Intelligence 06/October/2023 Anti-flapping and correlation techniques in Zabbix to mitigate false positives in an SOC Zabbix is a monitoring platform that offers flexibility in notifying issues in networks, servers, and services, aiming for SOC effectiveness. In this article, we address techniques to reduce false positives and alert flooding, including anti-flapping and logic correlation, strategies that enhance monitoring reliability
Intelligence 22/October/2021 Cobalt Strike: Infrastructure Analysis In a recent review, we described and offered pointers on the most common configurations of this tool, which is one of the most used by criminals
Intelligence 05/October/2021 Fake stores: how Brazilian criminals use SPAM services to boost fake stores Evidence from fraud groups reveals a wide variety of services used to disseminate malicious campaigns
Intelligence 22/July/2021 A Background on DNS over HTTPS and discussions about its implementation The DoH is the protocol that aims to provide greater privacy to users browsing the Internet
Intelligence 14/July/2021 LOLBins: how native tools are used to make threats stealthier Over the years, operating systems' native tools have become both popular and a preponderant mechanisms in the attackers hands whom combine them with malwares
Intelligence 10/June/2021 An overview of the main WhatsApp scams and ways to protect yourself WhatsApp cloning still is one of the biggest applied scam
Intelligence 03/May/2021 Impostor Attendant: How criminals use famous brands to deceive users on social networks Recent campaigns rekindle discussions about the malicious use of social networks
Intelligence 16/April/2021 New banking trojan is identified in campaigns against Brazilian account holders Named SLKRat by Tempest, the malware uses the screen overlay technique to steal bank information
Intelligence 03/March/2021 Jupyter Notebooks for fun and cryptomining Criminals are taking advantage of weaknesses in the data science tool to mine cryptocurrencies
Intelligence 11/February/2021 New Astaroth techniques focus on anti-detection measures Trojan started to exploit websites vulnerable to Cross-Site Scripting attacks and to use the finger command for remote execution of malicious code.
Intelligence 09/December/2020 New Vadokrist Trojan campaign uses Pix as phishing bait The threat affects customers of major Brazilian banks, using the DLL Injection technique in its infection process and misusing GitHub
Intelligence 18/June/2020 Tactics, techniques, and pointers on recent major Double Extortion threats An overview of the actions of the groups operating the Maze, Snake, RagnarLocker, Clop, REvil (Sodinokibi), Netwalker (Mailto), DoppelPaymer, and Nefilim ransomwares
Intelligence 08/May/2020 Double Extortion: Data leak combined with ransomware have increased in recent weeks Criminals use various techniques to extract sensitive data and sabotage the environment, requiring payment to prevent leaks
Intelligence 05/December/2019 Brazilian fraudsters are using a distributed tool to obtain CVV data Tactic has been used both against legitimate e-commerce websites under the control of the attacker, and against payment gateways
Intelligence 23/November/2019 New HydraPOS malware dashboard has been identified with data from over 100,000 credit cards Variant of the threat, described by Tempest in 2017, remains in full operation and has dozens of targets in Brazil
Intelligence 01/October/2019 Phishing campaign spreads malware to Facebook users in Brazil and Mexico Sponsored ads offered discount coupons to distribute a malicious Chrome extension, among other threats
Intelligence 17/September/2019 Research identifies tool used to extract and manipulate email attachments Offered in social networks, tool also allows to validate email credentials
Intelligence 24/May/2019 Tempest discovers fraud campaign that amassed 2 million payment card data Malware was installed in 2,600 points of sale of commercial businesses throughout Brazil
Intelligence 27/March/2019 GUP: banking malware campaign affects account holders of nine Brazilian institutions Threat is based on overlaying the Internet Banking screen to perform fraudulent transactions while the user accesses the bankās website
Intelligence 27/November/2018 Botnet Bushido has increased activity detected This variant would be used in DDoS rental services
Intelligence 26/November/2018 Campaign disseminates banking trojan for clients of Brazilian banks The malware has evasive features that circumvent anti-virus systems and use advanced screen overlay techniques
Intelligence 19/November/2018 Dodge game: a story about document fraud It is a job that depends essentially on digital resources
Intelligence 04/September/2018 Garage scheme: scam affects vehicle financing A gang carried out a fraud against financial institutions
Intelligence 28/August/2018 Fake stores, āboletosā and WhatsApp: Uncovering a Phishing-as-a-Service operation This activity relies on platforms that sell fake e-commerce (fake stores)
Intelligence 21/August/2018 Domain Redirection Attack on Brazilian Banks Affects Intelbras Routers The exposure of these access credentials is due to a vulnerability published in 2015
Intelligence 20/August/2018 Hakai botnet shows signs of intense activity in Latin America This botnet has been detected by our sensors 134 times just this month
Intelligence 01/August/2018 New attempts to attack D-Link devices in Brazil are detected Tempest monitoring team identified the activity of 11 botnets attempting to exploit device flaws
Intelligence 25/July/2018 New variant of the Mirai botnet has activity detected in Brazil Botnet tries to exploit vulnerabilities in routers and monitoring systems
Intelligence 19/April/2018 Chinese government surveillance app is vulnerable to MITM attacks In a report released last week, the Open Technology Fund (OTF) stated that the JingWang app does not protect usersā private information; and, besides that, it is vulnerable to man-in-the-middle attacks
Intelligence 01/February/2018 One third of the Internet was under DoS attack, according to study Six university researchers shed some light on this type of attack
Intelligence 18/October/2017 HydraPOS ā Operation of Brazilian fraudsters has accumulated, at least, 1.4 million card data Fraud scheme went unnoticed for four years, targeting several merchants in Brazil
Intelligence 06/October/2023 Anti-flapping and correlation techniques in Zabbix to mitigate false positives in an SOC Zabbix is a monitoring platform that offers flexibility in notifying issues in networks, servers, and services, aiming for SOC effectiveness. In this article, we address techniques to reduce false positives and alert flooding, including anti-flapping and logic correlation, strategies that enhance monitoring reliability
Intelligence 22/October/2021 Cobalt Strike: Infrastructure Analysis In a recent review, we described and offered pointers on the most common configurations of this tool, which is one of the most used by criminals
Intelligence 05/October/2021 Fake stores: how Brazilian criminals use SPAM services to boost fake stores Evidence from fraud groups reveals a wide variety of services used to disseminate malicious campaigns
Intelligence 22/July/2021 A Background on DNS over HTTPS and discussions about its implementation The DoH is the protocol that aims to provide greater privacy to users browsing the Internet
Intelligence 14/July/2021 LOLBins: how native tools are used to make threats stealthier Over the years, operating systems' native tools have become both popular and a preponderant mechanisms in the attackers hands whom combine them with malwares
Intelligence 10/June/2021 An overview of the main WhatsApp scams and ways to protect yourself WhatsApp cloning still is one of the biggest applied scam
Intelligence 03/May/2021 Impostor Attendant: How criminals use famous brands to deceive users on social networks Recent campaigns rekindle discussions about the malicious use of social networks
Intelligence 16/April/2021 New banking trojan is identified in campaigns against Brazilian account holders Named SLKRat by Tempest, the malware uses the screen overlay technique to steal bank information
Intelligence 03/March/2021 Jupyter Notebooks for fun and cryptomining Criminals are taking advantage of weaknesses in the data science tool to mine cryptocurrencies
Intelligence 11/February/2021 New Astaroth techniques focus on anti-detection measures Trojan started to exploit websites vulnerable to Cross-Site Scripting attacks and to use the finger command for remote execution of malicious code.
Intelligence 09/December/2020 New Vadokrist Trojan campaign uses Pix as phishing bait The threat affects customers of major Brazilian banks, using the DLL Injection technique in its infection process and misusing GitHub
Intelligence 18/June/2020 Tactics, techniques, and pointers on recent major Double Extortion threats An overview of the actions of the groups operating the Maze, Snake, RagnarLocker, Clop, REvil (Sodinokibi), Netwalker (Mailto), DoppelPaymer, and Nefilim ransomwares
Intelligence 08/May/2020 Double Extortion: Data leak combined with ransomware have increased in recent weeks Criminals use various techniques to extract sensitive data and sabotage the environment, requiring payment to prevent leaks
Intelligence 05/December/2019 Brazilian fraudsters are using a distributed tool to obtain CVV data Tactic has been used both against legitimate e-commerce websites under the control of the attacker, and against payment gateways
Intelligence 23/November/2019 New HydraPOS malware dashboard has been identified with data from over 100,000 credit cards Variant of the threat, described by Tempest in 2017, remains in full operation and has dozens of targets in Brazil
Intelligence 01/October/2019 Phishing campaign spreads malware to Facebook users in Brazil and Mexico Sponsored ads offered discount coupons to distribute a malicious Chrome extension, among other threats
Intelligence 17/September/2019 Research identifies tool used to extract and manipulate email attachments Offered in social networks, tool also allows to validate email credentials
Intelligence 24/May/2019 Tempest discovers fraud campaign that amassed 2 million payment card data Malware was installed in 2,600 points of sale of commercial businesses throughout Brazil
Intelligence 27/March/2019 GUP: banking malware campaign affects account holders of nine Brazilian institutions Threat is based on overlaying the Internet Banking screen to perform fraudulent transactions while the user accesses the bankās website
Intelligence 27/November/2018 Botnet Bushido has increased activity detected This variant would be used in DDoS rental services
Intelligence 26/November/2018 Campaign disseminates banking trojan for clients of Brazilian banks The malware has evasive features that circumvent anti-virus systems and use advanced screen overlay techniques
Intelligence 19/November/2018 Dodge game: a story about document fraud It is a job that depends essentially on digital resources
Intelligence 04/September/2018 Garage scheme: scam affects vehicle financing A gang carried out a fraud against financial institutions
Intelligence 28/August/2018 Fake stores, āboletosā and WhatsApp: Uncovering a Phishing-as-a-Service operation This activity relies on platforms that sell fake e-commerce (fake stores)
Intelligence 21/August/2018 Domain Redirection Attack on Brazilian Banks Affects Intelbras Routers The exposure of these access credentials is due to a vulnerability published in 2015
Intelligence 20/August/2018 Hakai botnet shows signs of intense activity in Latin America This botnet has been detected by our sensors 134 times just this month
Intelligence 01/August/2018 New attempts to attack D-Link devices in Brazil are detected Tempest monitoring team identified the activity of 11 botnets attempting to exploit device flaws
Intelligence 25/July/2018 New variant of the Mirai botnet has activity detected in Brazil Botnet tries to exploit vulnerabilities in routers and monitoring systems
Intelligence 19/April/2018 Chinese government surveillance app is vulnerable to MITM attacks In a report released last week, the Open Technology Fund (OTF) stated that the JingWang app does not protect usersā private information; and, besides that, it is vulnerable to man-in-the-middle attacks
Intelligence 01/February/2018 One third of the Internet was under DoS attack, according to study Six university researchers shed some light on this type of attack
Intelligence 18/October/2017 HydraPOS ā Operation of Brazilian fraudsters has accumulated, at least, 1.4 million card data Fraud scheme went unnoticed for four years, targeting several merchants in Brazil
