This document will help and guide you to start your first threat hunting based on MITRE ATT&CK Tactics.
ReconnaissanceObjective:Identify potential reconnaissance activity on the network
Description:Reconnaissance is an important phase of an attack, where the attacker gathers information about the target system and network.…
Windows Event Logs mindmap provides a simplified view of Windows Event logs and their capacities that enables defenders to enhance visibility for different purposes:
Log collection (eg: into a SIEM)Threat huntingForensic / DFIRTroubleshootingScheduled tasks:Event ID 4697 , This event generates when new service was installed in the system.…____________________ Summary: The XZ Utils Data Compression Library has a vulnerability that impacts multiple Linux distributions. It is recommended to downgrade to an uncompromised version or migrate to updated releases.
Key Points: * The vulnerability, CVE-2024-3094, has a critical severity level. * The vulnerability is a result of a supply chain compromise in versions 5.6.0 and 5.6.1 of XZ Utils.…
Threat Actor: Unknown Victim: Windows users
Information:
The threat actor is offering a Windows 1-day Local Privilege Escalation (LPE) exploit for sale.
The exploit is identified as CVE-2024-26169 and is categorized as a Windows Error Reporting Service Elevation of Privilege Vulnerability.
The vulnerability allows attackers to gain SYSTEM privileges.…
Summary: A new Linux privilege-escalation exploit has been discovered, allowing users to gain root access to vulnerable machines. The exploit affects various Linux distributions and has a high success rate on certain kernel versions.
Key Point:
Exploit grants root access to vulnerable Linux machines
Vulnerability tracked as CVE-2024-1086 with a severity rating of 7.8
Patch released at the end of January, but updates are still rolling out
Exploit technique involves manipulating page tables to gain unauthorized control over system memory
Source code for exploit PoC is available on GitHub
———————-
A Linux privilege-escalation proof-of-concept exploit has been published that, according to the bug hunter who developed it, typically works effortlessly on kernel versions between at least 5.14 and 6.6.14. …
Summary: Nvidia’s ChatRTX bot has been patched for security vulnerabilities, including privilege escalation and remote code execution, in its latest update.
Key Point 
:
– CVE‑2024‑0083 vulnerability could lead to denial of service attacks, data theft, and remote code execution.
– CVE‑2024‑0082 vulnerability allows data theft, data tampering, and privilege escalation.…
This educational session introduces the concept of Privileged Access Management (PAM), focusing on why securing privileged accounts is crucial in today’s cybersecurity landscape. The session covers the challenges associated with managing privileged accounts, the risks they pose, and how CyberArk, a leader in the PAM solution space, addresses these challenges.…
Cleartext credentials are commonly targeted in a penetration test and used to move laterally to other systems, obtain sensitive information, or even further elevate privileges. While this is a low effort finding to exploit, threat actors will utilize cleartext credentials to conduct attacks that could have a high impact for the target environment.…
DinodasRAT, also known as XDealer, is a multi-platform backdoor written in C++ that offers a range of capabilities. This RAT allows the malicious actor to surveil and harvest sensitive data from a target’s computer. A Windows version of this RAT was used in attacks against government entities in Guyana, and documented by ESET researchers as Operation Jacana.…
It’s tax season, that wonderful time of year when a refund check might be showing up in your mailbox—or going out to be sent to the government.
Around the world, many countries are gearing up for tax time.
This becomes a common time for hackers to step in.…
By Oleg Zaytsev (Guardio Labs)
Guardio Labs discovered a vulnerability in the Microsoft Edge browser, designated CVE-2024–21388. This flaw could have allowed an attacker to exploit a private API, initially intended for marketing purposes, to covertly install additional browser extensions with broad permissions without the user’s knowledge.…
Summary : Germany has warned about 17,000 vulnerable Microsoft Exchange servers exposed online, with many critical security vulnerabilities.
Key Point :
Approximately 37% of Exchange servers in Germany are severely vulnerable, affecting various institutions and companies.
Admins are urged to use current Exchange versions, install security updates, and secure instances exposed online.…
Thousands of publicly exposed Ray servers compromised as a result of Shadow Vulnerability
TL;DRThe Oligo research team has recently discovered an active attack campaign targeting a vulnerability in Ray, a widely used open-source AI framework. Thousands of companies and servers running AI infrastructure are exposed to the attack through a critical vulnerability that is under dispute and thus has no patch.…
This blog entry discusses the Agenda ransomware group’s use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.
Since its discovery in 2022, the Agenda Ransomware group (also known as Qilin) has been active and in development. Agenda, which Trend Micro tracks as Water Galura, continues infecting victims globally with the US, Argentina, and Australia, and Thailand being among its top targets (based on the threat actor’s leak site data).…
Summary:
Pwn2Own Vancouver 2024 concluded with security researchers earning $1,132,500 by demonstrating 29 zero-day vulnerabilities.
Various categories were targeted, including web browsers, cloud-native/container, virtualization, and automotive systems.
The total prize pool exceeded $1.3 million in cash prizes and a Tesla Model 3 was won by Team Synacktiv.…
In this blog, we present a proof of value study demonstrating the value of detecting attempted DNS exfiltration and Command and Control (C2) communications. Our focus is on two anonymized customers: a large e-commerce/retail company (Customer #1) and an educational institution (Customer #2).…
As AI gets baked into enterprise tech stacks, AI applications are becoming prime targets for cyber attacks. In response, many cybersecurity teams are adapting existing cybersecurity practices to mitigate these new threats. One such practice measure is red teaming: the effort to expose weaknesses in a system and develop responses to found threats by playing the role of the enemy.…