Community 18/January/2023 Fraud in E-commerces – Brazilian Perspective The success of e-commerces in Brazil is unquestionable and, of course, carries the same burden of fraud growth. In 2021, for example, there was a loss of more than BRL 7 billion related to fraud attempts, an increase of 100% compared to the previous year
Detection Engineering 09/November/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 5 of 5 Intrusion Detection using Generative Adversarial Networks
Detection Engineering 26/October/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 4 of 5 Intrusion Detection using Autoencoders
Detection Engineering 13/October/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 3 of 5 One-Class Novelty Detection Intrusion Detection Systems
Web Application Security 01/September/2022 Cross-site Scripting (XSS), variants and correction Constantly mentioned in the OWASP Top Ten, the XSS makes it possible to hijack sessions, modify the application, redirect to malicious websites and more. Here we will cover the concepts and how to prevent it from happening in our applications
Detection Engineering 18/August/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 2 of 5 Clustering-Based Unsupervised Intrusion Detection Systems
Detection Engineering 23/June/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 1 of 5 Signature vs. Anomaly-Based Intrusion Detection Systems
Cloud & Platform Security 08/June/2022 Unwanted Permissions that may impact security when using the ReadOnlyAccess policy in AWS With this initial analysis, Tempest researchers identified at least 41 actions that can lead to improper data access
Vulnerability Disclosure 25/May/2022 CVE-2021-46426: phpIPAM 1.4.4 allows reflected XSS and CSRF via subnets functionality Its version 1.4.4 is vulnerable to Reflected Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks
Vulnerability Disclosure 25/May/2022 CVE-2021-30140: XSS Vulnerability Detection in Liquid Files LiquidFiles 3.4.15 has stored XSS via "send email" functionality when emailing a file to an administrator.
THREAT INTELLIGENCE 02/May/2022 Mekotio banking trojan identified in a new campaign against Brazilian account holders The Trojan, which supposedly originated in Brazil, has divided its infection process into multiple stages in order to make the work of malware analysts more difficult
Web Application Security 31/March/2021 Common problems in bad implementations of business rules and absence of data validation – Part 1 This is the first in a series of publications about security flaws in two-factor authentication implementations.
Web Application Security 31/December/2020 Server Side Request Forgery — Attack and Defense Also known as SSRF, is a vulnerability that allows an attacker to make requests through a vulnerable server
Mobile 23/July/2020 Analyzing some defense mechanisms in mobile browsers For many internet users, browsers have become a fundamental part of our daily lives
Community 18/January/2023 Fraud in E-commerces – Brazilian Perspective The success of e-commerces in Brazil is unquestionable and, of course, carries the same burden of fraud growth. In 2021, for example, there was a loss of more than BRL 7 billion related to fraud attempts, an increase of 100% compared to the previous year
Detection Engineering 09/November/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 5 of 5 Intrusion Detection using Generative Adversarial Networks
Detection Engineering 26/October/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 4 of 5 Intrusion Detection using Autoencoders
Detection Engineering 13/October/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 3 of 5 One-Class Novelty Detection Intrusion Detection Systems
Web Application Security 01/September/2022 Cross-site Scripting (XSS), variants and correction Constantly mentioned in the OWASP Top Ten, the XSS makes it possible to hijack sessions, modify the application, redirect to malicious websites and more. Here we will cover the concepts and how to prevent it from happening in our applications
Detection Engineering 18/August/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 2 of 5 Clustering-Based Unsupervised Intrusion Detection Systems
Detection Engineering 23/June/2022 Empowering Intrusion Detection Systems with Machine Learning – Part 1 of 5 Signature vs. Anomaly-Based Intrusion Detection Systems
Cloud & Platform Security 08/June/2022 Unwanted Permissions that may impact security when using the ReadOnlyAccess policy in AWS With this initial analysis, Tempest researchers identified at least 41 actions that can lead to improper data access
Vulnerability Disclosure 25/May/2022 CVE-2021-46426: phpIPAM 1.4.4 allows reflected XSS and CSRF via subnets functionality Its version 1.4.4 is vulnerable to Reflected Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks
Vulnerability Disclosure 25/May/2022 CVE-2021-30140: XSS Vulnerability Detection in Liquid Files LiquidFiles 3.4.15 has stored XSS via "send email" functionality when emailing a file to an administrator.
THREAT INTELLIGENCE 02/May/2022 Mekotio banking trojan identified in a new campaign against Brazilian account holders The Trojan, which supposedly originated in Brazil, has divided its infection process into multiple stages in order to make the work of malware analysts more difficult
Web Application Security 31/March/2021 Common problems in bad implementations of business rules and absence of data validation – Part 1 This is the first in a series of publications about security flaws in two-factor authentication implementations.
Web Application Security 31/December/2020 Server Side Request Forgery — Attack and Defense Also known as SSRF, is a vulnerability that allows an attacker to make requests through a vulnerable server
Mobile 23/July/2020 Analyzing some defense mechanisms in mobile browsers For many internet users, browsers have become a fundamental part of our daily lives
