Zafran Security

?? Keeping up with patching feels like an endless treadmill. Despite all the effort, one question remains: ? Are we fixing the right vulnerabilities? ? The ones that actually pose the biggest threat—right now? That’s where Zafran comes in. ?? Unlike any other approach, we use your existing security tools to prove that 90% of critical vulnerabilities are not exploitable, then quickly mitigate and remediate the 10% that are most likely to cause an incident. Stop chasing vulnerabilities. Start managing risk. ?? #CTEM #VulnerabilityManagement #ExposureManagement

Crypto Heist ?? Black Basta Exposed ?? 61% of exploits weaponized in less than 2 days ?? Read this week's exploitation report with actionable mitigations: https://lnkd.in/g8iN6KSm 1?? The Black Basta Leak A trove of 200K internal messages from the notorious Russian cybercrime group Black Basta has been leaked, offering valuable intelligence on their exploitation strategies. The insights include their focus on one-day vulnerabilities, rapid exploit development, struggles with zero-day exploits, and preference for customized POCs. 2?? The Largest Crypto Theft in History The North Korean Lazarus group has pulled off a record-breaking $1.5 billion crypto theft by exploiting a vulnerability in the user interface of the smart contract wallet platform Safe.global. 3?? Network Device Vulnerabilities in the Spotlight Exploits targeting network devices continue to surface. A new Palo Alto?PAN-OS?vulnerability (CVE-2025-0111) has been chained with recently disclosed flaws; Meanwhile, recent findings reveal that Salt Typhoon’s exploitation of?Cisco?vulnerabilities is more extensive than previously understood, including a long-standing Cisco IOS XE flaw (CVE-2018-0171). 4?? Weaponization of Exploits Accelerating A recent report reveals that in 61% of observed cases in 2024, attackers were able to weaponize newly published exploits within 48 hours. The report also highlights a surge in SSRF attacks, driven by AI-powered exploitation tools and the resurfacing of older SSRF vulnerabilities, particularly in Microsoft Exchange (CVE-2022-41040) and VMware vRealize (CVE-2021-21975).

With over $100M in ransoms extorted, the ransomware-as-a-service cartel Black Basta recently had over 200k internal chat messages leaked.? ??What insights do these messages reveal about internal conflicts and state of operations? ??What can we learn about their tactics? ??How can security teams protect themselves from Black Basta? Understanding the adversary is key to winning the battle. https://lnkd.in/gcMuRXxK? #cybersecurity #blackbasta #vulnerabilitymanagement #exposuremanagement

FWs widely targeted ?? - Old PHP flaw raises question about EPSS and KEV ??- When Ransomhub failed to exploit ?? - A new threat to hybrid environments Read this week's exploitation report with actionable mitigations: https://lnkd.in/gYzwBTtE 1?? Firewalls Under Attack - Threat actors are actively exploiting a high-severity auth bypass in Palo Alto firewalls (CVE-2024-0108). - RA World ransomware used another PAN-OS flaw, with ties to Mustang Panda, sparking espionage suspicions. - SonicWall SSLVPN auth bypass (CVE-2024-53704) is being exploited post-PoC release, with 4,500 devices still exposed. ?? Mitigations in the blog! 2?? Old PHP Flaws Resurfacing - ThinkPHP RCE (CVE-2022-47945) & OwnCloud GraphAPI leak (CVE-2023-49103) see hundreds of percent surge in attacks. Despite past exploitation, ThinkPHP isn’t on CISA’s KEV list & has a low EPSS rating. - OwnCloud flaw was one of the most exploited of 2023, yet attacks have mysteriously spiked since February. ?? Mitigations in the blog! 3?? RansomHub’s Failed Exploit Attempt - The group (600+ victims in 2024) failed to weaponize PAN-OS CVE-2024-3400, resorting to VPN brute-force instead. - But post-compromise, they escalated privileges via NoPac (CVE-2021-42278) & ZeroLogon (CVE-2020-1472). ?? Mitigations in the blog! 4?? BlackLock Ransomware Threatens Hybrid Environments - The fastest-growing RaaS group in 2025 exploits on-prem to cloud sync for initial access. - Developing targeted capabilities for Microsoft Entra Connect & IAM solutions.

??Innovation never sleeps. Congrats to our Product and R&D Teams for recently pushing Exposure Tracker to production. ?? Working with design partners, Zafran built Exposure Tracker to help customers measure risk improvement and more easily communicate security value to business stakeholders. ??Read the blog by Romy Moav to learn more. https://lnkd.in/gQfPWXMC #ExposureManagement #VulnerabilityManagement #CTEM

???Zafran are excited to announce our appointment to the Check Point Technical Alliance Program! https://lnkd.in/g-jd5sdZ ?? Zafran Security has created an entirely new operating model for threat and vulnerability management. We use your existing security defenses, such as Check Point Quantum Firewalls, to prove that 90% of vulnerabilities are not exploitable, and use those same defenses to rapidly mitigate risk. See more clearly, prioritize more effectively, and address your biggest threats now, without waiting on patching. That’s the power of Zafran. ??Come meet with Zafran’s Head of Solution Architecture, Tomer Admon, at Check Point Software CPX Americas, Feb 25-26, Booth 11, in Las Vegas.??? #CPX2025 #ExposureManagement #EAP #ThreatManagement #CTEM

Fortinet confusion (again) ?? Microsoft's Outlook and LDAP targeted again ?? OpenSSL exposed ??? Cybercrime works for state ??? Read this week's exploitation report with actionable mitigations: https://lnkd.in/g-VHGrFQ 1?? Has the new Fortinet vulnerability been exploited? Following the widespread exploitation of?CVE-2024-55591?in January, another?FortiOS flaw (CVE-2025-24472)?is raising concerns. This vulnerability, triggered via crafted CSF Proxy requests, grants attackers?super-admin privileges?on Fortinet firewalls. It remains unclear whether this flaw has been actively exploited, and Fortinet recently retracted a prior statement acknowledging attacks on corporate targets. Mitigations available in the blog. 2?? Microsoft’s latest updates revealed several interesting vulnerabilities: A newly discovered flaw in Microsoft?Outlook?(CVE-2024-21413) allows attackers to bypass built-in protections for malicious links, and this exploit has already been observed in the wild. Also, a newly identified?LDAP?vulnerability (CVE-2025-21376), though not yet exploited, is considered highly likely to be leveraged soon. It enables a buffer overflow that can be used for remote code execution Mitigations available in the blog. 3?? Severe vulnerability has been found in OpenSSL Project For the first time in two years, a high-severity vulnerability (CVE-2024-12797) has been discovered in OpenSSL. This flaw causes server authentication failures for clients using raw public keys (RPKs) and could potentially enable man-in-the-middle (MITM) attacks. 4?? Google has warned that cybercrime groups are increasingly posing national security threats, with some actively supporting state objectives. Researchers highlighted recent activities by the Russian RomCom group, which leveraged zero-day vulnerabilities in Microsoft Word (CVE-2023-36884) and Firefox (CVE-2024-9680) to target Ukrainian organizations.

From Playbook to Protection: What Football Can Teach Us About CTEM ?? Super Bowl weekend is here! Time for overpriced commercials, a halftime show we’ll all be debating on Monday, and an unreasonable amount of snacks. But while teams battle it out on the field, let’s talk about another kind of playbook—the one that keeps your security team from getting blitzed. At its core, football—and cybersecurity—is a game of preparation, adaptation, and execution. No team walks onto the field blindly hoping for the best (unless they want to get steamrolled). Similarly, organizations can’t rely on outdated vulnerability management strategies and expect to stay ahead of attackers.? Read the blog for more detail from Zafran's Field CISO, Nathan Rollings: https://lnkd.in/gjDAVnfy #cybersecurity #CTEM #threatmanagement #vulnerabilitymanagement #riskmanagement #SuperBowl

?? Tactics shifting to vuln exploitation - 786 exploited vulns in 2024 ?? Read this week's exploitation report with actionable mitigations: https://lnkd.in/gqUZWGzR 1?? More threat groups are focusing on vulnerability?exploitation: Recent analysis of the notorious Russian state?actor?APT28?reveals a growing reliance on?exploiting?vulnerabilities for initial access, including Follina and Print Spooler vulnerabilities, as flaws in WinRAR, Outlook, or RoundCube Webmail. 2?? Vulnerability?exploitation?is now the leading initial access tactic: Research indicates that in?Q4 2024, web-facing application vulnerabilities became the top entry point, surpassing the use of valid accounts. Notably, 25% of recorded compromises involved environments where EDR solutions were either absent or misconfigured. 3?? Vulnerabilities are being?exploited?faster than ever: In 2024, 784 vulnerabilities were reported as?exploited?in the wild. Nearly 25% were zero-days, meaning they were leveraged on or before their public disclosure, while 50% were?exploited?within six months of disclosure.

?? Chapter 5 of the Vulnerability & Exposure Management Survival Guide blog series is live! This edition focuses on Mitigation & Remediation, the ultimate goal of managing vulnerabilities and exposures to reduce risk and protect your organization. Learn how to: ? Deploy immediate mitigations to reduce risk before full remediation ? Proactively use tools like WAFs, IPS, and EDR to defuse threats ? Motivate stakeholders through governance, gamification, and recognition ?? Industry expert Nathan Rollings, Field CISO at Zafran, shares actionable strategies to implement faster threat responses and foster a culture of timely vulnerability management. ?? Read the full blog: https://lnkd.in/gGrGV24c #ExposureManagement #VulnerabilityManagement #ThreatManagement #CTEM