Vulnerability Disclosure 15/July/2024 Cross-Site Scripting (XSS) vulnerabilities and direct unauthenticated access found in the LumisXP Framework This publication focuses on the discovery of flaws that allow the execution of arbitrary scripts (HTML/JavaScript) and unauthorized access in applications using LumisXP, without the need for authentication
Vulnerability Disclosure 28/February/2024 CVEs: Access control vulnerabilities found within Multilaser routers’ web management interface This publication deals with the discovery of security flaws that may enable unauthorized access and control of Multilaser router configurations
Network Security 15/February/2024 What is DoS? How to defend yourself? Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks represent a constant threat to global enterprises, with alarming numbers of incidents. In addition to the direct losses caused by the interruption of services, companies face a new form of attack: Ransom DDoS (RDDoS), where attackers demand payment to cease attacks
Exploit Development 31/January/2024 AFL++ and an introduction to Feedback-Based Fuzzing Many bugs found from fuzzing tests can be signs of serious vulnerabilities
Cloud & Platform Security 17/January/2024 Privilege escalation with IAM on AWS Privilege escalation in AWS consists of having sufficient permissions for administrative access to an organization
Vulnerability Disclosure 18/May/2023 CVE-2023-27233: SQL Command Execution Vulnerability in Piwigo 13.5.0 Survey reveals weakness in the open source software, allowing the execution of arbitrary SQL commands
Vulnerability Disclosure 17/May/2023 CVE-2023-26876: SQL injection vulnerability found in Piwigo image management software Security flaw may allow unauthorized access and retrieval of sensitive server data
THREAT INTELLIGENCE 20/December/2022 New Chaes campaign uses Windows Management Instrumentation Command-Line Utility Tempest's Threat Intelligence team recently identified a new campaign by the Chaes malware operators, in which there's a heavy use of Windows Management Instrumentation Command-Line Utility (WMIC) during the infection phase and in the theft of victim data
Vulnerability Disclosure 30/September/2022 CVE-2022-2863: WordPress plugin WPvivid Backup in version 0.9.76 and lower, allows reading of arbitrary files from server Developers of the plugin have patched and released an update correcting the glitch in a later version
Cloud & Platform Security 14/September/2022 Attacks via Misconfiguration on Kubernetes Orchestrators Kubernetes makes it easy to create, delete, and manage these containers. With just one command, you can replicate the action on all the required containers
Web Application Security 01/September/2022 Cross-site Scripting (XSS), variants and correction Constantly mentioned in the OWASP Top Ten, the XSS makes it possible to hijack sessions, modify the application, redirect to malicious websites and more. Here we will cover the concepts and how to prevent it from happening in our applications
Vulnerability Disclosure 25/May/2022 CVE-2021-46426: phpIPAM 1.4.4 allows reflected XSS and CSRF via subnets functionality Its version 1.4.4 is vulnerable to Reflected Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks
Vulnerability Disclosure 25/May/2022 CVE-2021-30140: XSS Vulnerability Detection in Liquid Files LiquidFiles 3.4.15 has stored XSS via "send email" functionality when emailing a file to an administrator.
THREAT INTELLIGENCE 02/May/2022 Mekotio banking trojan identified in a new campaign against Brazilian account holders The Trojan, which supposedly originated in Brazil, has divided its infection process into multiple stages in order to make the work of malware analysts more difficult
Cloud & Platform Security 25/January/2022 Unauth root account email discovery with AWS organizations From the information previously discovered, it's possible to get equipped with information to carry out the next phases and moves of the attack
Vulnerability Management 17/November/2021 How intelligence data can help manage vulnerabilities With the large number of vulnerabilities detected, the question is: how to prioritize what to fix first?
Web Application Security 18/January/2021 Access Control Flaws in Web Applications If there is a vulnerability, an attacker could compromise the application completely
Vulnerability Disclosure 06/August/2020 Path Traversal Vulnerability in SecurEnvoy impacts on remote command execution through file upload Attacks of this type consist of the possibility of traversing directories outside and/or inside the root of the application, thus allowing access to other files or folders in an arbitrary manner
Vulnerability Disclosure 23/June/2020 DLL Hijacking at the Trend Micro Password Manager (CVE-2020–8469) We will briefly present some basic concepts on the subject, as well as the demonstration of this vulnerability in Trend Micro Password Manager
Vulnerability Disclosure 11/March/2020 Vulnerability in Avast Secure Browser enables escalation of privileges on Windows Exploitation abuses the hardlinks feature, which represents the file content on the NTFS system
Web Application Security 07/January/2020 The Cypher Injection Saga From descriptive error to BURP extension
Vulnerability Disclosure 20/August/2019 Trend Micro Maximum Security 2019 vulnerability allows for privilege escalation attacks on Windows Discovered by Tempest analyst, the flaw had a fix released last week
Vulnerability Disclosure 31/July/2019 Vulnerability in Avira Security Suite enables for privilege escalation attacks The flaw is present in a file which, by default, has open access and control permissions for all Windows users
Vulnerability Disclosure 16/July/2019 Tempest identifies weakness in Microsoft security service By exploiting the vulnerability, an attacker can deliver malicious files via email
News 12/November/2018 Vulnerable Adobe ColdFusion servers are targeted by cybercriminals Cybercriminals have used reverse engineering in an Adobe patch in search for vulnerabilities to exploit
News 06/November/2018 Soon, CVSS scores will be assigned by AI NIST is evaluating the use of IBM Watson to perform the task
News 01/November/2018 POS devices have several flaws that allow for different types of attacks Vulnerabilities were found in more than half of the major mobile POS tested terminals
News 29/October/2018 jQuery File Upload: plugin flaw leaves thousands of vulnerable websites Flaw was introduced when Apache disabled security control of .htacceess files
News 25/October/2018 Another Windows Zero-Day vulnerability is disclosed on Twitter New flaw allows for deletion of critical system data and privilege escalation
News 24/October/2018 Cisco and F5 Networks Assess Impact of Vulnerability on Libssh Flaw related to encoding error affects library version 0.6.0
News 23/October/2018 Two critical vulnerabilities have been found on NAS devices Flaws are present on WD My Book, NetGear Stora, SeaGate Home and NAS Medion LifeCloud devices
Intelligence 25/July/2018 New variant of the Mirai botnet has activity detected in Brazil Botnet tries to exploit vulnerabilities in routers and monitoring systems
Vulnerability Disclosure 20/March/2018 Hola VPN software flaw could lead to privilege escalation If exploited, the vulnerability allows for privilege escalation in the operating system, allowing the attacker to get full control over the victim’s computer
Vulnerability Disclosure 05/March/2018 Rapid SCADA: Industrial system has elementary flaw in access control The flaw allows the system to become a bridge to access critical infrastructures
Uncategorized 16/June/2017 Pacemakers may be vulnerable to cyberattacks, study finds More than 8,000 vulnerabilities have been discovered in several models. In the UK the number of implanted devices exceeds 400 per million inhabitants
Uncategorized 05/June/2017 Android: failures that are beyond the code In which ways the appropriation of the Android ecosystem affects its security
Uncategorized 12/May/2017 WannaCry ransomware spreads around the world and impacts large enterprises The malware has the behavior of a worm, infecting vulnerable computers that allow connections through Server Message Block (SMB) and Remote Desktop Protocol (RDP) connections
Uncategorized 09/May/2017 GE patches up vulnerability that allows remote power grids shutdown Cyberattacks aimed at infrastructure were considered to be costly, requiring a great amount of resources and knowledge to execute
Vulnerability Disclosure 15/July/2024 Cross-Site Scripting (XSS) vulnerabilities and direct unauthenticated access found in the LumisXP Framework This publication focuses on the discovery of flaws that allow the execution of arbitrary scripts (HTML/JavaScript) and unauthorized access in applications using LumisXP, without the need for authentication
Vulnerability Disclosure 28/February/2024 CVEs: Access control vulnerabilities found within Multilaser routers’ web management interface This publication deals with the discovery of security flaws that may enable unauthorized access and control of Multilaser router configurations
Network Security 15/February/2024 What is DoS? How to defend yourself? Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks represent a constant threat to global enterprises, with alarming numbers of incidents. In addition to the direct losses caused by the interruption of services, companies face a new form of attack: Ransom DDoS (RDDoS), where attackers demand payment to cease attacks
Exploit Development 31/January/2024 AFL++ and an introduction to Feedback-Based Fuzzing Many bugs found from fuzzing tests can be signs of serious vulnerabilities
Cloud & Platform Security 17/January/2024 Privilege escalation with IAM on AWS Privilege escalation in AWS consists of having sufficient permissions for administrative access to an organization
Vulnerability Disclosure 18/May/2023 CVE-2023-27233: SQL Command Execution Vulnerability in Piwigo 13.5.0 Survey reveals weakness in the open source software, allowing the execution of arbitrary SQL commands
Vulnerability Disclosure 17/May/2023 CVE-2023-26876: SQL injection vulnerability found in Piwigo image management software Security flaw may allow unauthorized access and retrieval of sensitive server data
THREAT INTELLIGENCE 20/December/2022 New Chaes campaign uses Windows Management Instrumentation Command-Line Utility Tempest's Threat Intelligence team recently identified a new campaign by the Chaes malware operators, in which there's a heavy use of Windows Management Instrumentation Command-Line Utility (WMIC) during the infection phase and in the theft of victim data
Vulnerability Disclosure 30/September/2022 CVE-2022-2863: WordPress plugin WPvivid Backup in version 0.9.76 and lower, allows reading of arbitrary files from server Developers of the plugin have patched and released an update correcting the glitch in a later version
Cloud & Platform Security 14/September/2022 Attacks via Misconfiguration on Kubernetes Orchestrators Kubernetes makes it easy to create, delete, and manage these containers. With just one command, you can replicate the action on all the required containers
Web Application Security 01/September/2022 Cross-site Scripting (XSS), variants and correction Constantly mentioned in the OWASP Top Ten, the XSS makes it possible to hijack sessions, modify the application, redirect to malicious websites and more. Here we will cover the concepts and how to prevent it from happening in our applications
Vulnerability Disclosure 25/May/2022 CVE-2021-46426: phpIPAM 1.4.4 allows reflected XSS and CSRF via subnets functionality Its version 1.4.4 is vulnerable to Reflected Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks
Vulnerability Disclosure 25/May/2022 CVE-2021-30140: XSS Vulnerability Detection in Liquid Files LiquidFiles 3.4.15 has stored XSS via "send email" functionality when emailing a file to an administrator.
THREAT INTELLIGENCE 02/May/2022 Mekotio banking trojan identified in a new campaign against Brazilian account holders The Trojan, which supposedly originated in Brazil, has divided its infection process into multiple stages in order to make the work of malware analysts more difficult
Cloud & Platform Security 25/January/2022 Unauth root account email discovery with AWS organizations From the information previously discovered, it's possible to get equipped with information to carry out the next phases and moves of the attack
Vulnerability Management 17/November/2021 How intelligence data can help manage vulnerabilities With the large number of vulnerabilities detected, the question is: how to prioritize what to fix first?
Web Application Security 18/January/2021 Access Control Flaws in Web Applications If there is a vulnerability, an attacker could compromise the application completely
Vulnerability Disclosure 06/August/2020 Path Traversal Vulnerability in SecurEnvoy impacts on remote command execution through file upload Attacks of this type consist of the possibility of traversing directories outside and/or inside the root of the application, thus allowing access to other files or folders in an arbitrary manner
Vulnerability Disclosure 23/June/2020 DLL Hijacking at the Trend Micro Password Manager (CVE-2020–8469) We will briefly present some basic concepts on the subject, as well as the demonstration of this vulnerability in Trend Micro Password Manager
Vulnerability Disclosure 11/March/2020 Vulnerability in Avast Secure Browser enables escalation of privileges on Windows Exploitation abuses the hardlinks feature, which represents the file content on the NTFS system
Web Application Security 07/January/2020 The Cypher Injection Saga From descriptive error to BURP extension
Vulnerability Disclosure 20/August/2019 Trend Micro Maximum Security 2019 vulnerability allows for privilege escalation attacks on Windows Discovered by Tempest analyst, the flaw had a fix released last week
Vulnerability Disclosure 31/July/2019 Vulnerability in Avira Security Suite enables for privilege escalation attacks The flaw is present in a file which, by default, has open access and control permissions for all Windows users
Vulnerability Disclosure 16/July/2019 Tempest identifies weakness in Microsoft security service By exploiting the vulnerability, an attacker can deliver malicious files via email
News 12/November/2018 Vulnerable Adobe ColdFusion servers are targeted by cybercriminals Cybercriminals have used reverse engineering in an Adobe patch in search for vulnerabilities to exploit
News 06/November/2018 Soon, CVSS scores will be assigned by AI NIST is evaluating the use of IBM Watson to perform the task
News 01/November/2018 POS devices have several flaws that allow for different types of attacks Vulnerabilities were found in more than half of the major mobile POS tested terminals
News 29/October/2018 jQuery File Upload: plugin flaw leaves thousands of vulnerable websites Flaw was introduced when Apache disabled security control of .htacceess files
News 25/October/2018 Another Windows Zero-Day vulnerability is disclosed on Twitter New flaw allows for deletion of critical system data and privilege escalation
News 24/October/2018 Cisco and F5 Networks Assess Impact of Vulnerability on Libssh Flaw related to encoding error affects library version 0.6.0
News 23/October/2018 Two critical vulnerabilities have been found on NAS devices Flaws are present on WD My Book, NetGear Stora, SeaGate Home and NAS Medion LifeCloud devices
Intelligence 25/July/2018 New variant of the Mirai botnet has activity detected in Brazil Botnet tries to exploit vulnerabilities in routers and monitoring systems
Vulnerability Disclosure 20/March/2018 Hola VPN software flaw could lead to privilege escalation If exploited, the vulnerability allows for privilege escalation in the operating system, allowing the attacker to get full control over the victim’s computer
Vulnerability Disclosure 05/March/2018 Rapid SCADA: Industrial system has elementary flaw in access control The flaw allows the system to become a bridge to access critical infrastructures
Uncategorized 16/June/2017 Pacemakers may be vulnerable to cyberattacks, study finds More than 8,000 vulnerabilities have been discovered in several models. In the UK the number of implanted devices exceeds 400 per million inhabitants
Uncategorized 05/June/2017 Android: failures that are beyond the code In which ways the appropriation of the Android ecosystem affects its security
Uncategorized 12/May/2017 WannaCry ransomware spreads around the world and impacts large enterprises The malware has the behavior of a worm, infecting vulnerable computers that allow connections through Server Message Block (SMB) and Remote Desktop Protocol (RDP) connections
Uncategorized 09/May/2017 GE patches up vulnerability that allows remote power grids shutdown Cyberattacks aimed at infrastructure were considered to be costly, requiring a great amount of resources and knowledge to execute
