Community 18/January/2023 Fraud in E-commerces – Brazilian Perspective The success of e-commerces in Brazil is unquestionable and, of course, carries the same burden of fraud growth. In 2021, for example, there was a loss of more than BRL 7 billion related to fraud attempts, an increase of 100% compared to the previous year
News 02/July/2021 SideChannel: content generation as a driving force in the development of cybersecurity With the constant growth of cyber-attacks, sharing knowledge in the area of cybersecurity becomes essential
Application Security 14/October/2020 HTML to PDF converters, can I hack them? Our goal here was to investigate what kind of vulnerabilities can be inserted in a software through the use of libraries with the above mentioned functionality
Vulnerability Disclosure 23/June/2020 DLL Hijacking at the Trend Micro Password Manager (CVE-2020–8469) We will briefly present some basic concepts on the subject, as well as the demonstration of this vulnerability in Trend Micro Password Manager
Reverse Engineering 11/June/2020 BA AD F0 0D: Using memory debug code as an anti-debugging technique New anti-debugging techniques are always welcome
Intelligence 05/December/2019 Brazilian fraudsters are using a distributed tool to obtain CVV data Tactic has been used both against legitimate e-commerce websites under the control of the attacker, and against payment gateways
Intelligence 23/November/2019 New HydraPOS malware dashboard has been identified with data from over 100,000 credit cards Variant of the threat, described by Tempest in 2017, remains in full operation and has dozens of targets in Brazil
Web Application Security 29/October/2019 A Burp plugin that automates failure detection in the HTML development process The idea of creating another extension for Burp came up in one of the editions of “Na Beira do Rio”
Intelligence 01/October/2019 Phishing campaign spreads malware to Facebook users in Brazil and Mexico Sponsored ads offered discount coupons to distribute a malicious Chrome extension, among other threats
Intelligence 17/September/2019 Research identifies tool used to extract and manipulate email attachments Offered in social networks, tool also allows to validate email credentials
Cryptography 05/September/2019 A brief analysis of data compression security issues Many applications compress data before it is encrypted, which, in some cases, may compromise the confidentiality of the transmitted data
Vulnerability Disclosure 20/August/2019 Trend Micro Maximum Security 2019 vulnerability allows for privilege escalation attacks on Windows Discovered by Tempest analyst, the flaw had a fix released last week
Software Security 14/August/2019 Adequately using relational database privileges in migration tasks How to improve security in the database access using the Principle of Least Privilege
Vulnerability Disclosure 31/July/2019 Vulnerability in Avira Security Suite enables for privilege escalation attacks The flaw is present in a file which, by default, has open access and control permissions for all Windows users
Vulnerability Disclosure 16/July/2019 Tempest identifies weakness in Microsoft security service By exploiting the vulnerability, an attacker can deliver malicious files via email
Intelligence 24/May/2019 Tempest discovers fraud campaign that amassed 2 million payment card data Malware was installed in 2,600 points of sale of commercial businesses throughout Brazil
Intelligence 27/March/2019 GUP: banking malware campaign affects account holders of nine Brazilian institutions Threat is based on overlaying the Internet Banking screen to perform fraudulent transactions while the user accesses the bank’s website
Intelligence 27/November/2018 Botnet Bushido has increased activity detected This variant would be used in DDoS rental services
Intelligence 26/November/2018 Campaign disseminates banking trojan for clients of Brazilian banks The malware has evasive features that circumvent anti-virus systems and use advanced screen overlay techniques
Intelligence 19/November/2018 Dodge game: a story about document fraud It is a job that depends essentially on digital resources
Intelligence 04/September/2018 Garage scheme: scam affects vehicle financing A gang carried out a fraud against financial institutions
Intelligence 28/August/2018 Fake stores, “boletos” and WhatsApp: Uncovering a Phishing-as-a-Service operation This activity relies on platforms that sell fake e-commerce (fake stores)
Intelligence 21/August/2018 Domain Redirection Attack on Brazilian Banks Affects Intelbras Routers The exposure of these access credentials is due to a vulnerability published in 2015
Intelligence 20/August/2018 Hakai botnet shows signs of intense activity in Latin America This botnet has been detected by our sensors 134 times just this month
Intelligence 01/August/2018 New attempts to attack D-Link devices in Brazil are detected Tempest monitoring team identified the activity of 11 botnets attempting to exploit device flaws
Intelligence 25/July/2018 New variant of the Mirai botnet has activity detected in Brazil Botnet tries to exploit vulnerabilities in routers and monitoring systems
Vulnerability Disclosure 08/January/2018 Password manager flaw allows for arbitrary command execution The flaw was found in the latest version of the software (4.9.3)
Intelligence 18/October/2017 HydraPOS — Operation of Brazilian fraudsters has accumulated, at least, 1.4 million card data Fraud scheme went unnoticed for four years, targeting several merchants in Brazil
Community 18/January/2023 Fraud in E-commerces – Brazilian Perspective The success of e-commerces in Brazil is unquestionable and, of course, carries the same burden of fraud growth. In 2021, for example, there was a loss of more than BRL 7 billion related to fraud attempts, an increase of 100% compared to the previous year
News 02/July/2021 SideChannel: content generation as a driving force in the development of cybersecurity With the constant growth of cyber-attacks, sharing knowledge in the area of cybersecurity becomes essential
Application Security 14/October/2020 HTML to PDF converters, can I hack them? Our goal here was to investigate what kind of vulnerabilities can be inserted in a software through the use of libraries with the above mentioned functionality
Vulnerability Disclosure 23/June/2020 DLL Hijacking at the Trend Micro Password Manager (CVE-2020–8469) We will briefly present some basic concepts on the subject, as well as the demonstration of this vulnerability in Trend Micro Password Manager
Reverse Engineering 11/June/2020 BA AD F0 0D: Using memory debug code as an anti-debugging technique New anti-debugging techniques are always welcome
Intelligence 05/December/2019 Brazilian fraudsters are using a distributed tool to obtain CVV data Tactic has been used both against legitimate e-commerce websites under the control of the attacker, and against payment gateways
Intelligence 23/November/2019 New HydraPOS malware dashboard has been identified with data from over 100,000 credit cards Variant of the threat, described by Tempest in 2017, remains in full operation and has dozens of targets in Brazil
Web Application Security 29/October/2019 A Burp plugin that automates failure detection in the HTML development process The idea of creating another extension for Burp came up in one of the editions of “Na Beira do Rio”
Intelligence 01/October/2019 Phishing campaign spreads malware to Facebook users in Brazil and Mexico Sponsored ads offered discount coupons to distribute a malicious Chrome extension, among other threats
Intelligence 17/September/2019 Research identifies tool used to extract and manipulate email attachments Offered in social networks, tool also allows to validate email credentials
Cryptography 05/September/2019 A brief analysis of data compression security issues Many applications compress data before it is encrypted, which, in some cases, may compromise the confidentiality of the transmitted data
Vulnerability Disclosure 20/August/2019 Trend Micro Maximum Security 2019 vulnerability allows for privilege escalation attacks on Windows Discovered by Tempest analyst, the flaw had a fix released last week
Software Security 14/August/2019 Adequately using relational database privileges in migration tasks How to improve security in the database access using the Principle of Least Privilege
Vulnerability Disclosure 31/July/2019 Vulnerability in Avira Security Suite enables for privilege escalation attacks The flaw is present in a file which, by default, has open access and control permissions for all Windows users
Vulnerability Disclosure 16/July/2019 Tempest identifies weakness in Microsoft security service By exploiting the vulnerability, an attacker can deliver malicious files via email
Intelligence 24/May/2019 Tempest discovers fraud campaign that amassed 2 million payment card data Malware was installed in 2,600 points of sale of commercial businesses throughout Brazil
Intelligence 27/March/2019 GUP: banking malware campaign affects account holders of nine Brazilian institutions Threat is based on overlaying the Internet Banking screen to perform fraudulent transactions while the user accesses the bank’s website
Intelligence 27/November/2018 Botnet Bushido has increased activity detected This variant would be used in DDoS rental services
Intelligence 26/November/2018 Campaign disseminates banking trojan for clients of Brazilian banks The malware has evasive features that circumvent anti-virus systems and use advanced screen overlay techniques
Intelligence 19/November/2018 Dodge game: a story about document fraud It is a job that depends essentially on digital resources
Intelligence 04/September/2018 Garage scheme: scam affects vehicle financing A gang carried out a fraud against financial institutions
Intelligence 28/August/2018 Fake stores, “boletos” and WhatsApp: Uncovering a Phishing-as-a-Service operation This activity relies on platforms that sell fake e-commerce (fake stores)
Intelligence 21/August/2018 Domain Redirection Attack on Brazilian Banks Affects Intelbras Routers The exposure of these access credentials is due to a vulnerability published in 2015
Intelligence 20/August/2018 Hakai botnet shows signs of intense activity in Latin America This botnet has been detected by our sensors 134 times just this month
Intelligence 01/August/2018 New attempts to attack D-Link devices in Brazil are detected Tempest monitoring team identified the activity of 11 botnets attempting to exploit device flaws
Intelligence 25/July/2018 New variant of the Mirai botnet has activity detected in Brazil Botnet tries to exploit vulnerabilities in routers and monitoring systems
Vulnerability Disclosure 08/January/2018 Password manager flaw allows for arbitrary command execution The flaw was found in the latest version of the software (4.9.3)
Intelligence 18/October/2017 HydraPOS — Operation of Brazilian fraudsters has accumulated, at least, 1.4 million card data Fraud scheme went unnoticed for four years, targeting several merchants in Brazil
