
Cyber Hub
Your Place for the Latest CyberProof Updates
-
11-Jan-2021
Recent Phishing Campaigns Targeting Organizations Around the World
Tags:Label: Threat AdvisoryThreat Level: HighThis week, researchers discovered a phishing campaign spreading an information stealer malware. This campaign leverages the current political situation in the U.S. as a lure for users to download an attachment infected with QRat. Another phishing campaign uses the secure mailer email format to send phishing emails aimed at stealing Microsoft users’ credentials.
-
04-Jan-2021
Recent Phishing Campaigns Targeting Organizations Around the World
Tags:Label: Threat AdvisoryThreat Level: HighAfter returning just in time for the holidays, Emotet registered a massive phishing campaign this week, threatening various organizations around the world. The malware is now targeting prominent institutions and becoming more and more effective and successful, as it implements new tactics.
-
04-Jan-2021
Latest Reports on Recent Malware Campaigns
Tags:Label: Threat AdvisoryThreat Level: HighThis past week, a new Golang worm was found being spread to drop the XMRig cryptominer. The malware targets both Windows and Linux systems and compromises publicly-exposed services. In addition, a new malware that is associated with the Iranian group MuddyWater is hosted on GitHub and uses a sophisticated steganography technique to compile a Cobalt Strike script from an image hosted on Imgur.
-
04-Jan-2021
Latest SolarWinds Updates
Tags:Label: Threat AdvisoryThreat Level: HighThis week, Microsoft revealed an additional piece of the SolarWinds supply chain attack’s investigation, claiming the attackers leveraged their grasp within Microsoft’s internal network to access parts of the company’s source code. However, the source code seems to be publicly available for open source software development, and thus does not pose additional risks to Microsoft costumers. In addition, researchers this week observed a massive scan activity, aimed at detecting exposed SolarWinds Orion hosts that are vulnerable to CVE-2020-10148/
-
01-Jan-2021
SolarWinds Supply Chain Attack Affecting Organizations Around the World
Label: Threat AdvisoryThreat Level: SevereCybersecurity giant FireEye has suffered a massive data breach that involved the leaking of its red team tools. FireEye identified that the intrusion into its network was achieved using SolarWinds’ Orion software. The threat actors trojanized this software’s updates to deliver a backdoor they named Sunburst. This finding led FireEye to uncover a widespread campaign that the company links to an APT it calls UNC2452. Other researchers link the campaign to the Russian nation-state group, APT29 (aka Cozy Bear), and Microsoft named the malware Solorigate. FireEye detected this campaign affecting organizations from various sectors located in North America, Europe, Asia and the Middle East. FireEye anticipates that additional victims will be identified from other locations, since SolarWinds’ Orion is widely used. Among the verified victims include the US Treasury Department, the US Department of Commerce National Telecommunications and Information Administration (NTIA), and additional government and private organizations in the US. The threat actors embedded the backdoor into a legitimate, digitally-signed SolarWinds library with the filename SolarWinds.Orion.Core.BusinessLayer.dll. The backdoor was distributed via automatic updates that were digitally-signed from March – May 2020. Once the updates are installed, the malicious DLL will be loaded by the legitimate executable file of SolarWinds. After a dormant period of up to two weeks, the malware will attempt to resolve a subdomain of avsvmcloud[.]com. These subdomains are generated using Domain Generation Algorithm (DGA). The DNS response will return a CNAME record that points to a C&C domain. The network traffic is designed to masquerade as the Orion Improvement Program (OIP) protocol. It retrieves and executes commands, called “Jobs”, that include the ability to transfer and execute files, profile the system, and disable system services. Additionally, Sunburst uses multiple blocklists to identify forensic and anti-virus tools via processes, services, and drivers.
-
28-Dec-2020
Recent Phishing Campaigns Targeting Organizations Around the World
Tags:Label: Threat AdvisoryThreat Level: HighThe holiday season typically sees a rise in cybercriminal activity, which can be easily spotted by following the surge of global phishing campaigns. This past week, security researchers identified a new phishing campaign distributing new payloads of the infamous Emotet malware, which has been dormant since the end of October. Another phishing campaign that takes advantage of the spirit of this season consists of emails pretending to be Amazon gift cards. The victims of this campaign are actually being infected with the Dridex Trojan.
-
28-Dec-2020
Latest Developments on Major Ransomware Campaigns
Tags:Label: Threat AdvisoryThreat Level: HighSee recommendations below Over the past year, ransomware attacks have become more abundant, sophisticated, and lucrative. Ransomware groups continued developing new techniques to evade detection and maximize the effect of their attacks when compromising networks. Alongside the technologic development, ransomware groups have also invested a lot of effort into the psychological aspects of getting ransom payments from their victims. For example, they have started publicly leaking data stolen during attacks and even performed DDoS attacks assuming that the victims want to avoid embarrassment and preserve their reputation. Another notable development seen in the ransomware landscape this past year were the collaborations between different ransomware groups and the increased employment of ransomware affiliate models. This past week, these collaborations surfaced again as the FIN7 APT was involved in a ransomware attack of Ryuk. Furthermore, the threat actors behind MountLocker ransomware published data on one of Ragnar Locker’s victims on their website, which indicates that these two groups have a strong business relationship.
-
28-Dec-2020
Latest Reports on Recent Vulnerabilities and Exploitation Attempts
Label: Threat AdvisoryThreat Level: HighIn the past week, Microsoft released a note updating users that, after a failed security fix, a high-severity Windows Zero-Day that could lead to a complete desktop takeover remains exposed. Additionally, this week Kubernetes disclosed a new security issue that affects every version of Kubernetes. The vulnerability is a Man-in-the-Middle (MITM) vulnerability with the most significant impact on multitenant clusters.
-
21-Dec-2020
Recent Phishing Campaigns Targets Organizations Around the World
Tags:Label: Threat AdvisoryThreat Level: HighThis past week, security researchers identified new global phishing campaigns that leverage the COVID-19 pandemic and related developments to steal credentials from unsuspecting victims. This information can then be leveraged for multiple malicious purposes, mainly to penetrate the target’s network for cyber-espionage activities or to be sold to threat actors in underground markets. Researchers also warned the public about a massive spear-phishing campaign, targeting enterprises to steal corporate credentials. Similarly, another new phishing campaign aims to steal employee credentials by impersonating a Microsoft Teams notification.
-
21-Dec-2020
Latest Reports on Recent Malware Campaigns
Tags:Label: Threat AdvisoryThreat Level: HighThis past week, researchers shared a new analysis of the SocGholish framework, which uses IFrame injections to gain initial access for various malware payloads, including the Dridex banking trojan and the WastedLocker ransomware. Researchers analyzed the new malware version of the Agent Tesla keylogger, which now has some new stealing and exfiltration capabilities. In addition, researchers published a report focusing on Pawn Storm’s latest campaigns, seemingly successful due to their relatively simplistic techniques.
-
On Demand: Visibility Into the Vulnerabilities That Matter
Maintaining incident responses and focusing on SOCs, and the significance of keeping a secure environment while handling ongoing infrastructure challenges. Join >
-
On Demand: Continuously Identify Threat Detection Gaps and Optimize Response Action
C-suite communication hurdles, and the significance of goal prioritization before the purchasing of cyber security solutions. Join >
-
On Demand: Collaborating With the Right Skills at the Right time
Risk-driven approaches to vulnerability management, and how a business risk perspective should shapes cyber security over time. Join >
-
On Demand: Modernizing and Scaling Your Security in the Cloud, For the Cloud
The significance of automation to strength security performance and the organizational benefits of a cloud-scalable transformation. Join >
-
On Demand: Reality Check On Global Security In Uncertain Times
Explore the steps to protect against instabilities and threats, the crucial duty to protect consumer data, and organizational cyber security. Join >
-
On Demand: The CISO Playbook for Measuring Cyber Risk
Learn how organizations can defend themselves against an ever-changing threat landscape by leveraging an agile detection and response framework as a preventative control as well as how to fill the security gap with readily available tools like MITRE ATT&CK, NIST, and others. Join >
-
On Demand: Building A Smarter SOC In The New Normal
The evolution of SOC responsibilities, and the key attributes to building a smarter SOC. Join >
-
On Demand: Using Automation and Data Analytics to Combat Increasing Cyber Threats
How the cyber security landscape in Australia has been altered due to COVID-19 Join >
-
On Demand: Best Practices Using Attack Simulations to Improve SOC Efficiency
Improve SOC efficiency using attack simulations Join >
-
On Demand: Measuring and Improving Cyber Defense Using The MITRE ATT&CK Framework
Measuring and Improving Cyber Defense Using The MITRE ATT&CK Framework Join >
-
On Demand: Focusing on the Vulnerabilities That Matter Most
Discover how a threat-centric approach to vulnerability management provides an accurate and continuous view of risk exposure to organizations. Join >
-
On Demand: The Essentials of a Smarter SOC in the New Normal
Learn how intelligent SIEMs build smarter SOCs Join >
-
On Demand: InfoSec in India – Before, During, and After COVID-19
Learn how CISOs can prioritize threat intelligence operations and provide security support and training. Join >
-
On Demand: Security & Privacy Trends in the COVID-19 Era
In this webinar you'll learn ways to use security to support business, protect brands, and promote trust. Join >
-
On Demand: DevSecOps – How To Do More With Less
In this webinar you'll gain insights on the value of DevSecOps initiatives. Join >
-
On Demand: Is AI Being Weaponized by Cyber Criminals?
Are hackers really using AI to enhance their attacks? If so, what does this mean for the companies that have adopted this technology? Join >
-
On Demand: Streamlining Your Response to Cyber Attacks – An Analyst’s Perspective
Learn how the CyberProof platform helps analysts streamline response time to cyber attacks Join >
-
On Demand: Introduction to Pro-Active Intruder Hunting – Part 2
Learn how to build an effective and proactive Intruder Hunting Program. Join >
-
On Demand: Introduction to Pro-Active Intruder Hunting – Part 1
Learn how to build an effective and proactive Intruder Hunting Program. Join >
-
On Demand: New Approaches To DFIR That Can Radically Reduce Your Time To Respond to Attacks
Learn about new approaches to DFIR that can radically reduce your attack response time. Join >
-
On Demand: How to Reverse Cyber Security’s Staffing Shortage
Learn how you can reverse cyber security’s staffing shortage via best hiring and security automation. Join >
-
On Demand: How AI Can Increase the Efficiency of Your SOC
Learn how AI and automation can increase the security posture of the enterprise. Join >
-
On Demand: How Threat Intelligence-Driven Security Operations Leads to Reduces Cyber Incidents
Learn how to spot and block malicious actors before they become attackers with threat intelligence-driven security operations. Join >
-
On Demand: SANS SOC Survey: Best Practices for Security Operations Centers
The 2019 SANS Security Operations Center (SOC) Survey is focused on providing objective data to security leaders who are looking to establish a SOC or optimize an existing one. This webcast will capture common and best practices, provide defendable metrics that can be used to justify SOC resources to management, and highlight the key areas that SOC managers should prioritize to increase the effectiveness and efficiency of security operations. Join >
-
On Demand: New Insights Uncover Ways to Reduce Risk
Security Thought Leadership: New insights uncover ways to reduce risk Join >

-
Ebook: Augmenting Your Security Operations Center
How financial organizations can augment security operations to help mitigate risk. DOWNLOAD >
-
Managed Security with Microsoft Azure
CyberProof Managed Security Services Pre-Integrated With Microsoft Azure Security Stack DOWNLOAD >
-
On Demand: Visibility Into the Vulnerabilities That Matter
Maintaining incident responses and focusing on SOCs, and the significance of keeping a secure environment while handling ongoing infrastructure challenges. JOIN »
-
On Demand: Continuously Identify Threat Detection Gaps and Optimize Response Action
C-suite communication hurdles, and the significance of goal prioritization before the purchasing of cyber security solutions. JOIN »
-
On Demand: Collaborating With the Right Skills at the Right time
Risk-driven approaches to vulnerability management, and how a business risk perspective should shapes cyber security over time. JOIN »
-
On Demand: Modernizing and Scaling Your Security in the Cloud, For the Cloud
The significance of automation to strength security performance and the organizational benefits of a cloud-scalable transformation. JOIN >

TONY VELLECA | CHIEF EXECUTIVE OFFICER
Tony is CyberProof’s CEO and is CISO at UST Global. Tony previously co-founded and was CTO at huddle247.com, rated by PC Magazine as one of the top virtual workspace solutions in 2000. He previously worked for Boeing and Rolls-Royce, Inc. focusing on conceptual design and optimized propulsion systems for next generation aircraft. He holds a BS degree in Aerospace Engineering from Georgia Institute of Technology and an MBA from University of California, Irvine.
-
On-demand Webinar
On Demand: Collaborating With the Right Skills at the Right time
Risk-driven approaches to vulnerability management, and how a business risk perspective should shapes cyber security over time.
-
On-demand Webinar
On Demand: Reality Check On Global Security In Uncertain Times
Explore the steps to protect against instabilities and threats, the crucial duty to protect consumer data, and organizational cyber security.
-
On-demand Webinar
On Demand: The CISO Playbook for Measuring Cyber Risk
Learn how organizations can defend themselves against an ever-changing threat landscape by leveraging an agile detection and response framework as a preventative control as well as how to fill the security gap with readily available tools like MITRE ATT&CK, NIST, and others.
-
Blog
How to Prioritize Your 2021 Cyber Security Budget – 5 Tips for CISOs
Our security needs have grown this year – yet, security budgets in the current economic climate are tighter than ever.
Our security needs have grown this year – yet, security budgets in the current economic climate are tighter than ever.
-
On-demand Webinar
On Demand: Measuring and Improving Cyber Defense Using The MITRE ATT&CK Framework
Measuring and Improving Cyber Defense Using The MITRE ATT&CK Framework
-
Blog
5G Will Redefine Cyber Security Operations
5G is the next generation of mobile Internet connectivity, offering 100Xs faster transmission speeds and lower latency – thereby improving network performance, device connections, and application availability. 5G also has 1000Xs greater data capacity, providing a dramatic jump in support for simultaneous device connection. And, 5G creates a better user experience through value-added services enabled by network slicing – in which operators can offer emergency services and other priority clients dedicated bandwidth, letting them avoid sluggish speeds during periods of peak demand.
5G is the next generation of mobile Internet connectivity, offering 100Xs faster transmission speeds and lower latency – thereby improving network performance, device connections, and application availability. 5G also has 1000Xs greater data capacity, providing a dramatic jump in support for simultaneous device connection. And, 5G creates a better user experience through value-added services enabled by network slicing – in which operators can offer emergency services and other priority clients dedicated bandwidth, letting them avoid sluggish speeds during periods of peak demand.
-
Blog
The New Normal – Staying “Cyber Safe” with Remote Workers
With the decision of Indian Prime Minister Narendra Modi to implement a country-wide lockdown last Tuesday, as much of a third of humanity is now at home – around 2.6 billion people –according to Agence France-Press. Those who are able to, are trying to continue to hold down jobs by keeping up with work from home - but the home technology isn’t always up to the task.
With the decision of Indian Prime Minister Narendra Modi to implement a country-wide lockdown last Tuesday, as much of a third of humanity is now at home – around 2.6 billion people –according to Agence France-Press. Those who are able to, are trying to continue to hold down jobs by keeping up with work from home - but the home technology isn’t always up to the task.
-
On-demand Webinar
On Demand: Is AI Being Weaponized by Cyber Criminals?
Are hackers really using AI to enhance their attacks? If so, what does this mean for the companies that have adopted this technology?
-
Blog
Security Automation: The Key to a Smarter SOC
In the wake of increasingly sophisticated cyber security threats, the pressure on enterprise security teams intensifies. While detection tools have advanced significantly, security teams continue to be overwhelmed in their response - whether it’s due to alert fatigue, challenges of prioritization, or their inability to make sense of the vast volume of data being generated by all the tools.
In the wake of increasingly sophisticated cyber security threats, the pressure on enterprise security teams intensifies. While detection tools have advanced significantly, security
teams continue to be overwhelmed in their response - whether it’s due to alert fatigue, challenges of prioritization, or their inability to make sense of the vast volume of data being generated by all the tools.
-
Blog
How AI Can Improve Your SOC Efficiency
In cyber security circles, the term AI1 means lots of things to different people. But when we talk to customers, we find the term is overused and often misunderstood. So, let’s explore what exactly AI means to cyber professionals, and how it can improve your SOC efficiency and bring value to security teams.
In cyber security circles, the term AI1 means lots of things to different people. But when we talk to customers, we find the term is overused and often misunderstood. So, let’s explore what exactly AI means to cyber professionals, and how it can improve your SOC efficiency and bring value to security teams.
-
Blog
5 SOC Augmentation Lessons for Proactive Cyber Security
SOC augmentation is all about scaling capabilities with proactive cyber security services from a third-party provider. In recent years, security providers have taken advantage of new technologies to expand SOC-as-a-service (SOCaaS) offerings.
SOC augmentation is all about scaling capabilities with proactive cyber security services from a third-party provider. In recent years, security providers have taken advantage of new technologies to expand SOC-as-a-service (SOCaaS) offerings.
-
On-demand Webinar
On Demand: How AI Can Increase the Efficiency of Your SOC
Learn how AI and automation can increase the security posture of the enterprise.
-
On-demand Webinar
On Demand: New Insights Uncover Ways to Reduce Risk
Security Thought Leadership: New insights uncover ways to reduce risk
-
Blog
6 New Year Promises for your Security Service Provider
As 2019 is just beginning, we can’t help wondering: What can security service providers expect in the coming year?
Tony Velleca, CEO of CyberProof, shares his top cyber security insights and predictions on trends, threats and innovative solutions, including those that will be of particular importance to clients this year.As 2019 is just beginning, we can’t help wondering: What can security service providers expect in the coming year?
Tony Velleca, CEO of CyberProof, shares his top cyber security insights and predictions on trends, threats and innovative solutions, including those that will be of particular importance to clients this year. -
Blog
What you need to know about cyber maturity and why it matters
Significant data breaches have become a common occurrence. Just last month, Expedia-owned Orbitz revealed that it had been hacked and 880,000 customer records, including credit card numbers, were likely stolen.
Significant data breaches have become a common occurrence. Just
last month,
Expedia-owned Orbitz
hacked
and 880,000 customer records, including credit card numbers, were
likely stolen.
Independent Evaluation of the Top Midsize MSSPs
Read the report