SecOps & Risk mitigation
CyberProof uses OSINT and threat intelligence feeds for visibility into threats.
CyberProof’s adaptable playbooks address continuously evolving threats with updated strategies.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
24/7 global SOC support ensures incident response with guaranteed SLA.
24/7 global SOC support ensures incident response with guaranteed SLA.
CyberProof develops recovery plans, restoring capabilities after a cyber incident.
Classify and manage enterprise assets, understanding risks and data sensitivity.
Non-destructive tests uncover potential exploits in assets and applications.
Mitigate security issues early with CyberProof’s training and awareness programs.
Rigorous security assessment for on-premise and cloud applications to ensure protection.
IAM manages user access, monitors for anomalies, ensuring security.
Cloud First approach ensures compliance and security within cloud environments.
Managed service for SIEM, EDR, MXDR, and threat intelligence solutions.
Identify, assess, and mitigate security vulnerabilities through regular scanning.
Partners
See all partners“Today I have complete visibility into the entire environment, in real time”
Jamil Farshchi | Equifax CISO
Case Studies
90% increase in visibility after deploying Microsoft XDR with CyberProof
Enterprise saves millions on data ingestion & storage following cloud migration.
International logistics company sees 40% savings in security operations costs
Threat Alerts
Advanced Phishing Tactics Amplify the Threat of Bumblebee and Latrodectus Malware
Amid a significant resurgence, both Bumblebee and Latrodectus malware have adopted advanced phishing techniques, leveraging multi-stage infection chains and fileless strategies to evade traditional security measures and establish persistence. These malware families increasingly exploit cloud infrastructure, which further complicates detection and response efforts within affected organizations.
Bumblebee, functioning as a loader malware, now employs a “fileless” infection technique, deploying LNK files and PowerShell commands within ZIP archives attached to phishing emails. This approach enables in-memory code execution, bypassing file-based detection mechanisms. Additionally, it leverages LOLBins (Living-Off-the-Land Binaries) to execute malicious tasks through trusted applications, making detection even more challenging and boosting its persistence on compromised systems.
Latrodectus, also known as “Black Widow,” uses DocuSign-themed phishing emails embedded with JavaScript, triggering the download of malicious DLL files. Once infiltrated, Latrodectus utilizes dynamic API calls, encrypted C2 communication, and anti-debugging mechanisms to obfuscate its presence and sustain persistence. Furthermore, it integrates cloud services, such as Microsoft Azure, to host payloads and coordinate infection, complicating incident response due to its decentralized and stealthy infrastructure.
Critical FortiManager Vulnerability Actively Exploited in Zero-Day Attacks
Fortinet has confirmed a critical security vulnerability affecting FortiManager, tracked as CVE-2024-47575 (CVSS score: 9.8), commonly referred to as FortiJump, which has been exploited in zero-day attacks. This flaw arises from a missing authentication issue in the FortiGate to FortiManager (FGFM) protocol, potentially allowing remote, unauthenticated attackers to execute arbitrary code or commands via specially crafted requests.
The vulnerability impacts FortiManager versions 7.x and 6.x, as well as FortiManager Cloud versions 7.x and 6.x. It also affects several older FortiAnalyzer models (1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, and 3900E) that have the FGFM service enabled and are configured to allow communication with FortiManager. Reports indicate that this vulnerability is being actively exploited in the wild. However, there is currently no evidence that it has been used to deploy malware or backdoors on affected systems.