessibility: how to modify our projects today

In this blogpost, we'll address directions and techniques that can be incorporated into our web projects
Vulnerability Management
17/November/2021

How intelligence data can help manage vulnerabilities

With the large number of vulnerabilities detected, the question is: how to prioritize what to fix first?
Detection Engineering
03/November/2021

Providing Visibility, Monitoring, and Anomaly Detection with FleetDM and Osquery

Nowadays, there is a concern about security and its monitoring
Cloud & Platform Security
28/October/2021

Enumerating Services in AWS Accounts in an Anonymous and Unauthenticated Manner

In recent research, we adjusted a enumeration technique used for years to map services on a AWS account to just its account id and with unauthenticated form
Intelligence
22/October/2021

Cobalt Strike: Infrastructure Analysis

In a recent review, we described and offered pointers on the most common configurations of this tool, which is one of the most used by criminals
Data Engineering
21/October/2021

Data anonymization: what, why and how is it done?

An introduction to the need, concept and application of Data Anonymization techniques in times where information is golden and plentiful everywhere.
Detection Engineering
13/October/2021

Unveiling the SIGMA (YAML) for Detection Engineering

Sigma Rules: A Format for Composing Your Discovery Use Case Library
Intelligence
05/October/2021

Fake stores: how Brazilian criminals use SPAM services to boost fake stores

Evidence from fraud groups reveals a wide variety of services used to disseminate malicious campaigns
Cybersec Customer Success
15/September/2021

Tracking the customer journey in search of strategic data for both the customer and the provider

Nesse artigo, vamos caminhar juntos e entender a jornada do cliente em Customer Success, com o objetivo de deixar clara a importĂąncia de um relacionamento personalizado com o cliente, e de ter sua jornada percorrida de forma plena.
Corporate Security
01/September/2021

DLP technology making your life easier in achieving compliance with major market standards and regulations

How to prevent sensitive and/or company-valued data from leaking out of the organization, regardless of the reason
Web Application Security
18/August/2021

URL Filter Subversion

How failures related to validating conditions based on URLs can lead to security issues
Software Engineering
04/August/2021

Making it easy to generate GraphQL APIs with Hasura

Learn how to use plug-and-play with Postgres database schema
Intelligence
22/July/2021

A Background on DNS over HTTPS and discussions about its implementation

The DoH is the protocol that aims to provide greater privacy to users browsing the Internet
Intelligence
14/July/2021

LOLBins: how native tools are used to make threats stealthier

Over the years, operating systems' native tools have become both popular and a preponderant mechanisms in the attackers hands whom combine them with malwares
News
02/July/2021

SideChannel: content generation as a driving force in the development of cybersecurity

With the constant growth of cyber-attacks, sharing knowledge in the area of cybersecurity becomes essential
Software Engineering
23/June/2021

How to create a project with React?

It is necessary to think about everything, in order to structure a project: from folders organization to the coding language to be used, besides tolls and frameworks that will help in its developement
Intelligence
10/June/2021

An overview of the main WhatsApp scams and ways to protect yourself

WhatsApp cloning still is one of the biggest applied scam
Reverse Engineering
26/May/2021

USER-STACK: Essential knowledge to Memory Corruption study

Study on User-Stack principles in Windows and its defense and attack aspects
Software Engineering
12/May/2021

Creating an API with NestJS

Presenting an option to create backends using JavaScript/TypeScript in an organized and easy to maintain way
Intelligence
03/May/2021

Impostor Attendant: How criminals use famous brands to deceive users on social networks

Recent campaigns rekindle discussions about the malicious use of social networks
Application Security
30/April/2021

ASCII to UTF-8 Encoding

It's a usual encode issue presents a character in the middle of a word
Intelligence
16/April/2021

New banking trojan is identified in campaigns against Brazilian account holders

Named SLKRat by Tempest, the malware uses the screen overlay technique to steal bank information
Web Application Security
31/March/2021

Common problems in bad implementations of business rules and absence of data validation – Part 1

This is the first in a series of publications about security flaws in two-factor authentication implementations.
Cloud & Platform Security
12/March/2021

Good security practices using Docker

Security must be considered at all levels of a project, from code development to the infrastructure where it will run.
Intelligence
03/March/2021

Jupyter Notebooks for fun and cryptomining

Criminals are taking advantage of weaknesses in the data science tool to mine cryptocurrencies
Web Application Security
24/February/2021

SQL Injection: There was a comma halfway

How to efficiently exploit a Blind SQL Injection when the vulnerable application removes the character “,” (comma) from the request?
Intelligence
11/February/2021

New Astaroth techniques focus on anti-detection measures

Trojan started to exploit websites vulnerable to Cross-Site Scripting attacks and to use the finger command for remote execution of malicious code.
Software Security
27/January/2021

Is it possible to design a good user experience without giving up security?

When we build a safe product for the user, we are also assigning security and less damage to the business.
Web Application Security
18/January/2021

Access Control Flaws in Web Applications

If there is a vulnerability, an attacker could compromise the application completely
Web Application Security
31/December/2020

Server Side Request Forgery — Attack and Defense

Also known as SSRF, is a vulnerability that allows an attacker to make requests through a vulnerable server
Intelligence
09/December/2020

New Vadokrist Trojan campaign uses Pix as phishing bait

The threat affects customers of major Brazilian banks, using the DLL Injection technique in its infection process and misusing GitHub
Web Application Security
19/November/2020

A long time ago, in a web far away, the SQL Injection appeared

Understand how the SQL Injection works and how to protect yourself against it
Web Application Security
06/November/2020

Let’s go with Cross Site Request Forgery?

According to a survey carried out by OWASP in 2013, CSRF was on the list of the 10 most common vulnerabilities founded in Web applications.
Application Security
14/October/2020

HTML to PDF converters, can I hack them?

Our goal here was to investigate what kind of vulnerabilities can be inserted in a software through the use of libraries with the above mentioned functionality
Application Security
30/September/2020

Brute Force Attacks: Protection and Mitigation Measures

Any system that interacts with the internet must be prepared to defend itself from a large arsenal of techniques and attacks
Software Security
16/September/2020

Safe development practices for agile teams

With increasingly tight deadlines for software projects, agile methodologies have been widely used in the area
Hardware/Embedded
02/September/2020

The danger of using the Wifi module ESP8266 to create a backdoor

We will detail the necessary steps to perform the firmware upload correctly
Application Security
19/August/2020

Mimikatz: Mitigating credential theft attacks

The tool has become indispensable in the arsenal used by both pentesters and attackers and malware in real compromising scenarios
Vulnerability Disclosure
06/August/2020

Path Traversal Vulnerability in SecurEnvoy impacts on remote command execution through file upload

Attacks of this type consist of the possibility of traversing directories outside and/or inside the root of the application, thus allowing access to other files or folders in an arbitrary manner
Mobile
23/July/2020

Analyzing some defense mechanisms in mobile browsers

For many internet users, browsers have become a fundamental part of our daily lives
Community
13/July/2020

Cybersecurity in Healthcare in the midst of crisis

COVID-19 Series: Key Topics to Combat Cyberattacks Taking Place in Hospitals During the Pandemic
Cryptography
08/July/2020

Cryptography: Applications to ensure your privacy

It guarantees that the confidentiality of the data can be assured, either in its storage or in its communication process
Vulnerability Disclosure
23/June/2020

DLL Hijacking at the Trend Micro Password Manager (CVE-2020–8469)

We will briefly present some basic concepts on the subject, as well as the demonstration of this vulnerability in Trend Micro Password Manager
Intelligence
18/June/2020

Tactics, techniques, and pointers on recent major Double Extortion threats

An overview of the actions of the groups operating the Maze, Snake, RagnarLocker, Clop, REvil (Sodinokibi), Netwalker (Mailto), DoppelPaymer, and Nefilim ransomwares
Reverse Engineering
11/June/2020

BA AD F0 0D: Using memory debug code as an anti-debugging technique

New anti-debugging techniques are always welcome
Intelligence
08/May/2020

Double Extortion: Data leak combined with ransomware have increased in recent weeks

Criminals use various techniques to extract sensitive data and sabotage the environment, requiring payment to prevent leaks
Community
09/April/2020

Bringing Zoom Safety into Perspective

COVID-19 series: an analysis of the latest incidents involving the security of the product
Corporate Security
25/March/2020

The strategies behind the new coronavirus-themed attacks

COVID-19 series: old scams in new packaging
Corporate Security
19/March/2020

The bare minimum of cybersecurity you need to consider when building an infrastructure in a hurry

COVID-19 Series: What topics to prioritize and a few free resources and information providers
Corporate Security
16/March/2020

Cybersecurity in the home office in times of coronavirus: a question of coresponsibility

COVID-19 series: tips for protecting company data in your home environment
Vulnerability Disclosure
11/March/2020

Vulnerability in Avast Secure Browser enables escalation of privileges on Windows

Exploitation abuses the hardlinks feature, which represents the file content on the NTFS system
Corporate Security
03/March/2020

Case Study — Symantec DLP — Endpoint Environment

Analysis of the environment and problems found
Web Application Security
10/February/2020

Once upon a time an account enumeration

Identifying valid users in a variety of conditions and ways to protect your systems from this threat
Software Security
24/January/2020

For less Gandalfs and more John Wicks (or, for less magic frameworks and more software engineering)

Go is a relatively new language, similar to C but with memory safe, garbage collection, structural typing

Web Application Security
07/January/2020

The Cypher Injection Saga

From descriptive error to BURP extension
Cryptography
12/December/2019

Evil Maid: Attack on computers with encrypted disks

The attack allows to obtain data stored on a disk or even to gain remote access to the victim’s computer
Intelligence
05/December/2019

Brazilian fraudsters are using a distributed tool to obtain CVV data

Tactic has been used both against legitimate e-commerce websites under the control of the attacker, and against payment gateways
Software Security
26/November/2019

Consuming APIs with Flutter and Redux | Walk through

Most of people only meet Redux when they bump into React, and internalize the architecture as a React thing
Intelligence
23/November/2019

New HydraPOS malware dashboard has been identified with data from over 100,000 credit cards

Variant of the threat, described by Tempest in 2017, remains in full operation and has dozens of targets in Brazil
Corporate Security
12/November/2019

Information Security Risk Management — Analytical Thinking

A brief risk management analysis based on ISO / IEC 27005: 2011 — Information Technology — Security Techniques — Information Security Risk Management
Web Application Security
29/October/2019

A Burp plugin that automates failure detection in the HTML development process

The idea of ​​creating another extension for Burp came up in one of the editions of “Na Beira do Rio”
Cloud
15/October/2019

Cloud Migration: what to consider from a cybersecurity perspective

Keeping cloud data secure requires as much or more care and control than data stored on premises
Intelligence
01/October/2019

Phishing campaign spreads malware to Facebook users in Brazil and Mexico

Sponsored ads offered discount coupons to distribute a malicious Chrome extension, among other threats
Intelligence
17/September/2019

Research identifies tool used to extract and manipulate email attachments

Offered in social networks, tool also allows to validate email credentials
Cryptography
05/September/2019

A brief analysis of data compression security issues

Many applications compress data before it is encrypted, which, in some cases, may compromise the confidentiality of the transmitted data
Vulnerability Disclosure
20/August/2019

Trend Micro Maximum Security 2019 vulnerability allows for privilege escalation attacks on Windows

Discovered by Tempest analyst, the flaw had a fix released last week
Software Security
14/August/2019

Adequately using relational database privileges in migration tasks

How to improve security in the database access using the Principle of Least Privilege
Vulnerability Disclosure
31/July/2019

Vulnerability in Avira Security Suite enables for privilege escalation attacks

The flaw is present in a file which, by default, has open access and control permissions for all Windows users
Vulnerability Disclosure
16/July/2019

Tempest identifies weakness in Microsoft security service

By exploiting the vulnerability, an attacker can deliver malicious files via email
Intelligence
24/May/2019

Tempest discovers fraud campaign that amassed 2 million payment card data

Malware was installed in 2,600 points of sale of commercial businesses throughout Brazil
Intelligence
27/March/2019

GUP: banking malware campaign affects account holders of nine Brazilian institutions

Threat is based on overlaying the Internet Banking screen to perform fraudulent transactions while the user accesses the bank’s website
Vulnerability Disclosure
18/December/2018

Critical vulnerability is identified in Aligera products

The vulnerability allows an attacker to gain full control of the device
News
29/November/2018

FBI closes multi-million dollar ad-fraud scheme

The campaign infected more than 1.7 million computers to generate fake clicks
Intelligence
27/November/2018

Botnet Bushido has increased activity detected

This variant would be used in DDoS rental services
Intelligence
26/November/2018

Campaign disseminates banking trojan for clients of Brazilian banks

The malware has evasive features that circumvent anti-virus systems and use advanced screen overlay techniques
Intelligence
19/November/2018

Dodge game: a story about document fraud

It is a job that depends essentially on digital resources
News
12/November/2018

Vulnerable Adobe ColdFusion servers are targeted by cybercriminals

Cybercriminals have used reverse engineering in an Adobe patch in search for vulnerabilities to exploit
News
07/November/2018

Malware campaign in Brazil uses legitimate Windows components

Campaign uses WMI and CertUtil functions to attack its victims
News
06/November/2018

Soon, CVSS scores will be assigned by AI

NIST is evaluating the use of IBM Watson to perform the task
News
05/November/2018

More than half of SMBs have experienced some security breach in the last year

Phishing and Malware are the most common attacks
News
01/November/2018

POS devices have several flaws that allow for different types of attacks

Vulnerabilities were found in more than half of the major mobile POS tested terminals
News
29/October/2018

jQuery File Upload: plugin flaw leaves thousands of vulnerable websites

Flaw was introduced when Apache disabled security control of .htacceess files
News
25/October/2018

Another Windows Zero-Day vulnerability is disclosed on Twitter

New flaw allows for deletion of critical system data and privilege escalation
News
24/October/2018

Cisco and F5 Networks Assess Impact of Vulnerability on Libssh

Flaw related to encoding error affects library version 0.6.0
News
23/October/2018

Two critical vulnerabilities have been found on NAS devices

Flaws are present on WD My Book, NetGear Stora, SeaGate Home and NAS Medion LifeCloud devices
News
22/October/2018

13 flaws in the Amazon FreeRTOS IoT operating system are found

Attackers can take complete control of the system
News
22/October/2018

Chrome 70 optimizes privacy and fixes 23 vulnerabilities

Google paid more than $ 20,000 in rewards to researchers reporting flaws
Intelligence
04/September/2018

Garage scheme: scam affects vehicle financing

A gang carried out a fraud against financial institutions
Intelligence
28/August/2018

Fake stores, “boletos” and WhatsApp: Uncovering a Phishing-as-a-Service operation

This activity relies on platforms that sell fake e-commerce (fake stores)
Intelligence
21/August/2018

Domain Redirection Attack on Brazilian Banks Affects Intelbras Routers

The exposure of these access credentials is due to a vulnerability published in 2015
Intelligence
20/August/2018

Hakai botnet shows signs of intense activity in Latin America

This botnet has been detected by our sensors 134 times just this month
Intelligence
01/August/2018

New attempts to attack D-Link devices in Brazil are detected

Tempest monitoring team identified the activity of 11 botnets attempting to exploit device flaws
Intelligence
25/July/2018

New variant of the Mirai botnet has activity detected in Brazil

Botnet tries to exploit vulnerabilities in routers and monitoring systems
News
20/June/2018

New laws in Europe and the US could threaten Internet fundamentals, experts say

None of them is getting the same attention from the market as GDPR
Intelligence
19/April/2018

Chinese government surveillance app is vulnerable to MITM attacks

In a report released last week, the Open Technology Fund (OTF) stated that the JingWang app does not protect users’ private information; and, besides that, it is vulnerable to man-in-the-middle attacks
News
09/April/2018

Do we need to discuss Bitcoin’s impact on global energy production and consumption?

Is there any reason for this concern? And, above all: is there enough data to come to any conclusion?
News
28/March/2018

A false Android app is being used to spy on Iranian citizens

The malware used in this campaign infects Android users through a fake version of a VPN application called Psiphon
Vulnerability Disclosure
20/March/2018

Hola VPN software flaw could lead to privilege escalation

If exploited, the vulnerability allows for privilege escalation in the operating system, allowing the attacker to get full control over the victim’s computer
Vulnerability Disclosure
05/March/2018

Rapid SCADA: Industrial system has elementary flaw in access control

The flaw allows the system to become a bridge to access critical infrastructures
Uncategorized
20/February/2018

Cyber security: how old and new problems place companies in a “state of attention”

Noticing that security is inserted among such important issues for society does not come as a surprise
News
08/February/2018

EZ-Security joins Tempest creating Brazil’s largest cyber security specialized company

We can now offer our customers and partners the largest and most comprehensive portfolio of products and services
Intelligence
01/February/2018

One third of the Internet was under DoS attack, according to study

Six university researchers shed some light on this type of attack
News
16/January/2018

New threats expose risk of attacks on satellite communication systems on ships

These vulnerabilities would allow access to internal systems of offshore vessels
Vulnerability Disclosure
08/January/2018

Password manager flaw allows for arbitrary command execution

The flaw was found in the latest version of the software (4.9.3)
Corporate Security
03/November/2017

Risks involving supply chain attacks

We will look at some threats that abuse the supply chain and also address some of the consequences faced by organizations that have been victims of this type of attack
Intelligence
18/October/2017

HydraPOS — Operation of Brazilian fraudsters has accumulated, at least, 1.4 million card data

Fraud scheme went unnoticed for four years, targeting several merchants in Brazil
Human Factors
25/September/2017

Digital advertising tools are being used to disseminate phishing campaigns

The discovery is the result of research being conducted at El Pescador since 2016
News
13/September/2017

Artificial Intelligence techniques can be used to automate false reviews on websites, study suggests

The technique is presented as the next evolution of a practice known as “crowdturfing”
News
04/September/2017

Conceptual attack uses replacement parts to take control of mobile devices

Two initial attacks are described in the study, both happened after the exchange of an original touchscreen module with a malicious version
News
21/July/2017

Tempest is a co-author of the “Best Practices in Fraud Prevention” guide for the digital advertising industry

The event was part of a series of actions promoted by the IAB, which aims to make advertisers aware of the responsibility of require transparency regarding the investments made in digital advertising
News
30/June/2017

Study assesses risks and implications of cyber attacks on nuclear defense systems

Document examines the possibilities of cyberattack to the Trident— britain nuclear deterrent program
Uncategorized
23/June/2017

Data leakage is the theme of El Pescador’s new simulated phishing campaign

Cyber threats are constantly being renewed as cybercriminals develop increasingly sophisticated techniques to achieve their goals
Uncategorized
16/June/2017

Pacemakers may be vulnerable to cyberattacks, study finds

More than 8,000 vulnerabilities have been discovered in several models. In the UK the number of implanted devices exceeds 400 per million inhabitants
Uncategorized
05/June/2017

Android: failures that are beyond the code

In which ways the appropriation of the Android ecosystem affects its security
Uncategorized
26/May/2017

A time bomb: the challenge to fight fraud in the digital advertising industry

The HummingBad is one among the various activities that continually harm the digital advertising industry
Uncategorized
26/May/2017

Increase in ‘CEO Fraud’ attacks highlights risks to corporate environments

The number of BEC (Business Email Compromise) attacks has grown about 55% in 2015 in comparison with the previous year
Uncategorized
26/May/2017

Ransomware recent developments and threats

New threats, spike in infections and attacks against the healthcare industry
Uncategorized
26/May/2017

Malvertising — recent developments on tactics and techniques

Performing Malvertising attacks has already become an established technique in the modus operandi of several cyber crime rings
Uncategorized
26/May/2017

Exploit Kits: The current revival of an old tool that became trend

The first campaign that used an EK was spotted a decade ago and it used code that exploited a ‘0-day’ vulnerability in Internet Explorer
News
18/May/2017

Inspeckage, mobile application software analysis, has Tempest’s official support

This stamp represents the partnership between Tempest and Antonio Martins, developer of the tool and mobile application anaylsis specialist
Uncategorized
12/May/2017

WannaCry ransomware spreads around the world and impacts large enterprises

The malware has the behavior of a worm, infecting vulnerable computers that allow connections through Server Message Block (SMB) and Remote Desktop Protocol (RDP) connections
Uncategorized
09/May/2017

GE patches up vulnerability that allows remote power grids shutdown

Cyberattacks aimed at infrastructure were considered to be costly, requiring a great amount of resources and knowledge to execute
Uncategorized
03/May/2017

Stolen “Orange is the New Black” episodes are leaked online. Attackers threaten other studios

The leak occurred after the company refused to pay a ransom of 50 bitcoin that the hacking group demanded in order to not disclose the videos
Uncategorized
28/April/2017

Security incident on corporate chat tool HipChat may have exposed users data

It has affected their webservers and allowed others unauthorised access to user content
Uncategorized
05/April/2017

USB-based malware raises suspicions of hostile attacks in air-gapped environments

The malware has self-protection features based on volume encryption using the AES128 algorithm, which also creates a single image that should prevent cloning the USB device
Uncategorized
26/March/2017

Cyber war games exercises explained

Tempest Security Intelligence has created a unique methodology for running large-scale cyber war games exercises, which we call CYBERDRILL TM
Uncategorized
14/March/2017

Steganography in Malvertising campaigns: attacks continue to improve

These attacks have been active at least since 2014 and contain steganography techniques in their execution
News
13/March/2017

Law enforcement agencies adapt proceedings against Dark Markets in Operation Hyperion

At the end of October, 2016, an international task force identified thousands of people involved in the buying and selling of illicit products and services in Dark Markets
Application Security, Web Application Security
16/April/2025

Overview of vulnerabilities in the implementation of the OAuth protocol

Although widely used by web applications, if implemented improperly, OAuth can lead to token hijacking, redirection to malicious applications and other possibilities. In this blogpost, we'll discuss some of the vulnerabilities inherent in improper implementation of the protocol and how to mitigate them.
Application Security, Cloud, Cloud & Platform Security
20/March/2025

Event injection in serverless architectures

This report is a study of serverless architecture and how this type of environment opens up a new range of injection attacks. This study provides an overview of the architecture, the range of its attack surface, how injection attacks occur and the possible impacts that this kind of vulnerability can bring.
THREAT INTELLIGENCE
14/February/2025

Rise in the use of remote monitoring and management software in malicious campaigns

Tempest researchers identify an increase in the use of RMM tools in campaigns targeting Brazil
Web Application Security
10/February/2025

Understanding the Edge Side Include Injection vulnerability

The vulnerability occurs through the injection of ESI fragments
THREAT INTELLIGENCE
10/February/2025

Gh0st RAT: malware active for 15 years is still used by threat operators

Find out how an open source RAT developed in 2008 is still relevant and has become the basis for different variants present in the most diverse campaigns.
Vulnerability Disclosure
15/July/2024

Cross-Site Scripting (XSS) vulnerabilities and direct unauthenticated access found in the LumisXP Framework

This publication focuses on the discovery of flaws that allow the execution of arbitrary scripts (HTML/JavaScript) and unauthorized access in applications using LumisXP, without the need for authentication
Web Application Security
17/June/2024

XSSi: An overview of the vulnerability in 2024

Largely overlooked by both developers and cybersecurity researchers, the vulnerability still represents a source of threat to individuals and businesses
THREAT INTELLIGENCE
10/April/2024

Understanding Ransomware-as-a-Service operations from an affiliate’s perspective

Affiliates are individuals or subgroups responsible for conducting intrusions into corporate networks, using as part of their arsenal resources provided by one or more ransomware operations to which they may be linked
Vulnerability Disclosure
28/February/2024

CVEs: Access control vulnerabilities found within Multilaser routers’ web management interface

This publication deals with the discovery of security flaws that may enable unauthorized access and control of Multilaser router configurations
Network Security
15/February/2024

What is DoS? How to defend yourself?

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks represent a constant threat to global enterprises, with alarming numbers of incidents. In addition to the direct losses caused by the interruption of services, companies face a new form of attack: Ransom DDoS (RDDoS), where attackers demand payment to cease attacks
Exploit Development
31/January/2024

AFL++ and an introduction to Feedback-Based Fuzzing

Many bugs found from fuzzing tests can be signs of serious vulnerabilities
Cloud & Platform Security
17/January/2024

Privilege escalation with IAM on AWS

Privilege escalation in AWS consists of having sufficient permissions for administrative access to an organization
Cyber-Physical Systems
28/December/2023

What is cryptojacking?

Understand the main points of the cryptojacking phenomenon, its origins, how it works and the consequences for individuals and organizations
Cloud
15/December/2023

The Art of Cloud Security: Proactive Detection of Configuration Errors

Implementing a mechanism that detects configuration faults and makes them visible to be handled by the administrators is an excellent alternative for reducing the attack surface on Cloud resources
AI, ML & Data Science
21/November/2023

Detecting bugs in source code with AI

Explore one of the techniques for detecting vulnerabilities through Functionally-similar yet Inconsistent Code (FICS), using static analysis to identify inconsistencies in code. Learn more about its customized representation and hierarchical clustering, revealing advantages, results, and potential improvements
Detection Engineering
25/October/2023

False positives in threat detection

Understand the need to create exceptions, adjust detection logic and rules, implement processes to handle alerts and manage false positives when identifying cyber threats
Intelligence
06/October/2023

Anti-flapping and correlation techniques in Zabbix to mitigate false positives in an SOC

Zabbix is a monitoring platform that offers flexibility in notifying issues in networks, servers, and services, aiming for SOC effectiveness. In this article, we address techniques to reduce false positives and alert flooding, including anti-flapping and logic correlation, strategies that enhance monitoring reliability
Cyber-Physical Systems
22/September/2023

Study of vulnerabilities in MIFARE Classic cards

Understand how RFID technology allows remote communication through electronic tags. Discover the details of MIFARE Classic cards, their structure, encryption and potential vulnerabilities
AI, ML & Data Science
08/September/2023

Detecting Anomalies using Machine Learning on Splunk

The identification of cyberattacks is crucial to safeguard networks and systems, but signature detection has its limitations. Therefore, the discovery of anomalies through machine learning is a promising approach
Hardware/Embedded
23/August/2023

Mapping vulnerabilities in amazon echo using alexa skills

How a malicious developer can use skills development tools to attack users
Malware
14/August/2023

Browser extensions: Friend or Foe?

How a supposedly harmless browser extension can harm you without you even knowing it
Web Application Security
14/August/2023

Pickles, Shorts and Jokers: A study on Java deserialization

Explore insecure deserialization in Java applications. Learn about serialization, deserialization, Magic Methods, and how attackers use gadgets to cause damage. Learn about mitigation measures and the importance of restricting deserialization to protect your application against this security vulnerability
Cloud & Platform Security
12/July/2023

The importance of establishing new perimeters surrounding the cloud

The addition of Single Points of Access (SOPs) for AWS aims to reduce vulnerability exploitation by using administrative users in AWS
THREAT INTELLIGENCE
20/June/2023

Stooge Accounts: the final link in cybercrime money laundering in Brazil

Investigation reveals the obscure trade in orange accounts: learn about the values, tactics and risks involved in this criminal practice used by fraudsters to receive money from financial fraud
Network Security
15/June/2023

The importance of a good configuration of IPv6 rules in the firewall

The importance of a good IPv6 firewall rule configuration is related to the need to protect an organization's network against potential vulnerabilities and attacks that may exploit the specific characteristics of the IPv6 protocol
Network Security
01/June/2023

Configuring SSH Certificate-Based Authentication

Authentication via SSH certificates improves security and offers flexibility and scalability. While its implementation can be complex and not supported by all SSH clients, it is considered an improvement over key or password authentication
Vulnerability Disclosure
18/May/2023

CVE-2023-27233: SQL Command Execution Vulnerability in Piwigo 13.5.0

Survey reveals weakness in the open source software, allowing the execution of arbitrary SQL commands
Vulnerability Disclosure
17/May/2023

CVE-2023-26876: SQL injection vulnerability found in Piwigo image management software

Security flaw may allow unauthorized access and retrieval of sensitive server data
AI, ML & Data Science
19/April/2023

Threats to Machine Learning-Based Systems – Part 2 of 5

In this post, we discuss how adversarial attacks affect the physical layer of the OSI model and may potentially shut down wireless communications, such as 5G, by focusing on a modulation classification application
Exploit Development
04/April/2023

Attacking JS engines: Fundamentals for understanding memory corruption crashes

It will be possible to better understand the Javascript structures in memory while executing code in browsers or in any other program that makes use of the most famous JS interpreters, such as Firefox, Google Chrome, Internet Explorer and Safari
AI, ML & Data Science
15/March/2023

Threats to Machine Learning-based Systems – Part 1 of 5

Risks and Vulnerabilities Introduced by Machine Learning
Web Application Security
01/March/2023

Web cache poisoning – a practical approach

The web cache poisoning vulnerability involves the possibility of using the cache services to deliver malicious pages to the clients of a website
THREAT INTELLIGENCE
15/February/2023

Use of Google Ads and SEO Poisoning for malware dissemination

Tempest's Threat Intelligence team has identified in the last 3 months a significant increase in the adoption of Google Ads and SEO Poisoning techniques for the dissemination of several threats, most notably IcedID, Gootkit Loader and the Rhadamanthys, Vidar, Raccoon and RedLine stealers
Corporate Security
01/February/2023

Cloud Security to Reduce the Impact of Shadow-IT

It is estimated that 97% of cloud applications are not being managed, making the visibility of these applications difficult for security teams
Community
18/January/2023

Fraud in E-commerces – Brazilian Perspective

The success of e-commerces in Brazil is unquestionable and, of course, carries the same burden of fraud growth. In 2021, for example, there was a loss of more than BRL 7 billion related to fraud attempts, an increase of 100% compared to the previous year
HARDENING
05/January/2023

Methodology for Security Analysis in Operating Systems from the Compliance Management Perspective

These vulnerable environment scenarios are part of the reality experienced by security teams, who work on the daily assessment of systems in order to protect assets from vulnerabilities that affect critical devices or systems in companies
THREAT INTELLIGENCE
20/December/2022

New Chaes campaign uses Windows Management Instrumentation Command-Line Utility

Tempest's Threat Intelligence team recently identified a new campaign by the Chaes malware operators, in which there's a heavy use of Windows Management Instrumentation Command-Line Utility (WMIC) during the infection phase and in the theft of victim data
Software Security
09/December/2022

A Study on C Integers

From January up until August 2022, MITRE has already registered 96 CVEs (common vulnerabilities and exposures) involving integers. Therefore, this is a subject that requires attention
Corporate Security
24/November/2022

The dangers of Shadow It – and CASB’s role in protecting the environment

There was a time when people considered that data would always be safe behind applications, which were considered to be heavily protected
Detection Engineering
09/November/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 5 of 5

Intrusion Detection using Generative Adversarial Networks
Detection Engineering
26/October/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 4 of 5

Intrusion Detection using Autoencoders
Detection Engineering
13/October/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 3 of 5

One-Class Novelty Detection Intrusion Detection Systems
Vulnerability Disclosure
30/September/2022

CVE-2022-2863: WordPress plugin WPvivid Backup in version 0.9.76 and lower, allows reading of arbitrary files from server

Developers of the plugin have patched and released an update correcting the glitch in a later version
Cloud & Platform Security
14/September/2022

Attacks via Misconfiguration on Kubernetes Orchestrators

Kubernetes makes it easy to create, delete, and manage these containers. With just one command, you can replicate the action on all the required containers
Web Application Security
01/September/2022

Cross-site Scripting (XSS), variants and correction

Constantly mentioned in the OWASP Top Ten, the XSS makes it possible to hijack sessions, modify the application, redirect to malicious websites and more. Here we will cover the concepts and how to prevent it from happening in our applications
Detection Engineering
18/August/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 2 of 5

Clustering-Based Unsupervised Intrusion Detection Systems
Software Security
05/August/2022

Compromise Indicators in incident detection and false positive reduction in practice

Given the complexity and advance of threats to computing environments, such as the spread of ransomware attacks that have been growing in recent years (KENNEALLY, 2021), analyzing threats thoroughly and intelligently is crucial
Detection Engineering
20/July/2022

MISP Broker

Tempest's team of researchers develop and share a tool to assist in activities carried out by defensive security analysts
THREAT INTELLIGENCE
11/July/2022

Stealers, access sales and ransomware: supply chain and business models in cybercrime

Although incidents arising from such activities happen mostly in the computational universe, their impacts are not restricted to the digital world, and can affect people, institutions, cities, or even countries
Detection Engineering
23/June/2022

Empowering Intrusion Detection Systems with Machine Learning – Part 1 of 5

Signature vs. Anomaly-Based Intrusion Detection Systems
Cloud & Platform Security
08/June/2022

Unwanted Permissions that may impact security when using the ReadOnlyAccess policy in AWS

With this initial analysis, Tempest researchers identified at least 41 actions that can lead to improper data access
Vulnerability Disclosure
25/May/2022

CVE-2021-46426: phpIPAM 1.4.4 allows reflected XSS and CSRF via subnets functionality

Its version 1.4.4 is vulnerable to Reflected Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks
Vulnerability Disclosure
25/May/2022

CVE-2021-30140: XSS Vulnerability Detection in Liquid Files

LiquidFiles 3.4.15 has stored XSS via "send email" functionality when emailing a file to an administrator.
THREAT INTELLIGENCE
02/May/2022

Mekotio banking trojan identified in a new campaign against Brazilian account holders

The Trojan, which supposedly originated in Brazil, has divided its infection process into multiple stages in order to make the work of malware analysts more difficult
Cybersec Customer Success
26/April/2022

Information Security: Policies for Clean Desks and Screens

Information security (IS) is directly related to protecting a set of information, in the sense of preserving the value it holds for an individual or an organization
Mobile
22/April/2022

Facial Biometrics: Major Attacks and Mitigations

As with every major new development in the security market, this explosion of systems based on facial biometrics has been followed by new and increasingly sophisticated forms of fraud
Web Application Security
25/March/2022

HTTP Method Override – what it is and how a pentester can use it

How this technique can help potential attackers bypass security measures based on HTTP methods
Corporate Security
09/February/2022

Data Leak Prevention Intelligence

In this article, the focal point is to present a more conceptual view of the subject for those who have already taken the first plunge into the information security field
Cloud & Platform Security
25/January/2022

Unauth root account email discovery with AWS organizations

From the information previously discovered, it's possible to get equipped with information to carry out the next phases and moves of the attack
Corporate Security
12/January/2022

Evaluate, Direct and Monitor – governance goals according to the ISACA COBIT 2019 framework in the context of Managed Detection and Response (MDR)

This article aims to comprehensively address the responsibilities and competences of an IT governance system in the organization
Cybersec Customer Success
21/December/2021

A philosophy for quality customer service in the information security market

This article addresses this scenario and shares some proposals for achieving this goal
Software Engineering
17/December/2021

A Web Accessibility: how to modify our projects today

In this blogpost, we'll address directions and techniques that can be incorporated into our web projects
Vulnerability Management
17/November/2021

How intelligence data can help manage vulnerabilities

With the large number of vulnerabilities detected, the question is: how to prioritize what to fix first?
Detection Engineering
03/November/2021

Providing Visibility, Monitoring, and Anomaly Detection with FleetDM and Osquery

Nowadays, there is a concern about security and its monitoring
Cloud & Platform Security
28/October/2021

Enumerating Services in AWS Accounts in an Anonymous and Unauthenticated Manner

In recent research, we adjusted a enumeration technique used for years to map services on a AWS account to just its account id and with unauthenticated form
Intelligence
22/October/2021

Cobalt Strike: Infrastructure Analysis

In a recent review, we described and offered pointers on the most common configurations of this tool, which is one of the most used by criminals
Data Engineering
21/October/2021

Data anonymization: what, why and how is it done?

An introduction to the need, concept and application of Data Anonymization techniques in times where information is golden and plentiful everywhere.
Detection Engineering
13/October/2021

Unveiling the SIGMA (YAML) for Detection Engineering

Sigma Rules: A Format for Composing Your Discovery Use Case Library
Intelligence
05/October/2021

Fake stores: how Brazilian criminals use SPAM services to boost fake stores

Evidence from fraud groups reveals a wide variety of services used to disseminate malicious campaigns
Cybersec Customer Success
15/September/2021

Tracking the customer journey in search of strategic data for both the customer and the provider

Nesse artigo, vamos caminhar juntos e entender a jornada do cliente em Customer Success, com o objetivo de deixar clara a importĂąncia de um relacionamento personalizado com o cliente, e de ter sua jornada percorrida de forma plena.
Corporate Security
01/September/2021

DLP technology making your life easier in achieving compliance with major market standards and regulations

How to prevent sensitive and/or company-valued data from leaking out of the organization, regardless of the reason
Web Application Security
18/August/2021

URL Filter Subversion

How failures related to validating conditions based on URLs can lead to security issues
Software Engineering
04/August/2021

Making it easy to generate GraphQL APIs with Hasura

Learn how to use plug-and-play with Postgres database schema
Intelligence
22/July/2021

A Background on DNS over HTTPS and discussions about its implementation

The DoH is the protocol that aims to provide greater privacy to users browsing the Internet
Intelligence
14/July/2021

LOLBins: how native tools are used to make threats stealthier

Over the years, operating systems' native tools have become both popular and a preponderant mechanisms in the attackers hands whom combine them with malwares
News
02/July/2021

SideChannel: content generation as a driving force in the development of cybersecurity

With the constant growth of cyber-attacks, sharing knowledge in the area of cybersecurity becomes essential
Software Engineering
23/June/2021

How to create a project with React?

It is necessary to think about everything, in order to structure a project: from folders organization to the coding language to be used, besides tolls and frameworks that will help in its developement
Intelligence
10/June/2021

An overview of the main WhatsApp scams and ways to protect yourself

WhatsApp cloning still is one of the biggest applied scam
Reverse Engineering
26/May/2021

USER-STACK: Essential knowledge to Memory Corruption study

Study on User-Stack principles in Windows and its defense and attack aspects
Software Engineering
12/May/2021

Creating an API with NestJS

Presenting an option to create backends using JavaScript/TypeScript in an organized and easy to maintain way
Intelligence
03/May/2021

Impostor Attendant: How criminals use famous brands to deceive users on social networks

Recent campaigns rekindle discussions about the malicious use of social networks
Application Security
30/April/2021

ASCII to UTF-8 Encoding

It's a usual encode issue presents a character in the middle of a word
Intelligence
16/April/2021

New banking trojan is identified in campaigns against Brazilian account holders

Named SLKRat by Tempest, the malware uses the screen overlay technique to steal bank information
Web Application Security
31/March/2021

Common problems in bad implementations of business rules and absence of data validation – Part 1

This is the first in a series of publications about security flaws in two-factor authentication implementations.
Cloud & Platform Security
12/March/2021

Good security practices using Docker

Security must be considered at all levels of a project, from code development to the infrastructure where it will run.
Intelligence
03/March/2021

Jupyter Notebooks for fun and cryptomining

Criminals are taking advantage of weaknesses in the data science tool to mine cryptocurrencies
Web Application Security
24/February/2021

SQL Injection: There was a comma halfway

How to efficiently exploit a Blind SQL Injection when the vulnerable application removes the character “,” (comma) from the request?
Intelligence
11/February/2021

New Astaroth techniques focus on anti-detection measures

Trojan started to exploit websites vulnerable to Cross-Site Scripting attacks and to use the finger command for remote execution of malicious code.
Software Security
27/January/2021

Is it possible to design a good user experience without giving up security?

When we build a safe product for the user, we are also assigning security and less damage to the business.
Web Application Security
18/January/2021

Access Control Flaws in Web Applications

If there is a vulnerability, an attacker could compromise the application completely
Web Application Security
31/December/2020

Server Side Request Forgery — Attack and Defense

Also known as SSRF, is a vulnerability that allows an attacker to make requests through a vulnerable server
Intelligence
09/December/2020

New Vadokrist Trojan campaign uses Pix as phishing bait

The threat affects customers of major Brazilian banks, using the DLL Injection technique in its infection process and misusing GitHub
Web Application Security
19/November/2020

A long time ago, in a web far away, the SQL Injection appeared

Understand how the SQL Injection works and how to protect yourself against it
Web Application Security
06/November/2020

Let’s go with Cross Site Request Forgery?

According to a survey carried out by OWASP in 2013, CSRF was on the list of the 10 most common vulnerabilities founded in Web applications.
Application Security
14/October/2020

HTML to PDF converters, can I hack them?

Our goal here was to investigate what kind of vulnerabilities can be inserted in a software through the use of libraries with the above mentioned functionality
Application Security
30/September/2020

Brute Force Attacks: Protection and Mitigation Measures

Any system that interacts with the internet must be prepared to defend itself from a large arsenal of techniques and attacks
Software Security
16/September/2020

Safe development practices for agile teams

With increasingly tight deadlines for software projects, agile methodologies have been widely used in the area
Hardware/Embedded
02/September/2020

The danger of using the Wifi module ESP8266 to create a backdoor

We will detail the necessary steps to perform the firmware upload correctly
Application Security
19/August/2020

Mimikatz: Mitigating credential theft attacks

The tool has become indispensable in the arsenal used by both pentesters and attackers and malware in real compromising scenarios
Vulnerability Disclosure
06/August/2020

Path Traversal Vulnerability in SecurEnvoy impacts on remote command execution through file upload

Attacks of this type consist of the possibility of traversing directories outside and/or inside the root of the application, thus allowing access to other files or folders in an arbitrary manner
Mobile
23/July/2020

Analyzing some defense mechanisms in mobile browsers

For many internet users, browsers have become a fundamental part of our daily lives
Community
13/July/2020

Cybersecurity in Healthcare in the midst of crisis

COVID-19 Series: Key Topics to Combat Cyberattacks Taking Place in Hospitals During the Pandemic
Cryptography
08/July/2020

Cryptography: Applications to ensure your privacy

It guarantees that the confidentiality of the data can be assured, either in its storage or in its communication process
Vulnerability Disclosure
23/June/2020

DLL Hijacking at the Trend Micro Password Manager (CVE-2020–8469)

We will briefly present some basic concepts on the subject, as well as the demonstration of this vulnerability in Trend Micro Password Manager
Intelligence
18/June/2020

Tactics, techniques, and pointers on recent major Double Extortion threats

An overview of the actions of the groups operating the Maze, Snake, RagnarLocker, Clop, REvil (Sodinokibi), Netwalker (Mailto), DoppelPaymer, and Nefilim ransomwares
Reverse Engineering
11/June/2020

BA AD F0 0D: Using memory debug code as an anti-debugging technique

New anti-debugging techniques are always welcome
Intelligence
08/May/2020

Double Extortion: Data leak combined with ransomware have increased in recent weeks

Criminals use various techniques to extract sensitive data and sabotage the environment, requiring payment to prevent leaks
Community
09/April/2020

Bringing Zoom Safety into Perspective

COVID-19 series: an analysis of the latest incidents involving the security of the product
Corporate Security
25/March/2020

The strategies behind the new coronavirus-themed attacks

COVID-19 series: old scams in new packaging
Corporate Security
19/March/2020

The bare minimum of cybersecurity you need to consider when building an infrastructure in a hurry

COVID-19 Series: What topics to prioritize and a few free resources and information providers
Corporate Security
16/March/2020

Cybersecurity in the home office in times of coronavirus: a question of coresponsibility

COVID-19 series: tips for protecting company data in your home environment
Vulnerability Disclosure
11/March/2020

Vulnerability in Avast Secure Browser enables escalation of privileges on Windows

Exploitation abuses the hardlinks feature, which represents the file content on the NTFS system
Corporate Security
03/March/2020

Case Study — Symantec DLP — Endpoint Environment

Analysis of the environment and problems found
Web Application Security
10/February/2020

Once upon a time an account enumeration

Identifying valid users in a variety of conditions and ways to protect your systems from this threat
Software Security
24/January/2020

For less Gandalfs and more John Wicks (or, for less magic frameworks and more software engineering)

Go is a relatively new language, similar to C but with memory safe, garbage collection, structural typing

Web Application Security
07/January/2020

The Cypher Injection Saga

From descriptive error to BURP extension
Cryptography
12/December/2019

Evil Maid: Attack on computers with encrypted disks

The attack allows to obtain data stored on a disk or even to gain remote access to the victim’s computer
Intelligence
05/December/2019

Brazilian fraudsters are using a distributed tool to obtain CVV data

Tactic has been used both against legitimate e-commerce websites under the control of the attacker, and against payment gateways
Software Security
26/November/2019

Consuming APIs with Flutter and Redux | Walk through

Most of people only meet Redux when they bump into React, and internalize the architecture as a React thing
Intelligence
23/November/2019

New HydraPOS malware dashboard has been identified with data from over 100,000 credit cards

Variant of the threat, described by Tempest in 2017, remains in full operation and has dozens of targets in Brazil
Corporate Security
12/November/2019

Information Security Risk Management — Analytical Thinking

A brief risk management analysis based on ISO / IEC 27005: 2011 — Information Technology — Security Techniques — Information Security Risk Management
Web Application Security
29/October/2019

A Burp plugin that automates failure detection in the HTML development process

The idea of ​​creating another extension for Burp came up in one of the editions of “Na Beira do Rio”
Cloud
15/October/2019

Cloud Migration: what to consider from a cybersecurity perspective

Keeping cloud data secure requires as much or more care and control than data stored on premises
Intelligence
01/October/2019

Phishing campaign spreads malware to Facebook users in Brazil and Mexico

Sponsored ads offered discount coupons to distribute a malicious Chrome extension, among other threats
Intelligence
17/September/2019

Research identifies tool used to extract and manipulate email attachments

Offered in social networks, tool also allows to validate email credentials
Cryptography
05/September/2019

A brief analysis of data compression security issues

Many applications compress data before it is encrypted, which, in some cases, may compromise the confidentiality of the transmitted data
Vulnerability Disclosure
20/August/2019

Trend Micro Maximum Security 2019 vulnerability allows for privilege escalation attacks on Windows

Discovered by Tempest analyst, the flaw had a fix released last week
Software Security
14/August/2019

Adequately using relational database privileges in migration tasks

How to improve security in the database access using the Principle of Least Privilege
Vulnerability Disclosure
31/July/2019

Vulnerability in Avira Security Suite enables for privilege escalation attacks

The flaw is present in a file which, by default, has open access and control permissions for all Windows users
Vulnerability Disclosure
16/July/2019

Tempest identifies weakness in Microsoft security service

By exploiting the vulnerability, an attacker can deliver malicious files via email
Intelligence
24/May/2019

Tempest discovers fraud campaign that amassed 2 million payment card data

Malware was installed in 2,600 points of sale of commercial businesses throughout Brazil
Intelligence
27/March/2019

GUP: banking malware campaign affects account holders of nine Brazilian institutions

Threat is based on overlaying the Internet Banking screen to perform fraudulent transactions while the user accesses the bank’s website
Vulnerability Disclosure
18/December/2018

Critical vulnerability is identified in Aligera products

The vulnerability allows an attacker to gain full control of the device
News
29/November/2018

FBI closes multi-million dollar ad-fraud scheme

The campaign infected more than 1.7 million computers to generate fake clicks
Intelligence
27/November/2018

Botnet Bushido has increased activity detected

This variant would be used in DDoS rental services
Intelligence
26/November/2018

Campaign disseminates banking trojan for clients of Brazilian banks

The malware has evasive features that circumvent anti-virus systems and use advanced screen overlay techniques
Intelligence
19/November/2018

Dodge game: a story about document fraud

It is a job that depends essentially on digital resources
News
12/November/2018

Vulnerable Adobe ColdFusion servers are targeted by cybercriminals

Cybercriminals have used reverse engineering in an Adobe patch in search for vulnerabilities to exploit
News
07/November/2018

Malware campaign in Brazil uses legitimate Windows components

Campaign uses WMI and CertUtil functions to attack its victims
News
06/November/2018

Soon, CVSS scores will be assigned by AI

NIST is evaluating the use of IBM Watson to perform the task
News
05/November/2018

More than half of SMBs have experienced some security breach in the last year

Phishing and Malware are the most common attacks
News
01/November/2018

POS devices have several flaws that allow for different types of attacks

Vulnerabilities were found in more than half of the major mobile POS tested terminals
News
29/October/2018

jQuery File Upload: plugin flaw leaves thousands of vulnerable websites

Flaw was introduced when Apache disabled security control of .htacceess files
News
25/October/2018

Another Windows Zero-Day vulnerability is disclosed on Twitter

New flaw allows for deletion of critical system data and privilege escalation
News
24/October/2018

Cisco and F5 Networks Assess Impact of Vulnerability on Libssh

Flaw related to encoding error affects library version 0.6.0
News
23/October/2018

Two critical vulnerabilities have been found on NAS devices

Flaws are present on WD My Book, NetGear Stora, SeaGate Home and NAS Medion LifeCloud devices
News
22/October/2018

13 flaws in the Amazon FreeRTOS IoT operating system are found

Attackers can take complete control of the system
News
22/October/2018

Chrome 70 optimizes privacy and fixes 23 vulnerabilities

Google paid more than $ 20,000 in rewards to researchers reporting flaws
Intelligence
04/September/2018

Garage scheme: scam affects vehicle financing

A gang carried out a fraud against financial institutions
Intelligence
28/August/2018

Fake stores, “boletos” and WhatsApp: Uncovering a Phishing-as-a-Service operation

This activity relies on platforms that sell fake e-commerce (fake stores)
Intelligence
21/August/2018

Domain Redirection Attack on Brazilian Banks Affects Intelbras Routers

The exposure of these access credentials is due to a vulnerability published in 2015
Intelligence
20/August/2018

Hakai botnet shows signs of intense activity in Latin America

This botnet has been detected by our sensors 134 times just this month
Intelligence
01/August/2018

New attempts to attack D-Link devices in Brazil are detected

Tempest monitoring team identified the activity of 11 botnets attempting to exploit device flaws
Intelligence
25/July/2018

New variant of the Mirai botnet has activity detected in Brazil

Botnet tries to exploit vulnerabilities in routers and monitoring systems
News
20/June/2018

New laws in Europe and the US could threaten Internet fundamentals, experts say

None of them is getting the same attention from the market as GDPR
Intelligence
19/April/2018

Chinese government surveillance app is vulnerable to MITM attacks

In a report released last week, the Open Technology Fund (OTF) stated that the JingWang app does not protect users’ private information; and, besides that, it is vulnerable to man-in-the-middle attacks
News
09/April/2018

Do we need to discuss Bitcoin’s impact on global energy production and consumption?

Is there any reason for this concern? And, above all: is there enough data to come to any conclusion?
News
28/March/2018

A false Android app is being used to spy on Iranian citizens

The malware used in this campaign infects Android users through a fake version of a VPN application called Psiphon
Vulnerability Disclosure
20/March/2018

Hola VPN software flaw could lead to privilege escalation

If exploited, the vulnerability allows for privilege escalation in the operating system, allowing the attacker to get full control over the victim’s computer
Vulnerability Disclosure
05/March/2018

Rapid SCADA: Industrial system has elementary flaw in access control

The flaw allows the system to become a bridge to access critical infrastructures
Uncategorized
20/February/2018

Cyber security: how old and new problems place companies in a “state of attention”

Noticing that security is inserted among such important issues for society does not come as a surprise
News
08/February/2018

EZ-Security joins Tempest creating Brazil’s largest cyber security specialized company

We can now offer our customers and partners the largest and most comprehensive portfolio of products and services
Intelligence
01/February/2018

One third of the Internet was under DoS attack, according to study

Six university researchers shed some light on this type of attack
News
16/January/2018

New threats expose risk of attacks on satellite communication systems on ships

These vulnerabilities would allow access to internal systems of offshore vessels
Vulnerability Disclosure
08/January/2018

Password manager flaw allows for arbitrary command execution

The flaw was found in the latest version of the software (4.9.3)
Corporate Security
03/November/2017

Risks involving supply chain attacks

We will look at some threats that abuse the supply chain and also address some of the consequences faced by organizations that have been victims of this type of attack
Intelligence
18/October/2017

HydraPOS — Operation of Brazilian fraudsters has accumulated, at least, 1.4 million card data

Fraud scheme went unnoticed for four years, targeting several merchants in Brazil
Human Factors
25/September/2017

Digital advertising tools are being used to disseminate phishing campaigns

The discovery is the result of research being conducted at El Pescador since 2016
News
13/September/2017

Artificial Intelligence techniques can be used to automate false reviews on websites, study suggests

The technique is presented as the next evolution of a practice known as “crowdturfing”
News
04/September/2017

Conceptual attack uses replacement parts to take control of mobile devices

Two initial attacks are described in the study, both happened after the exchange of an original touchscreen module with a malicious version
News
21/July/2017

Tempest is a co-author of the “Best Practices in Fraud Prevention” guide for the digital advertising industry

The event was part of a series of actions promoted by the IAB, which aims to make advertisers aware of the responsibility of require transparency regarding the investments made in digital advertising
News
30/June/2017

Study assesses risks and implications of cyber attacks on nuclear defense systems

Document examines the possibilities of cyberattack to the Trident— britain nuclear deterrent program
Uncategorized
23/June/2017

Data leakage is the theme of El Pescador’s new simulated phishing campaign

Cyber threats are constantly being renewed as cybercriminals develop increasingly sophisticated techniques to achieve their goals
Uncategorized
16/June/2017

Pacemakers may be vulnerable to cyberattacks, study finds

More than 8,000 vulnerabilities have been discovered in several models. In the UK the number of implanted devices exceeds 400 per million inhabitants
Uncategorized
05/June/2017

Android: failures that are beyond the code

In which ways the appropriation of the Android ecosystem affects its security
Uncategorized
26/May/2017

A time bomb: the challenge to fight fraud in the digital advertising industry

The HummingBad is one among the various activities that continually harm the digital advertising industry
Uncategorized
26/May/2017

Increase in ‘CEO Fraud’ attacks highlights risks to corporate environments

The number of BEC (Business Email Compromise) attacks has grown about 55% in 2015 in comparison with the previous year
Uncategorized
26/May/2017

Ransomware recent developments and threats

New threats, spike in infections and attacks against the healthcare industry
Uncategorized
26/May/2017

Malvertising — recent developments on tactics and techniques

Performing Malvertising attacks has already become an established technique in the modus operandi of several cyber crime rings
Uncategorized
26/May/2017

Exploit Kits: The current revival of an old tool that became trend

The first campaign that used an EK was spotted a decade ago and it used code that exploited a ‘0-day’ vulnerability in Internet Explorer
News
18/May/2017

Inspeckage, mobile application software analysis, has Tempest’s official support

This stamp represents the partnership between Tempest and Antonio Martins, developer of the tool and mobile application anaylsis specialist
Uncategorized
12/May/2017

WannaCry ransomware spreads around the world and impacts large enterprises

The malware has the behavior of a worm, infecting vulnerable computers that allow connections through Server Message Block (SMB) and Remote Desktop Protocol (RDP) connections
Uncategorized
09/May/2017

GE patches up vulnerability that allows remote power grids shutdown

Cyberattacks aimed at infrastructure were considered to be costly, requiring a great amount of resources and knowledge to execute
Uncategorized
03/May/2017

Stolen “Orange is the New Black” episodes are leaked online. Attackers threaten other studios

The leak occurred after the company refused to pay a ransom of 50 bitcoin that the hacking group demanded in order to not disclose the videos
Uncategorized
28/April/2017

Security incident on corporate chat tool HipChat may have exposed users data

It has affected their webservers and allowed others unauthorised access to user content
Uncategorized
05/April/2017

USB-based malware raises suspicions of hostile attacks in air-gapped environments

The malware has self-protection features based on volume encryption using the AES128 algorithm, which also creates a single image that should prevent cloning the USB device
Uncategorized
26/March/2017

Cyber war games exercises explained

Tempest Security Intelligence has created a unique methodology for running large-scale cyber war games exercises, which we call CYBERDRILL TM
Uncategorized
14/March/2017

Steganography in Malvertising campaigns: attacks continue to improve

These attacks have been active at least since 2014 and contain steganography techniques in their execution
News
13/March/2017

Law enforcement agencies adapt proceedings against Dark Markets in Operation Hyperion

At the end of October, 2016, an international task force identified thousands of people involved in the buying and selling of illicit products and services in Dark Markets

We use cookies and other similar technologies to improve your experience. By using our system, you consent to such monitoring.
To learn more, including how to control cookies, see our Privacy Policy

Accept
SideChannel is a blog from
Tempest
Tempest