Intelligence, Malware, Reverse Engineering, Tempest Research, THREAT INTELLIGENCE 21/May/2025 Coyote: a stealthy banking trojan targeting dozens of Brazilian financial institutions The new variants analyzed by Tempest feature a new method of dissemination via WhatsApp Web, in a rather unusual approach among banking Trojans targeting Latin America.
Vulnerability Disclosure 15/July/2024 Cross-Site Scripting (XSS) vulnerabilities and direct unauthenticated access found in the LumisXP Framework This publication focuses on the discovery of flaws that allow the execution of arbitrary scripts (HTML/JavaScript) and unauthorized access in applications using LumisXP, without the need for authentication
THREAT INTELLIGENCE 10/April/2024 Understanding Ransomware-as-a-Service operations from an affiliate’s perspective Affiliates are individuals or subgroups responsible for conducting intrusions into corporate networks, using as part of their arsenal resources provided by one or more ransomware operations to which they may be linked
Vulnerability Disclosure 28/February/2024 CVEs: Access control vulnerabilities found within Multilaser routers’ web management interface This publication deals with the discovery of security flaws that may enable unauthorized access and control of Multilaser router configurations
Cyber-Physical Systems 28/December/2023 What is cryptojacking? Understand the main points of the cryptojacking phenomenon, its origins, how it works and the consequences for individuals and organizations
Vulnerability Disclosure 18/May/2023 CVE-2023-27233: SQL Command Execution Vulnerability in Piwigo 13.5.0 Survey reveals weakness in the open source software, allowing the execution of arbitrary SQL commands
Vulnerability Disclosure 17/May/2023 CVE-2023-26876: SQL injection vulnerability found in Piwigo image management software Security flaw may allow unauthorized access and retrieval of sensitive server data
THREAT INTELLIGENCE 15/February/2023 Use of Google Ads and SEO Poisoning for malware dissemination Tempest's Threat Intelligence team has identified in the last 3 months a significant increase in the adoption of Google Ads and SEO Poisoning techniques for the dissemination of several threats, most notably IcedID, Gootkit Loader and the Rhadamanthys, Vidar, Raccoon and RedLine stealers
HARDENING 05/January/2023 Methodology for Security Analysis in Operating Systems from the Compliance Management Perspective These vulnerable environment scenarios are part of the reality experienced by security teams, who work on the daily assessment of systems in order to protect assets from vulnerabilities that affect critical devices or systems in companies
Vulnerability Disclosure 30/September/2022 CVE-2022-2863: WordPress plugin WPvivid Backup in version 0.9.76 and lower, allows reading of arbitrary files from server Developers of the plugin have patched and released an update correcting the glitch in a later version
THREAT INTELLIGENCE 11/July/2022 Stealers, access sales and ransomware: supply chain and business models in cybercrime Although incidents arising from such activities happen mostly in the computational universe, their impacts are not restricted to the digital world, and can affect people, institutions, cities, or even countries
Cybersec Customer Success 26/April/2022 Information Security: Policies for Clean Desks and Screens Information security (IS) is directly related to protecting a set of information, in the sense of preserving the value it holds for an individual or an organization
Software Engineering 17/December/2021 A Web Accessibility: how to modify our projects today In this blogpost, we'll address directions and techniques that can be incorporated into our web projects
Vulnerability Management 17/November/2021 How intelligence data can help manage vulnerabilities With the large number of vulnerabilities detected, the question is: how to prioritize what to fix first?
Detection Engineering 03/November/2021 Providing Visibility, Monitoring, and Anomaly Detection with FleetDM and Osquery Nowadays, there is a concern about security and its monitoring
Cloud & Platform Security 28/October/2021 Enumerating Services in AWS Accounts in an Anonymous and Unauthenticated Manner In recent research, we adjusted a enumeration technique used for years to map services on a AWS account to just its account id and with unauthenticated form
News 02/July/2021 SideChannel: content generation as a driving force in the development of cybersecurity With the constant growth of cyber-attacks, sharing knowledge in the area of cybersecurity becomes essential
Cloud & Platform Security 12/March/2021 Good security practices using Docker Security must be considered at all levels of a project, from code development to the infrastructure where it will run.
Intelligence 11/February/2021 New Astaroth techniques focus on anti-detection measures Trojan started to exploit websites vulnerable to Cross-Site Scripting attacks and to use the finger command for remote execution of malicious code.
Software Security 27/January/2021 Is it possible to design a good user experience without giving up security? When we build a safe product for the user, we are also assigning security and less damage to the business.
Web Application Security 06/November/2020 Let’s go with Cross Site Request Forgery? According to a survey carried out by OWASP in 2013, CSRF was on the list of the 10 most common vulnerabilities founded in Web applications.
Application Security 30/September/2020 Brute Force Attacks: Protection and Mitigation Measures Any system that interacts with the internet must be prepared to defend itself from a large arsenal of techniques and attacks
Community 13/July/2020 Cybersecurity in Healthcare in the midst of crisis COVID-19 Series: Key Topics to Combat Cyberattacks Taking Place in Hospitals During the Pandemic
Cryptography 08/July/2020 Cryptography: Applications to ensure your privacy It guarantees that the confidentiality of the data can be assured, either in its storage or in its communication process
Intelligence 18/June/2020 Tactics, techniques, and pointers on recent major Double Extortion threats An overview of the actions of the groups operating the Maze, Snake, RagnarLocker, Clop, REvil (Sodinokibi), Netwalker (Mailto), DoppelPaymer, and Nefilim ransomwares
Intelligence 08/May/2020 Double Extortion: Data leak combined with ransomware have increased in recent weeks Criminals use various techniques to extract sensitive data and sabotage the environment, requiring payment to prevent leaks
Community 09/April/2020 Bringing Zoom Safety into Perspective COVID-19 series: an analysis of the latest incidents involving the security of the product
Corporate Security 25/March/2020 The strategies behind the new coronavirus-themed attacks COVID-19 series: old scams in new packaging
Corporate Security 19/March/2020 The bare minimum of cybersecurity you need to consider when building an infrastructure in a hurry COVID-19 Series: What topics to prioritize and a few free resources and information providers
Corporate Security 16/March/2020 Cybersecurity in the home office in times of coronavirus: a question of coresponsibility COVID-19 series: tips for protecting company data in your home environment
Vulnerability Disclosure 11/March/2020 Vulnerability in Avast Secure Browser enables escalation of privileges on Windows Exploitation abuses the hardlinks feature, which represents the file content on the NTFS system
Web Application Security 10/February/2020 Once upon a time an account enumeration Identifying valid users in a variety of conditions and ways to protect your systems from this threat
Software Security 24/January/2020 For less Gandalfs and more John Wicks (or, for less magic frameworks and more software engineering) Go is a relatively new language, similar to C but with memory safe, garbage collection, structural typing…
Web Application Security 07/January/2020 The Cypher Injection Saga From descriptive error to BURP extension
Cryptography 12/December/2019 Evil Maid: Attack on computers with encrypted disks The attack allows to obtain data stored on a disk or even to gain remote access to the victim’s computer
Intelligence 23/November/2019 New HydraPOS malware dashboard has been identified with data from over 100,000 credit cards Variant of the threat, described by Tempest in 2017, remains in full operation and has dozens of targets in Brazil
Cloud 15/October/2019 Cloud Migration: what to consider from a cybersecurity perspective Keeping cloud data secure requires as much or more care and control than data stored on premises
Vulnerability Disclosure 16/July/2019 Tempest identifies weakness in Microsoft security service By exploiting the vulnerability, an attacker can deliver malicious files via email
Intelligence 24/May/2019 Tempest discovers fraud campaign that amassed 2 million payment card data Malware was installed in 2,600 points of sale of commercial businesses throughout Brazil
Intelligence 27/March/2019 GUP: banking malware campaign affects account holders of nine Brazilian institutions Threat is based on overlaying the Internet Banking screen to perform fraudulent transactions while the user accesses the bank’s website
News 07/November/2018 Malware campaign in Brazil uses legitimate Windows components Campaign uses WMI and CertUtil functions to attack its victims
Intelligence 21/August/2018 Domain Redirection Attack on Brazilian Banks Affects Intelbras Routers The exposure of these access credentials is due to a vulnerability published in 2015
Intelligence 20/August/2018 Hakai botnet shows signs of intense activity in Latin America This botnet has been detected by our sensors 134 times just this month
Vulnerability Disclosure 05/March/2018 Rapid SCADA: Industrial system has elementary flaw in access control The flaw allows the system to become a bridge to access critical infrastructures
Uncategorized 20/February/2018 Cyber security: how old and new problems place companies in a “state of attention” Noticing that security is inserted among such important issues for society does not come as a surprise
News 08/February/2018 EZ-Security joins Tempest creating Brazil’s largest cyber security specialized company We can now offer our customers and partners the largest and most comprehensive portfolio of products and services
Intelligence 01/February/2018 One third of the Internet was under DoS attack, according to study Six university researchers shed some light on this type of attack
Corporate Security 03/November/2017 Risks involving supply chain attacks We will look at some threats that abuse the supply chain and also address some of the consequences faced by organizations that have been victims of this type of attack
News 30/June/2017 Study assesses risks and implications of cyber attacks on nuclear defense systems Document examines the possibilities of cyberattack to the Trident— britain nuclear deterrent program
Uncategorized 23/June/2017 Data leakage is the theme of El Pescador’s new simulated phishing campaign Cyber threats are constantly being renewed as cybercriminals develop increasingly sophisticated techniques to achieve their goals
Uncategorized 26/May/2017 A time bomb: the challenge to fight fraud in the digital advertising industry The HummingBad is one among the various activities that continually harm the digital advertising industry
Uncategorized 26/May/2017 Ransomware recent developments and threats New threats, spike in infections and attacks against the healthcare industry
Uncategorized 26/May/2017 Malvertising — recent developments on tactics and techniques Performing Malvertising attacks has already become an established technique in the modus operandi of several cyber crime rings
Uncategorized 26/May/2017 Exploit Kits: The current revival of an old tool that became trend The first campaign that used an EK was spotted a decade ago and it used code that exploited a ‘0-day’ vulnerability in Internet Explorer
Uncategorized 09/May/2017 GE patches up vulnerability that allows remote power grids shutdown Cyberattacks aimed at infrastructure were considered to be costly, requiring a great amount of resources and knowledge to execute
Uncategorized 05/April/2017 USB-based malware raises suspicions of hostile attacks in air-gapped environments The malware has self-protection features based on volume encryption using the AES128 algorithm, which also creates a single image that should prevent cloning the USB device
Uncategorized 26/March/2017 Cyber war games exercises explained Tempest Security Intelligence has created a unique methodology for running large-scale cyber war games exercises, which we call CYBERDRILL TM
Intelligence, Malware, Reverse Engineering, Tempest Research, THREAT INTELLIGENCE 21/May/2025 Coyote: a stealthy banking trojan targeting dozens of Brazilian financial institutions The new variants analyzed by Tempest feature a new method of dissemination via WhatsApp Web, in a rather unusual approach among banking Trojans targeting Latin America.
Vulnerability Disclosure 15/July/2024 Cross-Site Scripting (XSS) vulnerabilities and direct unauthenticated access found in the LumisXP Framework This publication focuses on the discovery of flaws that allow the execution of arbitrary scripts (HTML/JavaScript) and unauthorized access in applications using LumisXP, without the need for authentication
THREAT INTELLIGENCE 10/April/2024 Understanding Ransomware-as-a-Service operations from an affiliate’s perspective Affiliates are individuals or subgroups responsible for conducting intrusions into corporate networks, using as part of their arsenal resources provided by one or more ransomware operations to which they may be linked
Vulnerability Disclosure 28/February/2024 CVEs: Access control vulnerabilities found within Multilaser routers’ web management interface This publication deals with the discovery of security flaws that may enable unauthorized access and control of Multilaser router configurations
Cyber-Physical Systems 28/December/2023 What is cryptojacking? Understand the main points of the cryptojacking phenomenon, its origins, how it works and the consequences for individuals and organizations
Vulnerability Disclosure 18/May/2023 CVE-2023-27233: SQL Command Execution Vulnerability in Piwigo 13.5.0 Survey reveals weakness in the open source software, allowing the execution of arbitrary SQL commands
Vulnerability Disclosure 17/May/2023 CVE-2023-26876: SQL injection vulnerability found in Piwigo image management software Security flaw may allow unauthorized access and retrieval of sensitive server data
THREAT INTELLIGENCE 15/February/2023 Use of Google Ads and SEO Poisoning for malware dissemination Tempest's Threat Intelligence team has identified in the last 3 months a significant increase in the adoption of Google Ads and SEO Poisoning techniques for the dissemination of several threats, most notably IcedID, Gootkit Loader and the Rhadamanthys, Vidar, Raccoon and RedLine stealers
HARDENING 05/January/2023 Methodology for Security Analysis in Operating Systems from the Compliance Management Perspective These vulnerable environment scenarios are part of the reality experienced by security teams, who work on the daily assessment of systems in order to protect assets from vulnerabilities that affect critical devices or systems in companies
Vulnerability Disclosure 30/September/2022 CVE-2022-2863: WordPress plugin WPvivid Backup in version 0.9.76 and lower, allows reading of arbitrary files from server Developers of the plugin have patched and released an update correcting the glitch in a later version
THREAT INTELLIGENCE 11/July/2022 Stealers, access sales and ransomware: supply chain and business models in cybercrime Although incidents arising from such activities happen mostly in the computational universe, their impacts are not restricted to the digital world, and can affect people, institutions, cities, or even countries
Cybersec Customer Success 26/April/2022 Information Security: Policies for Clean Desks and Screens Information security (IS) is directly related to protecting a set of information, in the sense of preserving the value it holds for an individual or an organization
Software Engineering 17/December/2021 A Web Accessibility: how to modify our projects today In this blogpost, we'll address directions and techniques that can be incorporated into our web projects
Vulnerability Management 17/November/2021 How intelligence data can help manage vulnerabilities With the large number of vulnerabilities detected, the question is: how to prioritize what to fix first?
Detection Engineering 03/November/2021 Providing Visibility, Monitoring, and Anomaly Detection with FleetDM and Osquery Nowadays, there is a concern about security and its monitoring
Cloud & Platform Security 28/October/2021 Enumerating Services in AWS Accounts in an Anonymous and Unauthenticated Manner In recent research, we adjusted a enumeration technique used for years to map services on a AWS account to just its account id and with unauthenticated form
News 02/July/2021 SideChannel: content generation as a driving force in the development of cybersecurity With the constant growth of cyber-attacks, sharing knowledge in the area of cybersecurity becomes essential
Cloud & Platform Security 12/March/2021 Good security practices using Docker Security must be considered at all levels of a project, from code development to the infrastructure where it will run.
Intelligence 11/February/2021 New Astaroth techniques focus on anti-detection measures Trojan started to exploit websites vulnerable to Cross-Site Scripting attacks and to use the finger command for remote execution of malicious code.
Software Security 27/January/2021 Is it possible to design a good user experience without giving up security? When we build a safe product for the user, we are also assigning security and less damage to the business.
Web Application Security 06/November/2020 Let’s go with Cross Site Request Forgery? According to a survey carried out by OWASP in 2013, CSRF was on the list of the 10 most common vulnerabilities founded in Web applications.
Application Security 30/September/2020 Brute Force Attacks: Protection and Mitigation Measures Any system that interacts with the internet must be prepared to defend itself from a large arsenal of techniques and attacks
Community 13/July/2020 Cybersecurity in Healthcare in the midst of crisis COVID-19 Series: Key Topics to Combat Cyberattacks Taking Place in Hospitals During the Pandemic
Cryptography 08/July/2020 Cryptography: Applications to ensure your privacy It guarantees that the confidentiality of the data can be assured, either in its storage or in its communication process
Intelligence 18/June/2020 Tactics, techniques, and pointers on recent major Double Extortion threats An overview of the actions of the groups operating the Maze, Snake, RagnarLocker, Clop, REvil (Sodinokibi), Netwalker (Mailto), DoppelPaymer, and Nefilim ransomwares
Intelligence 08/May/2020 Double Extortion: Data leak combined with ransomware have increased in recent weeks Criminals use various techniques to extract sensitive data and sabotage the environment, requiring payment to prevent leaks
Community 09/April/2020 Bringing Zoom Safety into Perspective COVID-19 series: an analysis of the latest incidents involving the security of the product
Corporate Security 25/March/2020 The strategies behind the new coronavirus-themed attacks COVID-19 series: old scams in new packaging
Corporate Security 19/March/2020 The bare minimum of cybersecurity you need to consider when building an infrastructure in a hurry COVID-19 Series: What topics to prioritize and a few free resources and information providers
Corporate Security 16/March/2020 Cybersecurity in the home office in times of coronavirus: a question of coresponsibility COVID-19 series: tips for protecting company data in your home environment
Vulnerability Disclosure 11/March/2020 Vulnerability in Avast Secure Browser enables escalation of privileges on Windows Exploitation abuses the hardlinks feature, which represents the file content on the NTFS system
Web Application Security 10/February/2020 Once upon a time an account enumeration Identifying valid users in a variety of conditions and ways to protect your systems from this threat
Software Security 24/January/2020 For less Gandalfs and more John Wicks (or, for less magic frameworks and more software engineering) Go is a relatively new language, similar to C but with memory safe, garbage collection, structural typing…
Web Application Security 07/January/2020 The Cypher Injection Saga From descriptive error to BURP extension
Cryptography 12/December/2019 Evil Maid: Attack on computers with encrypted disks The attack allows to obtain data stored on a disk or even to gain remote access to the victim’s computer
Intelligence 23/November/2019 New HydraPOS malware dashboard has been identified with data from over 100,000 credit cards Variant of the threat, described by Tempest in 2017, remains in full operation and has dozens of targets in Brazil
Cloud 15/October/2019 Cloud Migration: what to consider from a cybersecurity perspective Keeping cloud data secure requires as much or more care and control than data stored on premises
Vulnerability Disclosure 16/July/2019 Tempest identifies weakness in Microsoft security service By exploiting the vulnerability, an attacker can deliver malicious files via email
Intelligence 24/May/2019 Tempest discovers fraud campaign that amassed 2 million payment card data Malware was installed in 2,600 points of sale of commercial businesses throughout Brazil
Intelligence 27/March/2019 GUP: banking malware campaign affects account holders of nine Brazilian institutions Threat is based on overlaying the Internet Banking screen to perform fraudulent transactions while the user accesses the bank’s website
News 07/November/2018 Malware campaign in Brazil uses legitimate Windows components Campaign uses WMI and CertUtil functions to attack its victims
Intelligence 21/August/2018 Domain Redirection Attack on Brazilian Banks Affects Intelbras Routers The exposure of these access credentials is due to a vulnerability published in 2015
Intelligence 20/August/2018 Hakai botnet shows signs of intense activity in Latin America This botnet has been detected by our sensors 134 times just this month
Vulnerability Disclosure 05/March/2018 Rapid SCADA: Industrial system has elementary flaw in access control The flaw allows the system to become a bridge to access critical infrastructures
Uncategorized 20/February/2018 Cyber security: how old and new problems place companies in a “state of attention” Noticing that security is inserted among such important issues for society does not come as a surprise
News 08/February/2018 EZ-Security joins Tempest creating Brazil’s largest cyber security specialized company We can now offer our customers and partners the largest and most comprehensive portfolio of products and services
Intelligence 01/February/2018 One third of the Internet was under DoS attack, according to study Six university researchers shed some light on this type of attack
Corporate Security 03/November/2017 Risks involving supply chain attacks We will look at some threats that abuse the supply chain and also address some of the consequences faced by organizations that have been victims of this type of attack
News 30/June/2017 Study assesses risks and implications of cyber attacks on nuclear defense systems Document examines the possibilities of cyberattack to the Trident— britain nuclear deterrent program
Uncategorized 23/June/2017 Data leakage is the theme of El Pescador’s new simulated phishing campaign Cyber threats are constantly being renewed as cybercriminals develop increasingly sophisticated techniques to achieve their goals
Uncategorized 26/May/2017 A time bomb: the challenge to fight fraud in the digital advertising industry The HummingBad is one among the various activities that continually harm the digital advertising industry
Uncategorized 26/May/2017 Ransomware recent developments and threats New threats, spike in infections and attacks against the healthcare industry
Uncategorized 26/May/2017 Malvertising — recent developments on tactics and techniques Performing Malvertising attacks has already become an established technique in the modus operandi of several cyber crime rings
Uncategorized 26/May/2017 Exploit Kits: The current revival of an old tool that became trend The first campaign that used an EK was spotted a decade ago and it used code that exploited a ‘0-day’ vulnerability in Internet Explorer
Uncategorized 09/May/2017 GE patches up vulnerability that allows remote power grids shutdown Cyberattacks aimed at infrastructure were considered to be costly, requiring a great amount of resources and knowledge to execute
Uncategorized 05/April/2017 USB-based malware raises suspicions of hostile attacks in air-gapped environments The malware has self-protection features based on volume encryption using the AES128 algorithm, which also creates a single image that should prevent cloning the USB device
Uncategorized 26/March/2017 Cyber war games exercises explained Tempest Security Intelligence has created a unique methodology for running large-scale cyber war games exercises, which we call CYBERDRILL TM
