SecOps & Risk mitigation
CyberProof uses OSINT and threat intelligence feeds for visibility into threats.
CyberProof’s adaptable playbooks address continuously evolving threats with updated strategies.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
24/7 global SOC support ensures incident response with guaranteed SLA.
24/7 global SOC support ensures incident response with guaranteed SLA.
CyberProof develops recovery plans, restoring capabilities after a cyber incident.
Classify and manage enterprise assets, understanding risks and data sensitivity.
Non-destructive tests uncover potential exploits in assets and applications.
Mitigate security issues early with CyberProof’s training and awareness programs.
Rigorous security assessment for on-premise and cloud applications to ensure protection.
IAM manages user access, monitors for anomalies, ensuring security.
Cloud First approach ensures compliance and security within cloud environments.
Managed service for SIEM, EDR, MXDR, and threat intelligence solutions.
Identify, assess, and mitigate security vulnerabilities through regular scanning.
Partners
See all partnersCase Studies
90% increase in visibility after deploying Microsoft XDR with CyberProof
Enterprise saves millions on data ingestion & storage following cloud migration.
International logistics company sees 40% savings in security operations costs
Threat Alerts
Security Update for Apache OFBiz Addresses High-Severity Flaws Allowing Remote Code Execution
New security flaws have been updated by Apache OFBiz, a popular open-source enterprise resource planning system, to mitigate a high-severity vulnerability that poses risks of unauthenticated remote code execution across Linux and Windows platforms.
The issue, identified as CVE-2024-45195 (CVSS 7.5), was present in all versions prior to 18.12.16. It allowed attackers without valid credentials to bypass view authorization checks in the web application, thereby executing arbitrary code on the server.
The significance of CVE-2024-45195 lies in its ability to circumvent previously patched vulnerabilities—CVE-2024-32113, CVE-2024-36104, and CVE-2024-38856—that were not comprehensively resolved, leading to an ongoing risk of exploit attempts in the wild, including the deployment of the Mirai botnet malware.
In addition to CVE-2024-45195, the latest update from Apache OFBiz, version 18.12.16, also addresses a critical server-side request forgery (SSRF) vulnerability tagged as CVE-2024-45507 (CVSS 9.8). This particular flaw could potentially enable threat actors to gain unauthorized access and compromise the system by manipulating specially crafted URLs.
New Critical RCE Flaw in Veeam Backup & Replication Software
Veeam has disclosed a new critical Remote Code Execution flaw, identified as CVE-2024-40711 (CVSS score 9.8). This vulnerability allows attackers to execute arbitrary code on affected systems without authentication. If successfully exploited, it could lead to full system compromise, allowing attackers to manipulate or delete data and potentially move laterally within a network.
Once exploited, attackers could gain unauthorized control over the backup infrastructure, disrupt critical processes, and use the compromised system as a foothold to access additional resources within the organization.
While it is currently unknown if this vulnerability is being actively exploited, it is expected to attract ransomware operators and other threat actors aiming to compromise backup systems and disrupt data recovery processes.