Tag: cybersecurity

Cybersec Customer Success

20/June/2025

PRINCE2 – Tempest’s best practices on project management in a controlled environment

A cybersecurity company isn't just about...cybersecurity. Just like any other business model, at Tempest there are professionals from different areas of expertise who work together to achieve results focused on delivering value to the client, while of course respecting good information security practices. This article, which will be divided into two parts, will present how good project management practices help to maximize positive results by identifying and correcting possible gaps in internal processes while delivering value to the client. In this first publication, we'll cover general concepts about projects, controlled environments, project management methodologies and we'll also give a short introduction to our experience at Tempest after adopting PRINCE2 as the basic methodology for our project management office. In the second part, to be published shortly, the results presented here in summary form will be further detailed, along with other metrics achieved during this standardization journey.

Intelligence, Malware, Reverse Engineering, Tempest Research, THREAT INTELLIGENCE

21/May/2025

Coyote: a stealthy banking trojan targeting dozens of Brazilian financial institutions

The new variants analyzed by Tempest feature a new method of dissemination via WhatsApp Web, in a rather unusual approach among banking Trojans targeting Latin America.

Vulnerability Disclosure

15/July/2024

Cross-Site Scripting (XSS) vulnerabilities and direct unauthenticated access found in the LumisXP Framework

This publication focuses on the discovery of flaws that allow the execution of arbitrary scripts (HTML/JavaScript) and unauthorized access in applications using LumisXP, without the need for authentication

THREAT INTELLIGENCE

10/April/2024

Understanding Ransomware-as-a-Service operations from an affiliate’s perspective

Affiliates are individuals or subgroups responsible for conducting intrusions into corporate networks, using as part of their arsenal resources provided by one or more ransomware operations to which they may be linked

Vulnerability Disclosure

28/February/2024

CVEs: Access control vulnerabilities found within Multilaser routers’ web management interface

This publication deals with the discovery of security flaws that may enable unauthorized access and control of Multilaser router configurations

Cyber-Physical Systems

28/December/2023

What is cryptojacking?

Understand the main points of the cryptojacking phenomenon, its origins, how it works and the consequences for individuals and organizations

Vulnerability Disclosure

18/May/2023

CVE-2023-27233: SQL Command Execution Vulnerability in Piwigo 13.5.0

Survey reveals weakness in the open source software, allowing the execution of arbitrary SQL commands

Vulnerability Disclosure

17/May/2023

CVE-2023-26876: SQL injection vulnerability found in Piwigo image management software

Security flaw may allow unauthorized access and retrieval of sensitive server data

THREAT INTELLIGENCE

15/February/2023

Use of Google Ads and SEO Poisoning for malware dissemination

Tempest's Threat Intelligence team has identified in the last 3 months a significant increase in the adoption of Google Ads and SEO Poisoning techniques for the dissemination of several threats, most notably IcedID, Gootkit Loader and the Rhadamanthys, Vidar, Raccoon and RedLine stealers

05/January/2023

Methodology for Security Analysis in Operating Systems from the Compliance Management Perspective

These vulnerable environment scenarios are part of the reality experienced by security teams, who work on the daily assessment of systems in order to protect assets from vulnerabilities that affect critical devices or systems in companies

Vulnerability Disclosure

30/September/2022

CVE-2022-2863: WordPress plugin WPvivid Backup in version 0.9.76 and lower, allows reading of arbitrary files from server

Developers of the plugin have patched and released an update correcting the glitch in a later version

THREAT INTELLIGENCE

11/July/2022

Stealers, access sales and ransomware: supply chain and business models in cybercrime

Although incidents arising from such activities happen mostly in the computational universe, their impacts are not restricted to the digital world, and can affect people, institutions, cities, or even countries

Cybersec Customer Success

26/April/2022

Information Security: Policies for Clean Desks and Screens

Information security (IS) is directly related to protecting a set of information, in the sense of preserving the value it holds for an individual or an organization

Software Engineering

17/December/2021

A Web Accessibility: how to modify our projects today

In this blogpost, we'll address directions and techniques that can be incorporated into our web projects

Vulnerability Management

17/November/2021

How intelligence data can help manage vulnerabilities

With the large number of vulnerabilities detected, the question is: how to prioritize what to fix first?

Detection Engineering

03/November/2021

Providing Visibility, Monitoring, and Anomaly Detection with FleetDM and Osquery

Nowadays, there is a concern about security and its monitoring

Cloud & Platform Security

28/October/2021

Enumerating Services in AWS Accounts in an Anonymous and Unauthenticated Manner

In recent research, we adjusted a enumeration technique used for years to map services on a AWS account to just its account id and with unauthenticated form

02/July/2021

SideChannel: content generation as a driving force in the development of cybersecurity

With the constant growth of cyber-attacks, sharing knowledge in the area of cybersecurity becomes essential

Cloud & Platform Security

12/March/2021

Good security practices using Docker

Security must be considered at all levels of a project, from code development to the infrastructure where it will run.

11/February/2021

New Astaroth techniques focus on anti-detection measures

Trojan started to exploit websites vulnerable to Cross-Site Scripting attacks and to use the finger command for remote execution of malicious code.

Software Security

27/January/2021

Is it possible to design a good user experience without giving up security?

When we build a safe product for the user, we are also assigning security and less damage to the business.

Web Application Security

06/November/2020

Let’s go with Cross Site Request Forgery?

According to a survey carried out by OWASP in 2013, CSRF was on the list of the 10 most common vulnerabilities founded in Web applications.

Application Security

30/September/2020

Brute Force Attacks: Protection and Mitigation Measures

Any system that interacts with the internet must be prepared to defend itself from a large arsenal of techniques and attacks

13/July/2020

Cybersecurity in Healthcare in the midst of crisis

COVID-19 Series: Key Topics to Combat Cyberattacks Taking Place in Hospitals During the Pandemic

08/July/2020

Cryptography: Applications to ensure your privacy

It guarantees that the confidentiality of the data can be assured, either in its storage or in its communication process

18/June/2020

Tactics, techniques, and pointers on recent major Double Extortion threats

An overview of the actions of the groups operating the Maze, Snake, RagnarLocker, Clop, REvil (Sodinokibi), Netwalker (Mailto), DoppelPaymer, and Nefilim ransomwares

08/May/2020

Double Extortion: Data leak combined with ransomware have increased in recent weeks

Criminals use various techniques to extract sensitive data and sabotage the environment, requiring payment to prevent leaks

09/April/2020

Bringing Zoom Safety into Perspective

COVID-19 series: an analysis of the latest incidents involving the security of the product

Corporate Security

25/March/2020

The strategies behind the new coronavirus-themed attacks

COVID-19 series: old scams in new packaging

Corporate Security

19/March/2020

The bare minimum of cybersecurity you need to consider when building an infrastructure in a hurry

COVID-19 Series: What topics to prioritize and a few free resources and information providers

Corporate Security

16/March/2020

Cybersecurity in the home office in times of coronavirus: a question of coresponsibility

COVID-19 series: tips for protecting company data in your home environment

Vulnerability Disclosure

11/March/2020

Vulnerability in Avast Secure Browser enables escalation of privileges on Windows

Exploitation abuses the hardlinks feature, which represents the file content on the NTFS system

Web Application Security

10/February/2020

Once upon a time an account enumeration

Identifying valid users in a variety of conditions and ways to protect your systems from this threat

Software Security

24/January/2020

For less Gandalfs and more John Wicks (or, for less magic frameworks and more software engineering)

Go is a relatively new language, similar to C but with memory safe, garbage collection, structural typing…

Web Application Security

07/January/2020

The Cypher Injection Saga

From descriptive error to BURP extension

12/December/2019

Evil Maid: Attack on computers with encrypted disks

The attack allows to obtain data stored on a disk or even to gain remote access to the victim’s computer

23/November/2019

New HydraPOS malware dashboard has been identified with data from over 100,000 credit cards

Variant of the threat, described by Tempest in 2017, remains in full operation and has dozens of targets in Brazil

15/October/2019

Cloud Migration: what to consider from a cybersecurity perspective

Keeping cloud data secure requires as much or more care and control than data stored on premises

Vulnerability Disclosure

16/July/2019

Tempest identifies weakness in Microsoft security service

By exploiting the vulnerability, an attacker can deliver malicious files via email

24/May/2019

Tempest discovers fraud campaign that amassed 2 million payment card data

Malware was installed in 2,600 points of sale of commercial businesses throughout Brazil

27/March/2019

GUP: banking malware campaign affects account holders of nine Brazilian institutions

Threat is based on overlaying the Internet Banking screen to perform fraudulent transactions while the user accesses the bank’s website

07/November/2018

Malware campaign in Brazil uses legitimate Windows components

Campaign uses WMI and CertUtil functions to attack its victims

21/August/2018

Domain Redirection Attack on Brazilian Banks Affects Intelbras Routers

The exposure of these access credentials is due to a vulnerability published in 2015

20/August/2018

Hakai botnet shows signs of intense activity in Latin America

This botnet has been detected by our sensors 134 times just this month

Vulnerability Disclosure

05/March/2018

Rapid SCADA: Industrial system has elementary flaw in access control

The flaw allows the system to become a bridge to access critical infrastructures

20/February/2018

Cyber security: how old and new problems place companies in a “state of attention”

Noticing that security is inserted among such important issues for society does not come as a surprise

08/February/2018

EZ-Security joins Tempest creating Brazil’s largest cyber security specialized company

We can now offer our customers and partners the largest and most comprehensive portfolio of products and services

01/February/2018

One third of the Internet was under DoS attack, according to study

Six university researchers shed some light on this type of attack

Corporate Security

03/November/2017

Risks involving supply chain attacks

We will look at some threats that abuse the supply chain and also address some of the consequences faced by organizations that have been victims of this type of attack

30/June/2017

Study assesses risks and implications of cyber attacks on nuclear defense systems

Document examines the possibilities of cyberattack to the Trident— britain nuclear deterrent program

23/June/2017

Data leakage is the theme of El Pescador’s new simulated phishing campaign

Cyber threats are constantly being renewed as cybercriminals develop increasingly sophisticated techniques to achieve their goals

26/May/2017

A time bomb: the challenge to fight fraud in the digital advertising industry

The HummingBad is one among the various activities that continually harm the digital advertising industry

26/May/2017

Ransomware recent developments and threats

New threats, spike in infections and attacks against the healthcare industry

26/May/2017

Malvertising — recent developments on tactics and techniques

Performing Malvertising attacks has already become an established technique in the modus operandi of several cyber crime rings

26/May/2017

Exploit Kits: The current revival of an old tool that became trend

The first campaign that used an EK was spotted a decade ago and it used code that exploited a ‘0-day’ vulnerability in Internet Explorer

09/May/2017

GE patches up vulnerability that allows remote power grids shutdown

Cyberattacks aimed at infrastructure were considered to be costly, requiring a great amount of resources and knowledge to execute

05/April/2017

USB-based malware raises suspicions of hostile attacks in air-gapped environments

The malware has self-protection features based on volume encryption using the AES128 algorithm, which also creates a single image that should prevent cloning the USB device

26/March/2017

Cyber war games exercises explained

Tempest Security Intelligence has created a unique methodology for running large-scale cyber war games exercises, which we call CYBERDRILL TM

Cybersec Customer Success

20/June/2025

PRINCE2 – Tempest’s best practices on project management in a controlled environment

A cybersecurity company isn't just about...cybersecurity. Just like any other business model, at Tempest there are professionals from different areas of expertise who work together to achieve results focused on delivering value to the client, while of course respecting good information security practices. This article, which will be divided into two parts, will present how good project management practices help to maximize positive results by identifying and correcting possible gaps in internal processes while delivering value to the client. In this first publication, we'll cover general concepts about projects, controlled environments, project management methodologies and we'll also give a short introduction to our experience at Tempest after adopting PRINCE2 as the basic methodology for our project management office. In the second part, to be published shortly, the results presented here in summary form will be further detailed, along with other metrics achieved during this standardization journey.

Intelligence, Malware, Reverse Engineering, Tempest Research, THREAT INTELLIGENCE

21/May/2025

Coyote: a stealthy banking trojan targeting dozens of Brazilian financial institutions

The new variants analyzed by Tempest feature a new method of dissemination via WhatsApp Web, in a rather unusual approach among banking Trojans targeting Latin America.

Vulnerability Disclosure

15/July/2024

Cross-Site Scripting (XSS) vulnerabilities and direct unauthenticated access found in the LumisXP Framework

This publication focuses on the discovery of flaws that allow the execution of arbitrary scripts (HTML/JavaScript) and unauthorized access in applications using LumisXP, without the need for authentication

THREAT INTELLIGENCE

10/April/2024

Understanding Ransomware-as-a-Service operations from an affiliate’s perspective

Affiliates are individuals or subgroups responsible for conducting intrusions into corporate networks, using as part of their arsenal resources provided by one or more ransomware operations to which they may be linked

Vulnerability Disclosure

28/February/2024

CVEs: Access control vulnerabilities found within Multilaser routers’ web management interface

This publication deals with the discovery of security flaws that may enable unauthorized access and control of Multilaser router configurations

Cyber-Physical Systems

28/December/2023

What is cryptojacking?

Understand the main points of the cryptojacking phenomenon, its origins, how it works and the consequences for individuals and organizations

Vulnerability Disclosure

18/May/2023

CVE-2023-27233: SQL Command Execution Vulnerability in Piwigo 13.5.0

Survey reveals weakness in the open source software, allowing the execution of arbitrary SQL commands

Vulnerability Disclosure

17/May/2023

CVE-2023-26876: SQL injection vulnerability found in Piwigo image management software

Security flaw may allow unauthorized access and retrieval of sensitive server data

THREAT INTELLIGENCE

15/February/2023

Use of Google Ads and SEO Poisoning for malware dissemination

Tempest's Threat Intelligence team has identified in the last 3 months a significant increase in the adoption of Google Ads and SEO Poisoning techniques for the dissemination of several threats, most notably IcedID, Gootkit Loader and the Rhadamanthys, Vidar, Raccoon and RedLine stealers

05/January/2023

Methodology for Security Analysis in Operating Systems from the Compliance Management Perspective

These vulnerable environment scenarios are part of the reality experienced by security teams, who work on the daily assessment of systems in order to protect assets from vulnerabilities that affect critical devices or systems in companies

Vulnerability Disclosure

30/September/2022

CVE-2022-2863: WordPress plugin WPvivid Backup in version 0.9.76 and lower, allows reading of arbitrary files from server

Developers of the plugin have patched and released an update correcting the glitch in a later version

THREAT INTELLIGENCE

11/July/2022

Stealers, access sales and ransomware: supply chain and business models in cybercrime

Although incidents arising from such activities happen mostly in the computational universe, their impacts are not restricted to the digital world, and can affect people, institutions, cities, or even countries

Cybersec Customer Success

26/April/2022

Information Security: Policies for Clean Desks and Screens

Information security (IS) is directly related to protecting a set of information, in the sense of preserving the value it holds for an individual or an organization

Software Engineering

17/December/2021

A Web Accessibility: how to modify our projects today

In this blogpost, we'll address directions and techniques that can be incorporated into our web projects

Vulnerability Management

17/November/2021

How intelligence data can help manage vulnerabilities

With the large number of vulnerabilities detected, the question is: how to prioritize what to fix first?

Detection Engineering

03/November/2021

Providing Visibility, Monitoring, and Anomaly Detection with FleetDM and Osquery

Nowadays, there is a concern about security and its monitoring

Cloud & Platform Security

28/October/2021

Enumerating Services in AWS Accounts in an Anonymous and Unauthenticated Manner

In recent research, we adjusted a enumeration technique used for years to map services on a AWS account to just its account id and with unauthenticated form

02/July/2021

SideChannel: content generation as a driving force in the development of cybersecurity

With the constant growth of cyber-attacks, sharing knowledge in the area of cybersecurity becomes essential

Cloud & Platform Security

12/March/2021

Good security practices using Docker

Security must be considered at all levels of a project, from code development to the infrastructure where it will run.

11/February/2021

New Astaroth techniques focus on anti-detection measures

Trojan started to exploit websites vulnerable to Cross-Site Scripting attacks and to use the finger command for remote execution of malicious code.

Software Security

27/January/2021

Is it possible to design a good user experience without giving up security?

When we build a safe product for the user, we are also assigning security and less damage to the business.

Web Application Security

06/November/2020

Let’s go with Cross Site Request Forgery?

According to a survey carried out by OWASP in 2013, CSRF was on the list of the 10 most common vulnerabilities founded in Web applications.

Application Security

30/September/2020

Brute Force Attacks: Protection and Mitigation Measures

Any system that interacts with the internet must be prepared to defend itself from a large arsenal of techniques and attacks

13/July/2020

Cybersecurity in Healthcare in the midst of crisis

COVID-19 Series: Key Topics to Combat Cyberattacks Taking Place in Hospitals During the Pandemic

08/July/2020

Cryptography: Applications to ensure your privacy

It guarantees that the confidentiality of the data can be assured, either in its storage or in its communication process

18/June/2020

Tactics, techniques, and pointers on recent major Double Extortion threats

An overview of the actions of the groups operating the Maze, Snake, RagnarLocker, Clop, REvil (Sodinokibi), Netwalker (Mailto), DoppelPaymer, and Nefilim ransomwares

08/May/2020

Double Extortion: Data leak combined with ransomware have increased in recent weeks

Criminals use various techniques to extract sensitive data and sabotage the environment, requiring payment to prevent leaks

09/April/2020

Bringing Zoom Safety into Perspective

COVID-19 series: an analysis of the latest incidents involving the security of the product

Corporate Security

25/March/2020

The strategies behind the new coronavirus-themed attacks

COVID-19 series: old scams in new packaging

Corporate Security

19/March/2020

The bare minimum of cybersecurity you need to consider when building an infrastructure in a hurry

COVID-19 Series: What topics to prioritize and a few free resources and information providers

Corporate Security

16/March/2020

Cybersecurity in the home office in times of coronavirus: a question of coresponsibility

COVID-19 series: tips for protecting company data in your home environment

Vulnerability Disclosure

11/March/2020

Vulnerability in Avast Secure Browser enables escalation of privileges on Windows

Exploitation abuses the hardlinks feature, which represents the file content on the NTFS system

Web Application Security

10/February/2020

Once upon a time an account enumeration

Identifying valid users in a variety of conditions and ways to protect your systems from this threat

Software Security

24/January/2020

For less Gandalfs and more John Wicks (or, for less magic frameworks and more software engineering)

Go is a relatively new language, similar to C but with memory safe, garbage collection, structural typing…

Web Application Security

07/January/2020

The Cypher Injection Saga

From descriptive error to BURP extension

12/December/2019

Evil Maid: Attack on computers with encrypted disks

The attack allows to obtain data stored on a disk or even to gain remote access to the victim’s computer

23/November/2019

New HydraPOS malware dashboard has been identified with data from over 100,000 credit cards

Variant of the threat, described by Tempest in 2017, remains in full operation and has dozens of targets in Brazil

15/October/2019

Cloud Migration: what to consider from a cybersecurity perspective

Keeping cloud data secure requires as much or more care and control than data stored on premises

Vulnerability Disclosure

16/July/2019

Tempest identifies weakness in Microsoft security service

By exploiting the vulnerability, an attacker can deliver malicious files via email

24/May/2019

Tempest discovers fraud campaign that amassed 2 million payment card data

Malware was installed in 2,600 points of sale of commercial businesses throughout Brazil

27/March/2019

GUP: banking malware campaign affects account holders of nine Brazilian institutions

Threat is based on overlaying the Internet Banking screen to perform fraudulent transactions while the user accesses the bank’s website

07/November/2018

Malware campaign in Brazil uses legitimate Windows components

Campaign uses WMI and CertUtil functions to attack its victims

21/August/2018

Domain Redirection Attack on Brazilian Banks Affects Intelbras Routers

The exposure of these access credentials is due to a vulnerability published in 2015

20/August/2018

Hakai botnet shows signs of intense activity in Latin America

This botnet has been detected by our sensors 134 times just this month

Vulnerability Disclosure

05/March/2018

Rapid SCADA: Industrial system has elementary flaw in access control

The flaw allows the system to become a bridge to access critical infrastructures

20/February/2018

Cyber security: how old and new problems place companies in a “state of attention”

Noticing that security is inserted among such important issues for society does not come as a surprise

08/February/2018

EZ-Security joins Tempest creating Brazil’s largest cyber security specialized company

We can now offer our customers and partners the largest and most comprehensive portfolio of products and services

01/February/2018

One third of the Internet was under DoS attack, according to study

Six university researchers shed some light on this type of attack

Corporate Security

03/November/2017

Risks involving supply chain attacks

We will look at some threats that abuse the supply chain and also address some of the consequences faced by organizations that have been victims of this type of attack

30/June/2017

Study assesses risks and implications of cyber attacks on nuclear defense systems

Document examines the possibilities of cyberattack to the Trident— britain nuclear deterrent program

23/June/2017

Data leakage is the theme of El Pescador’s new simulated phishing campaign

Cyber threats are constantly being renewed as cybercriminals develop increasingly sophisticated techniques to achieve their goals

26/May/2017

A time bomb: the challenge to fight fraud in the digital advertising industry

The HummingBad is one among the various activities that continually harm the digital advertising industry

26/May/2017

Ransomware recent developments and threats

New threats, spike in infections and attacks against the healthcare industry

26/May/2017

Malvertising — recent developments on tactics and techniques

Performing Malvertising attacks has already become an established technique in the modus operandi of several cyber crime rings

26/May/2017

Exploit Kits: The current revival of an old tool that became trend

The first campaign that used an EK was spotted a decade ago and it used code that exploited a ‘0-day’ vulnerability in Internet Explorer

09/May/2017

GE patches up vulnerability that allows remote power grids shutdown

Cyberattacks aimed at infrastructure were considered to be costly, requiring a great amount of resources and knowledge to execute

05/April/2017

USB-based malware raises suspicions of hostile attacks in air-gapped environments

The malware has self-protection features based on volume encryption using the AES128 algorithm, which also creates a single image that should prevent cloning the USB device

26/March/2017

Cyber war games exercises explained

Tempest Security Intelligence has created a unique methodology for running large-scale cyber war games exercises, which we call CYBERDRILL TM