SecOps & Risk mitigation
CyberProof uses OSINT and threat intelligence feeds for visibility into threats.
CyberProof’s adaptable playbooks address continuously evolving threats with updated strategies.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
24/7 global SOC support ensures incident response with guaranteed SLA.
24/7 global SOC support ensures incident response with guaranteed SLA.
CyberProof develops recovery plans, restoring capabilities after a cyber incident.
Classify and manage enterprise assets, understanding risks and data sensitivity.
Non-destructive tests uncover potential exploits in assets and applications.
Mitigate security issues early with CyberProof’s training and awareness programs.
Rigorous security assessment for on-premise and cloud applications to ensure protection.
IAM manages user access, monitors for anomalies, ensuring security.
Cloud First approach ensures compliance and security within cloud environments.
Managed service for SIEM, EDR, MXDR, and threat intelligence solutions.
Identify, assess, and mitigate security vulnerabilities through regular scanning.
Partners
See all partners“Today I have complete visibility into the entire environment, in real time”
Jamil Farshchi | Equifax CISO
Case Studies
90% increase in visibility after deploying Microsoft XDR with CyberProof
Enterprise saves millions on data ingestion & storage following cloud migration.
International logistics company sees 40% savings in security operations costs
Threat Alerts
Glove Stealer Unveiled Bypassing Chrome’s Advanced Encryption
Cybersecurity teams have recently identified a new threat named ‘Glove Stealer’, which has demonstrated a remarkable ability to circumvent the App-Bound Encryption in Google Chrome that’s meant to protect sensitive user data. Although the malware might seem primitive due to its .NET construction, it utilizes the IElevator method to successfully target a range of applications, including those as sensitive as crypto wallets and password managers.
Following this initial discovery, it’s important to understand how Glove Stealer makes its way onto systems. The infiltration process begins with a phishing email that tricks users into activating a ClickFix tactic. Unknowingly, the user executes a hidden script, which triggers the download of the malware. Meanwhile, the attacker’s server cleverly disguises the Glove Stealer, delivering it as encoded data that mimics legitimate HTML content.
Building on this deceptive foundation, once the Glove Stealer becomes operational within the victim’s system, it swiftly moves to terminate browser processes. This action allows it to stay under the radar and kickstarts the data extraction phase. Methodically, it catalogs a range of stolen data including credentials and cookies, organizing them into neatly named text files, signifying they’re primed for exfiltration.
To fully achieve its purpose, Glove Stealer employs an additional tactic. It deploys a .NET module specifically designed to bypass Chrome’s encryption checks. This critical component for accessing Chrome’s encrypted data necessitates elevated privileges within the system, indicating that one of the malware’s key strategies includes obtaining local admin access during the attack, thereby heightening the threat level and emphasizing the importance of securing administrative credentials.
Lazarus Group Deploys Novel Malware Against macOS Systems
The Lazarus Group, a sophisticated North Korean APT, has been observed deploying RustyAttr, a newly discovered malware targeting macOS systems. This malware employs a novel TTP by abusing Extended File Attributes, a lesser-monitored metadata feature, to conceal malicious code and evade traditional detection mechanisms. This tactic highlights an evolution in macOS-targeting malware, underscoring the increasing sophistication of the group’s cyber-espionage operations.
The infection chain begins with RustyAttr being delivered via phishing emails or compromised websites, typically disguised as legitimate files. Upon execution, the malware manipulates extended file attributes to embed its payload, allowing it to bypass conventional security tools. Once active, RustyAttr communicates with its command-and-control (C2) servers, enabling attackers to perform advanced espionage activities such as data exfiltration, network reconnaissance, and further lateral movement within the compromised environment.
By leveraging these less-monitored areas of the operating system, Lazarus Group has enhanced its ability to evade detection and conduct prolonged campaigns against high-value targets. This advancement highlights the group’s continued focus on innovation to maintain operational effectiveness across diverse attack surfaces.