SecOps & Risk mitigation
CyberProof uses OSINT and threat intelligence feeds for visibility into threats.
CyberProof’s adaptable playbooks address continuously evolving threats with updated strategies.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
24/7 global SOC support ensures incident response with guaranteed SLA.
24/7 global SOC support ensures incident response with guaranteed SLA.
CyberProof develops recovery plans, restoring capabilities after a cyber incident.
Classify and manage enterprise assets, understanding risks and data sensitivity.
Non-destructive tests uncover potential exploits in assets and applications.
Mitigate security issues early with CyberProof’s training and awareness programs.
Rigorous security assessment for on-premise and cloud applications to ensure protection.
IAM manages user access, monitors for anomalies, ensuring security.
Cloud First approach ensures compliance and security within cloud environments.
Managed service for SIEM, EDR, MXDR, and threat intelligence solutions.
Identify, assess, and mitigate security vulnerabilities through regular scanning.
Partners
See all partners“Today I have complete visibility into the entire environment, in real time”
Jamil Farshchi | Equifax CISO
Case Studies
90% increase in visibility after deploying Microsoft XDR with CyberProof
Enterprise saves millions on data ingestion & storage following cloud migration.
International logistics company sees 40% savings in security operations costs
Threat Alerts
Google Patches Two High-Severity Vulnerabilities in Chrome’s WebGPU and WebRTC
Google has recently patched two critical vulnerabilities in Chrome -CVE-2024-10487 and CVE-2024-10488—with a critical CVSS score of 9.8 due to the significant risks they pose. CVE-2024-10487, an out-of-bounds write flaw in the WebGPU component, could allow attackers to execute arbitrary code by exploiting memory allocation errors. Meanwhile, CVE-2024-10488 is a use-after-free vulnerability within WebRTC, which could lead to data leaks and security breaches through memory corruption.
The out-of-bounds write flaw in CVE-2024-10487 allows attackers to manipulate memory allocation improperly, creating opportunities for code execution. This vulnerability is particularly concerning due to the widespread use of Chrome’s WebGPU in handling intensive graphics applications, making it an attractive target for attackers aiming to exploit memory manipulation techniques. On the other hand, CVE-2024-10488’s use-after-free vulnerability in WebRTC, a component central to real-time communication, introduces risks as it can lead to memory corruption and data exposure when left unpatched.
While active exploitation has not yet been observed, the critical severity underscores the need for immediate patching to mitigate potential risks to users’ systems and data.
TeamTNT’s New Cloud-Native Campaign Targets Docker Environments with Sliver Malware
In a recent large-scale campaign, the hacking group TeamTNT has resurfaced, targeting cloud-native environments, particularly Docker instances, to exploit their resources for profit. This campaign, identified by various unique signatures and infrastructure from past TeamTNT operations, leverages compromised Docker instances by appending them to Docker Swarms and using Docker Hub to distribute malicious payloads. A new addition is the adoption of Sliver malware, replacing the group’s traditional Tsunami backdoor to enhance stealth and control.
The attack flow begins with initial access via exposed Docker daemons on ports commonly associated with Docker services. TeamTNT uses a custom script, “Docker Gatling Gun,” to scan vast IP ranges for vulnerable instances, deploying a container from their compromised Docker Hub account. This container runs an Alpine Linux image embedded with malicious commands, launching a script to begin the infection process.
TeamTNT’s tactics involve lateral movement across compromised networks by deploying aggressive scanning tools like Masscan and ZGrab to identify additional vulnerable servers. Once infiltrated, these servers are co-opted into cryptomining operations or are rented out, allowing TeamTNT to profit indirectly from third parties. The attackers have also introduced advanced command and control (C&C) capabilities via Sliver malware, which supports multiple C&C protocols and dynamically encrypted implants, improving stealth and persistence.
This campaign underscores TeamTNT’s focus on cryptomining as a primary objective, exploiting cloud-native resources to maximize their financial gain.