SPEAK WITH AN EXPERT

CyberProof Acquires Interpres Security

A Gartner distinguished vendor in Continuous Threat Exposure Management (CTEM) and Automated Security Control Assessments (ASCA).

Read More
 CyberProof, a UST company, and Interpres logos on a black background, showcasing their strength in cyber security.

Better Security, Together

Our worldwide security operations teams work closely with your enterprise security organization, collaborating to deliver better security together, to protect you today against tomorrow’s threats.

 invisible

AI In Action

CyberProof put AI into actionable insights, by augmenting security operations through AI powered virtual assistance to deliver better security, together services.

Cloud First Security

CyberProof is a cloud first security operations company, enabled through key cloud partners, to help deliver the most cutting edge security services to help protect your enterprise.

 invisible

Detect, Respond, Adapt – Everywhere

CyberProof’s MXDR platform powered by AI adapts the most complex evolving threat landscape, continuously aggregating threat intelligence and responding, identifying and mitigating risk within your enterprise.

SecOps & Risk mitigation

Tailored threat intelligence

CyberProof uses OSINT and threat intelligence feeds for visibility into threats.

Use case management

CyberProof’s adaptable playbooks address continuously evolving threats with updated strategies.

Advanced threat hunting & security operations

Professionals manage sophisticated networks, leveraging experience to counter advanced threats.

Advanced threat hunting

Professionals manage sophisticated networks, leveraging experience to counter advanced threats.

Incident response retainer

24/7 global SOC support ensures incident response with guaranteed SLA.

Incident response retainer

24/7 global SOC support ensures incident response with guaranteed SLA.

Data security

CyberProof develops recovery plans, restoring capabilities after a cyber incident.

Asset management and classification

Classify and manage enterprise assets, understanding risks and data sensitivity.

Manual & automated penetration testing

Non-destructive tests uncover potential exploits in assets and applications.

Security awareness & training

Mitigate security issues early with CyberProof’s training and awareness programs.

Application security (AppSec)

Rigorous security assessment for on-premise and cloud applications to ensure protection.

Identity & access management (IAM)

IAM manages user access, monitors for anomalies, ensuring security.

Cloud security posture management (CSPM)

Cloud First approach ensures compliance and security within cloud environments.

Security platform management

Managed service for SIEM, EDR, MXDR, and threat intelligence solutions.

Vulnerability management (VM)

Identify, assess, and mitigate security vulnerabilities through regular scanning.

Partners

HyperScaler Cloud Native SIEM
SIEM Platforms
EDR
VM
IT/IOT
Threat Intel
Breach & Attack
See all partners

“Today I have complete visibility into the entire environment, in real time”

Jamil Farshchi | Equifax CISO

Watch Video Testimonial

CyberProof Acquires Interpres Security

By leveraging and integrating the Interpres Security CTEM solution into its security services portfolio, CyberProof is able to continuously identify, assess, and prioritize risk while adapting defense services, like MDR, Vulnerability management and Use case management to address ever evolving threats. Take proactive steps to fortify your security today!

Schedule Assessment

Start the journey today

SPEAK WITH AN EXPERT

Case Studies

Retail
Retail

Retail Company Reduces Data Costs by 85% with SIEM Transformation

The client is a leading retailer with over 1,000 stores across the United States and Canada. They offer a wide range of products and services to both consumers and businesses. To streamline their security infrastructure, the company decided to consolidate under a single, trusted cloud vendor. As an existing Microsoft 365 user, they embraced Microsoft’s comprehensive security suite, aligning their security approach with the industry’s best cloud security solutions. 
Read more
Banking
Banking

90% increase in visibility after deploying Microsoft XDR with CyberProof

CyberProof worked together with Microsoft to provision and deploy the Microsoft XDR capability and integrate it with the client’s current Managed Detection & Response (MDR) service with CyberProof. This was done by leveraging the CyberProof Defense Center (CDC) platform, which supports collaborative, real-time security operations for all stakeholders through orchestration and smart automation.
Read more
Financial Services
Financial Services

Enterprise saves millions on data ingestion & storage following cloud migration.

CyberProof’s deployment for this client includes one of the first commercial deployments of the Microsoft Sentinel cloud SIEM solution, helping dramatically reduce the cost of log ingestion and storage as the client migrated to cloud-native security operations, leveraging Azure Data Explorer (ADX) together with the CyberProof Log Collection (CLC) tool.
Read more
Insurance
Insurance

SOC unification streamlines enterprise insurance company’s security & network monitoring operations.

The client is a large insurance carrier with offices in multiple locations. The client initially turned to CyberProof after having issues with their previous service vendor, who was providing security alerts but conducting no real triage.
Read more
Healthcare: Pharmaceuticals
Healthcare: Pharmaceuticals

Global medical devices company gains visibility and meets stringent compliance standards across global geos

The client is a leading European-based, global pharmaceutical company that offers advanced tests and systems for disease diagnosis, monitoring, and treatment guidance. Operating in over 100 countries with over 40,000 employees, they serve millions of customers worldwide in numerous research and production facilities.
Read more
Healthcare: Pharmaceuticals Dental
Healthcare: Pharmaceuticals Dental

Pharmaceutical organization significantly enhances threat detection and response times

The customer decided to enhance their cybersecurity capabilities by partnering with CyberProof, focusing on comprehensive and proactive protection measures. CyberProof’s deployment for this customer included a full suite of managed cybersecurity services tailored to meet their specific needs.
Read more
All case studies

Threat Alerts

Russian Ransomware Group Exploits Zero-Day Vulnerability in Microsoft Management Console

31-Mar-2025
Label: Ransomware
Threat Level: Medium

Researchers have uncovered a campaign by the Russian threat actor Water Gamayun that exploits a zero-day vulnerability in the Microsoft Management Console framework, named MSC EvilTwin (CVE-2025-26633, CVSS 7.0). This attack manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payloads, maintain persistence, and steal sensitive data from infected systems. Organizations that heavily use Microsoft’s administrative tools are particularly at risk, potentially facing data breaches and significant financial losses.

The attack leverages three main techniques to execute malicious code. First, the MSC EvilTwin technique creates two identical .msc files—one clean and one malicious—with the malicious version placed in an en-US directory. When the clean file is executed, the system loads the malicious version instead due to how mmc.exe handles MUIPath. Second, attackers use the ExecuteShellCommand method within MMC to run shell commands through web rendering in MSC files. Third, they create mock trusted directories with names similar to legitimate system paths but with added spaces or special characters to bypass security checks. The attack begins with digitally-signed MSI files disguised as popular Chinese software that fetch the MSC EvilTwin loader from command-and-control servers. This loader then creates deceptive directories and executes the non-malicious version of WmiMgmt.msc, triggering the EvilTwin technique.

The Water Gamayun arsenal includes multiple modules such as the EncryptHub stealer, DarkWisp backdoor, SilentPrism backdoor, and Rhadamanthys stealer. These components work together to maintain persistence and exfiltrate sensitive data to the attackers’ servers. The vulnerability was disclosed through a bug bounty program, and a patch was released on March 11, 2025. This campaign demonstrates how threat actors continue to refine their tactics by exploiting vulnerabilities in legitimate Windows components, allowing them to proxy malicious code execution through trusted system binaries.

Morphing Meerkat Campaign Abuses DNS MX Records and Phishing-as-a-Service Infrastructure

31-Mar-2025
Label: Malware
Threat Level: Medium

A sophisticated and long-running phishing operation, tracked as Morphing Meerkat, has been observed distributing large-scale phishing campaigns through a phishing-as-a-service (PhaaS) platform. The threat actor sends thousands of spoofed emails that lead to credential harvesting pages tailored to each victim’s email provider. The campaign employs advanced detection evasion techniques and abuses DNS infrastructure to dynamically generate targeted phishing content. This campaign shows signs of centralized management and ongoing development.

Technically, Morphing Meerkat’s phishing kits identify a victim’s email service provider by querying DNS mail exchange (MX) records using DNS over HTTPS (DoH). Based on the MX record, the kit dynamically serves a phishing template imitating the appropriate brand (e.g., Gmail, Outlook, Yahoo). The phishing pages can display in over a dozen languages and automatically pre-fill the victim’s email address. Additional layers of evasion include redirecting suspicious users to legitimate login pages and blocking browser interactions like right-clicking or viewing source code.

The spam emails often leverage open redirect vulnerabilities on adtech infrastructure or are delivered through compromised WordPress sites and free hosting services. Links typically contain fragment identifiers with the victim’s email address to personalize the phishing flow. Once credentials are collected, they are exfiltrated using multiple channels including EmailJS, Telegram bot APIs, or AJAX to actor-controlled endpoints. The kits are heavily obfuscated, using Base64, ASCII character conversion, and decoy code to hinder analysis.

Explore all

Awards

 Excellence Awards 2024 finalist banner for CyberProof, a UST company, showcasing diversity in security through Microsoft Security and the Microsoft Intelligent Security Association, with a focus on MDR and SIEM solutions.
 Forbes award
 mssp top 250 2024
 ISG Provider Lens 2024 Quadrant image showcasing Cybersecurity Solutions and Services. Managed Security Services - SOC and MDR (Midmarket). Recognized as Leader, U.S.
 ISG Provider Lens 2024 Quadrant: Cybersecurity – Solutions and Services, Strategic Security Services (Midmarket), with a focus on MSSP, Leader, U.S." proudly displayed at the top with a trophy icon in the bottom right corner.
 ISG Provider Lens 2024 Quadrant for Cybersecurity Solutions and Services highlights Technical Security Services (Midmarket), emphasizing MxDR capabilities, with a "Leader, U.S." designation and a trophy icon.
 Gold award badge for cybersecurity, highlighting "2024 Globee Awards Gold Winner" and featuring a globe design embraced by laurel branches. Celebrated in the realms of MSSP and SecOps, this accolade represents excellence in managing security operations worldwide.
 Globee Awards logo with "2024 Globee Awards Silver Winner in Cybersecurity" text below, recognizing excellence in SOC solutions.
 Microsoft Solutions Partner badge for Security, enhanced by SOC capabilities, features Cloud Security and Threat Protection.
 The Microsoft Intelligent Security Association member badge proudly displays the Microsoft Security logo along with a label certifying it as a "Microsoft Verified Managed XDR Solution," highlighting its integration with leading SIEM and MSSP technologies.
 Google Cloud Partner logo featuring a colorful cloud icon, seamlessly integrating elements of SecOps and MxDR.
 The Intertek logo, featuring a globe with a grid pattern alongside the text "ISO 27001 Certification," embodies trust and security. It integrates seamlessly with modern SecOps approaches to enhance compliance and SIEM efficiencies.
 A badge proudly displaying "SOC 2" and "A-LIGN," featuring a geometric logo above, a gradient line below, and seamlessly integrated with the latest MxDR innovations.
 AICPA SOC seal in shades of blue with text "aicpa.org/soc4so" and "SOC for Service Organizations | Service Organization," tailored for MSSP efficiency.
 Crest logo featuring icons for security, certification, and SecOps with a blue and teal color scheme.
 MSSP Alert logo with text: "The Top 250 MSPs, 2023 Edition" in red and white, celebrating excellence in the ever-evolving SecOps landscape.
 The logo for the 2023 Global InfoSec Awards winner from Cyber Defense Magazine features a circular design with text and subtly incorporates elements of SOC excellence.
 Logo of Cyper Tech Two featuring two concentric rings, symbolizing their cutting-edge SecOps solutions, with the website URL www.CyperTechTwo.com displayed below.
 Cyber Security Excellence Awards badge, labeled "Winner 2022" in the MDR category.
 Badge with text "Big Innovation 2022" surrounding a lightbulb icon, symbolizing groundbreaking ideas in fields like SecOps and MDR.
 2021 Global InfoSec Awards Winner badge from Cyber Defense Magazine for excellence in Adaptive Managed xDR.
 Cybersecurity Speakt

Resources

Explore resources

Start the journey today

SPEAK WITH AN EXPERT