SecOps & Risk mitigation
CyberProof uses OSINT and threat intelligence feeds for visibility into threats.
CyberProof’s adaptable playbooks address continuously evolving threats with updated strategies.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
24/7 global SOC support ensures incident response with guaranteed SLA.
24/7 global SOC support ensures incident response with guaranteed SLA.
CyberProof develops recovery plans, restoring capabilities after a cyber incident.
Classify and manage enterprise assets, understanding risks and data sensitivity.
Non-destructive tests uncover potential exploits in assets and applications.
Mitigate security issues early with CyberProof’s training and awareness programs.
Rigorous security assessment for on-premise and cloud applications to ensure protection.
IAM manages user access, monitors for anomalies, ensuring security.
Cloud First approach ensures compliance and security within cloud environments.
Managed service for SIEM, EDR, MXDR, and threat intelligence solutions.
Identify, assess, and mitigate security vulnerabilities through regular scanning.
Partners
See all partners“Today I have complete visibility into the entire environment, in real time”
Jamil Farshchi | Equifax CISO
CyberProof Acquires Interpres Security
By leveraging and integrating the Interpres Security CTEM solution into its security services portfolio, CyberProof is able to continuously identify, assess, and prioritize risk while adapting defense services, like MDR, Vulnerability management and Use case management to address ever evolving threats. Take proactive steps to fortify your security today!
Case Studies
Retail Company Reduces Data Costs by 85% with SIEM Transformation
90% increase in visibility after deploying Microsoft XDR with CyberProof
Enterprise saves millions on data ingestion & storage following cloud migration.
SOC unification streamlines enterprise insurance company’s security & network monitoring operations.
Global medical devices company gains visibility and meets stringent compliance standards across global geos
Pharmaceutical organization significantly enhances threat detection and response times
Threat Alerts
RomCom Exploits Firefox and Windows Zero-Days in Sophisticated Campaign
The attack begins with CVE-2024-9680, a use-after-free vulnerability in Firefox’s animation timeline feature. This flaw is exploited when victims visit a malicious webpage, allowing attackers to execute arbitrary shellcode within the browser’s sandbox. Once this initial compromise occurs, the campaign pivots to CVE-2024-49039, a privilege escalation vulnerability in Windows Task Scheduler. By exploiting this, the attackers escape the browser’s sandbox and execute code with elevated privileges.
The attack chain is strategically designed and deceptively simple. Upon visiting a booby-trapped site, the Firefox exploit is triggered to bypass memory protections, injecting shellcode that downloads a secondary payload. This payload exploits the Windows Task Scheduler vulnerability to run a hidden PowerShell process. From there, the RomCom backdoor is downloaded and installed, granting attackers full control over the victim’s system. To ensure persistence, obfuscated PowerShell scripts are used alongside staging servers hosting the malware.
The RomCom backdoor deployed in this campaign is a versatile tool, enabling attackers to execute arbitrary commands, steal sensitive information, and deploy further malicious modules. The attack has been observed targeting victims across multiple sectors, including government, healthcare, and critical infrastructure in Europe and North America. This campaign demonstrates RomCom’s growing sophistication, as the group now incorporates advanced zero-day exploitation into its arsenal.
UEFI Bootkit Bootkitty Emerges as Linux-Specific Threat
In a significant development for the UEFI threat landscape, researchers have identified the first UEFI bootkit specifically designed for Linux systems, named Bootkitty by its creators, a group known as BlackCat. While the bootkit is assessed to be a proof-of-concept (PoC) with no evidence of use in real-world attacks.
Bootkitty’s primary objective is to disable the Linux kernel’s signature verification feature and preload two as-yet-unknown ELF binaries during the system startup process. This is achieved via the Linux init process, the first process executed by the kernel upon startup. Additionally, researchers uncovered a potentially related unsigned kernel module that appears to have been developed by the same author(s). This module deploys an ELF binary that facilitates the loading of yet another unknown kernel module, indicating a possible modular architecture.
Bootkitty is signed using a self-signed certificate, which means it cannot execute on systems with UEFI Secure Boot enabled unless an attacker-controlled certificate has been pre-installed. Interestingly, the bootkit contains two unused functions. One of these functions prints special strings to the screen during execution, while the other can display a list of potential authors and individuals who may have contributed to its development. These features, while unused in this PoC, could hint at the bootkit’s future capabilities or provide clues about its creators.
Despite its PoC nature, Bootkitty represents a meaningful advancement in the UEFI threat space by targeting Linux systems. Its discovery challenges the prevailing assumption that modern UEFI bootkits are exclusively a Windows threat, broadening the scope of potential attack surfaces in the Linux ecosystem.