411 matches found
Brazil Halts Meta's AI Data Processing Amid Privacy Concerns
Brazil's data protection authority, Autoridade Nacional de Proteção de Dados ANPD, has temporarily banned Meta from processing users' personal data to train the company's artificial intelligence AI algorithms. The ANPD said it found "evidence of processing of personal data based on inadequate leg...
SoftExpert Excellence Suite Security Vulnerability
SoftExpert Excellence Suite is a commercial suite from SoftExpert Brazil. A security vulnerability exists in Softexpert Excellence Suite version v.2.1, which stems from a file upload vulnerability that could allow an attacker to execute arbitrary code by uploading a .php file to the...
North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics
Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian...
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures TTPs are common among other banking trojans coming out of Brazil. This family has also been...
LCDS LAquis SCADA
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity Vendor : LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment : LAquis SCADA Vulnerabilities : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?
If youre a regular reader of this newsletter, you already know about how strongly I feel about the dangers of spreading fake news, disinformation and misinformation. And honestly, if youre reading this newsletter, I probably shouldnt have to tell you about that either. But one of the things that...
New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics
Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that's propagated via phishing emails bearing PDF attachments. "This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware," Fortinet...
Fedora: Security Advisory for brazil (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: brazil-2.3-36.fc40
Brazil is as an extremely small footprint HTTP stack and flexible architecture for adding URL-based interfaces to arbitrary applications and devices from Sun Labs. This package contains the core set of classes that are not dependent on any other external Java libraries...
CHAVECLOAK Banking Trojan Sneaks into Brazil’s Financial Hub
Summary: The CHAVECLOAK banking trojan is purposefully crafted to target the banking credentials of individuals in Brazil, highlighting the ongoing focus of cyber criminals on the nations financial sector. Threat Level - Amber | Attack Report For a detailed threat advisory, download the pdf file...
Coyote: A Sophisticated Banking Trojan Targeting Financial Information
Summary: A new banking trojan called Coyote is currently targeting more than 60 banking institutions, primarily in Brazil. The malware distributes itself using the Squirrel installer and executes its infection process using Node.js and Nim, a relatively new multi-platform programming language...
~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation
Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure. Tracked as CVE-2023-22527 CVSS score: 10.0, the vulnerability impacts out-of-date versions of the...
DDoS Attacks on the Environmental Services Industry Surge by 61,839% in 2023
The environmental services industry witnessed an "unprecedented surge" in HTTP-based distributed denial-of-service DDoS attacks, accounting for half of all its HTTP traffic. This marks a 61,839% increase in DDoS attack traffic year-over-year, web infrastructure and security company Cloudflare sai...
Facial Scanning by Burger King in Brazil
In 2000, I wrote: "If McDonalds offered three free Big Macs for a DNA sample, there would be lines around the block." Burger King in Brazil is almost there, offering discounts in exchange for a facial scan. From a marketing video: "At the end of the year, its Friday every day, and the hangover...
British LAPSUS$ Teen Members Sentenced for High-Profile Attacks
Two British teens part of the LAPSUS$ cyber crime and extortion gang have been sentenced for their roles in orchestrating a string of high-profile attacks against a number of companies. Arion Kurtaj, an 18-year-old from Oxford, has been sentenced to an indefinite hospital order due to his intent ...
ParaSiteSnatcher: How Malicious Chrome Extensions Target Brazil
We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data...
Intelbras RX 1500 Security Vulnerability
The Intelbras RX 1500 is a dual-band router from Intelbras in Brazil. A security vulnerability exists in Intelbras RX 1500 version 1.1.9. An attacker can exploit the vulnerability to perform cross-site scripting attacks...
Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw
Cloudflare on Thursday said it mitigated thousands of hyper-volumetric HTTP distributed denial-of-service DDoS attacks that exploited a recently disclosed flaw called HTTP/2 Rapid Reset, 89 of which exceeded 100 million requests per second RPS. "The campaign contributed to an overall increase of...
Attackers Exploit Brazil’s PIX System with GoPIX Malware Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The popularity of Brazils PIX payment system has attracted cybercriminals using GoPIX malware, targeting users searching for "WhatsApp web" with malicious ads. This poses a threat to users financial and...
Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware
The popularity of Brazil's PIX instant payment system has made it a lucrative target for threat actors looking to generate illicit profits using a new malware called GoPIX. Kaspersky, which has been tracking the active campaign since December 2022, said the attacks are pulled off using malicious...