Nowadays Threat Hunting is a very popular term in the infosec community. However, there is not a widely shared definition of that role. Discrepancies persist as everyone considers their own implementation as the right way to do it. Nevertheless, although the sector has yet to agree officially on what exactly entails to be a Threat Hunter, and which is their scope of action, there are some aspects in which consensus has been reached. First, Threat Hunting has an implicit proactive nature that does not share with the traditional cybersecurity defence roles. Companies used to be restricted to take all the preventive and reactive actions available to protect their infrastructure and hope for the best: avoiding being compromised or at least ...

Continuous Threat Hunting allows early detection of threats and is more complete than Campaign-based Threat Hunting The classic Threat Detection model has traditionally been considered reactive, understanding this reactivity from the perspective of investigations carried out after the generation of a previous alert. Until recently, technology was unable to gather enough reliable information (telemetry) to detect malicious patterns that escape traditional detection systems. However, with sufficient technological maturity, Threat Hunting is emerging as a new service to search for these threats proactively. What is and what is not Threat Hunting? The fact that there is no univocal consensus on what is and what is not Threat Hunting is particularly revealing. The following examples are examples that can commonly generate some ...

CVE-2024-30078 is a Windows Wi-Fi driver vulnerability with low exploit complexity that allows remote code execution Last June 11, Microsoft made public in its «Patch Tuesdays» a high-impact vulnerability affecting the Windows Wi-Fi driver, which results in remote code execution. Exploitation does not require authentication and is performed by sending a specially crafted network packet without the need for interaction from the victim, which implies low exploitation complexity, thus increasing the risk of the vulnerability. This security incident has been identified as CVE-2024-30078, alerting the digital security community to the urgency of mitigating this threat. Some malicious actors are already selling a supposed exploit for $5000 USD. This is why a highly active exploitation is expected in a short period ...

CVE-2024-4577 can be exploited in all versions of PHP for Windows and lead to the execution of malicious code A critical vulnerability in PHP has recently been published that could lead to remote command injection. The vulnerability can be exploited in all versions of PHP for Windows specially in Traditional Chinese, Simplified Chinese and Japanese language configurations, even in default installations using XAMPP. There are currently several PoCs with public exploits that reveal the vulnerability. The vulnerability, whose identifier is CVE-2024-4577, has a CVSS v3 score of 9.8 according to NIST and is based on the CGI engine not escaping the soft hyphen (0xAD), which PHP receives and applies a "best fit" mapping, as it thinks we want to put ...

Critical vulnerability CVE-2024-32002 affecting Git update control software can lead to remote code execution A critical vulnerability in Git has recently been published that could lead to remote command injection. The vulnerability, whose identifier is CVE-2024-32002, has a CVSS score of 9.0. The exploitation occurs when the victim clones a malicious repository recursively, which would execute hooks contained in the submodules. The vulnerability lies in the way Git handles symbolic links in repository submodules. There are currently several PoCs with public exploits that expose the vulnerability. Git is the most widely used version control system, designed by Linus Torvalds. The vulnerability only applies to Git versions prior to 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2 and 2.39.4, configured with symbolic link support ...

CVE-2024-3400 affects Palo Alto Networks PAN-OS software used to manage the first layer of defense for many enterprises A critical command injection vulnerability has been recently published affecting Palo Alto Networks PAN-OS software, which would allow an unauthenticated attacker to execute arbitrary code with root privileges on the affected firewalls. The vulnerability, assigned CVE-2024-3400, has a CVSS score of 10.0. PAN-OS software is the operating system that runs on Palo Alto Networks next-generation firewalls and is responsible for managing the first layer of defense of many companies. The vulnerability only applies to PAN-OS 10.2, PAN-OS 11.0 and PAN-OS 11.1 versions configured with GlobalProtect Gateway or GlobalProtect Portal and device telemetry enabled. This issue does not affect Cloud NGFWs, Panorama or ...

CVE-2024-3094 present in the XZ Utils library may allow an attacker to use malicious code to compromise the integrity of affected systems On March 29, a developer identified CVE-2024-3094, a critical vulnerability in XZ Utils (liblzma), a critical component in Debian sid systems. Andres Freund, the developer in question, after noticing unusual activity on his system, decided to take his findings to an open-source security forum. His investigation revealed the presence of a backdoor in versions 5.6.0 and 5.6.1 of XZ Utils, introduced by a contributor. This security incident has been cataloged under the identifier CVE-2024-3094, alerting the digital security community to the urgency of mitigating this threat. In the compromised versions of XZ Utils, it was discovered that the ...

BlueSpy is a proof of concept for exploiting vulnerabilities in Bluetooth headsets and eavesdropping on private conversations The first results following the publication of BSAM, a security methodology that allows for a complete and homogeneous assessment of Bluetooth devices security, have not been long in coming. Its application has helped identify security problems in many Bluetooth headsets, showing that manufacturers must take Bluetooth security seriously to avoid, among other risks, unauthorized connections to these devices attempting to spy on conversations. Using a Python script from Linux, automating the tasks required to exploit a common vulnerability in Bluetooth devices is possible. This vulnerability allows anyone to access the Bluetooth device without alerting or notifying the owner, i.e., entirely silently. The demonstration ...

CVE-2023-49785 is a critical vulnerability affecting NextChat, an application that provides users with a web interface based on ChatGPT Information has been disclosed about a new critical vulnerability affecting NextChat, a chat interface used with ChatGPT. The vulnerability CVE-2023-49785 would allow a remote attacker to obtain internal access to different servers via HTTP. It would also allow an attacker to mask their IP address, as it allows NextChat to be used as an OpenProxy. NextChat is an application that allows you to easily obtain a web interface based on ChatGPT that integrates GPT3, GPT4 and Gemini PRO. Key Features The main features of this vulnerability are detailed below. CVE Identifier: CVE-2023-49785 Release Date: 11/03/2023 Affected Software: NextChat / ChatGPT-Next-Web CVSS ...

Vulnerabilities CVE-2024-27198 and CVE-2024-27199 affect TeamCity, a CI/CD management server software owned by JetBrains Two new vulnerabilities have been disclosed recently, which affect the CI/CD server JetBrains TeamCity. Vulnerabilities CVE-2024-27198 and CVE-2024-27199 allow to bypass the authentication, and one of them enables remote code execution, making it critical with a CVSS of 9.8. TeamCity is a build management and continuous integration server from JetBrains. It is a commercial software with a proprietary license which allows its limited usage for free . At Shodan, near 16.000 servers are exposed to Internet running this software. Key features CVE Identifier: CVE-2024-27198 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8 Critical) CVE Identifier: CVE-2024-27199 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L (7.3 High) Release date: 04/03/2024 Affected software: JetBrains TeamCity Affected versions ...