SecOps & Risk mitigation
CyberProof uses OSINT and threat intelligence feeds for visibility into threats.
CyberProof’s adaptable playbooks address continuously evolving threats with updated strategies.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
24/7 global SOC support ensures incident response with guaranteed SLA.
24/7 global SOC support ensures incident response with guaranteed SLA.
CyberProof develops recovery plans, restoring capabilities after a cyber incident.
Classify and manage enterprise assets, understanding risks and data sensitivity.
Non-destructive tests uncover potential exploits in assets and applications.
Mitigate security issues early with CyberProof’s training and awareness programs.
Rigorous security assessment for on-premise and cloud applications to ensure protection.
IAM manages user access, monitors for anomalies, ensuring security.
Cloud First approach ensures compliance and security within cloud environments.
Managed service for SIEM, EDR, MXDR, and threat intelligence solutions.
Identify, assess, and mitigate security vulnerabilities through regular scanning.
Partners
See all partners“Today I have complete visibility into the entire environment, in real time”
Jamil Farshchi | Equifax CISO
CyberProof Acquires Interpres Security
By leveraging and integrating the Interpres Security CTEM solution into its security services portfolio, CyberProof is able to continuously identify, assess, and prioritize risk while adapting defense services, like MDR, Vulnerability management and Use case management to address ever evolving threats. Take proactive steps to fortify your security today!
Case Studies
Retail Company Reduces Data Costs by 85% with SIEM Transformation
90% increase in visibility after deploying Microsoft XDR with CyberProof
Enterprise saves millions on data ingestion & storage following cloud migration.
SOC unification streamlines enterprise insurance company’s security & network monitoring operations.
Global medical devices company gains visibility and meets stringent compliance standards across global geos
Pharmaceutical organization significantly enhances threat detection and response times
Threat Alerts
Medusa Ransomware Attacks Escalate, CISA and FBI Issue Warning
The recent advisory on Medusa ransomware, released by CISA and the FBI in March 2025, highlights the increasing sophistication and heightened threat of this ransomware-as-a-service (RaaS) variant. Medusa operates under a RaaS model, where a central group of developers controls the ransomware and affiliates carry out the attacks. These affiliates target a wide range of sectors, exploiting vulnerabilities and using phishing campaigns to gain unauthorized access to networks. Once inside, they encrypt the victim’s data and threaten to publicly release it unless a ransom is paid, using a double extortion strategy to exert pressure. This approach has led to the ransomware’s widespread adoption, making it a significant threat to both private and public organizations.
Medusa has already compromised over 300 organizations worldwide, raising concerns about its growing impact. Given its rapid evolution and the continued success of its affiliates, the advisory warns that more organizations may become targets if the trend continues.
New Ransomware Group Targets FortiGate Firewalls Using Critical FortiOS Flaws
A newly identified ransomware group, Mora_001, has been exploiting critical vulnerabilities in Fortinet’s FortiOS to gain privileged access and deploy ransomware. These attacks specifically target FortiGate firewall appliances, leveraging security flaws to escalate privileges to super_admin, enabling attackers to disable protections, move laterally, and execute ransomware payloads. Depending on the environment, they may either rapidly encrypt systems or remain undetected for extended reconnaissance before deployment.
The attack chain exploits two vulnerabilities: CVE-2024-55591 (CVSS 9.8) and CVE-2025-24472 (CVSS 8.1), both affecting FortiOS versions earlier than 7.0.16. These flaws allow unauthenticated remote attackers to bypass authentication and escalate privileges to the highest administrative level. Once inside, the attackers establish persistence, modify system configurations to retain control, and prepare the network for ransomware execution.
After gaining access, the attackers deploy SuperBlack, a ransomware variant built using a modified LockBit 3.0 (LockBit Black) builder. The malware encrypts files using advanced cryptographic techniques while simultaneously exfiltrating sensitive data. The ransom note is customized but retains infrastructure elements linked to previous LockBit operations. This suggests that Mora_001 may be directly affiliated with LockBit or repurposing its leaked tools. Their tactics include reusing IP addresses and creating identical usernames across victim environments, pointing to a methodical and systematic attack strategy.