All news with #threat hunting tag

Vulnerability-Informed Hunting: Nexus of Risk and Intel

🔎 Vulnerability-informed hunting transforms static vulnerability scans into dynamic intelligence by enriching CVE data with asset context, exploit activity and threat feeds. The article shows how mapping vulnerabilities to adversary behaviors (for example, Log4Shell, ProxyShell and Zerologon) lets teams run focused hunts that detect exploitation or reveal telemetry gaps. It advocates a continuous loop where hunts inform detection engineering, improving logging, SIEM content and overall resilience.

Beyond Security Awareness: Proactive Threat Hunting

🔍 Security Awareness Month highlights the human side of defense but by itself it cannot sustain long-term resilience. The author argues organizations must pair awareness with proactive threat hunting and a structured Continuous Threat Exposure Management (CTEM) program to find misconfigurations, exposed credentials, and excessive privileges before attackers can exploit them. He outlines a three-step readiness model: collect attacker-centric data, map attack paths with a digital twin, and prioritize remediation by business impact.

Reassignment of CISA Staff Raises National Cyber Risks

🔔 The US Department of Homeland Security has reassigned hundreds of cybersecurity personnel from the Cybersecurity and Infrastructure Security Agency to non-cyber roles supporting immigration and border enforcement, reports say. This shift has most impacted CISA’s Capacity Building team, which writes emergency directives and oversees protections for the government’s highest-value assets; refusal to accept new roles reportedly risks termination. Analysts warn that reductions in specialized threat hunting, vulnerability scanning, and coordinated advisories will slow response times and create exploitable gaps. Enterprises are urged to tighten patch cycles, adopt phishing-resistant MFA, review privileges, and rely on sector ISACs and private intel sharing while federal capacity is strained.

NCSC urges better observability, threat hunting in UK

🔍 The NCSC, led by CTO Ollie Whitehouse, has urged UK organisations to strengthen observability and threat-hunting capabilities to improve national cyber resilience. It warns many lack comprehensive visibility across accounts, devices, networks, applications and cloud services, and often cannot apply advanced analytics. The centre advises maximising cross-asset visibility, pressing vendors to build monitorable systems, and moving beyond simple IOCs to detect TTPs. It also recommends the NCSC Assured incident response list and CyAS for validation.

AI Becomes Essential in SOCs as Alert Volumes Soar

🔍 Security leaders report a breaking point as daily alert volumes average 960 and large enterprises exceed 3,000, forcing teams to leave many incidents uninvestigated. A survey of 282 security leaders shows AI has moved from experiment to strategic priority, with 55% deploying AI copilots for triage, detection tuning, and threat hunting. Organizations cite data privacy, integration complexity, and explainability as primary barriers while projecting AI will handle roughly 60% of SOC workloads within three years. Prophet Security is highlighted as an agentic AI SOC platform that automates triage and accelerates investigations to reduce dwell time.

What Happens When You Engage Talos Incident Response

🔐 Cisco Talos Incident Response (Talos IR) provides rapid, 24/7 crisis support and proactive services to contain, investigate, and remediate cybersecurity incidents. Talos combines deep threat intelligence, digital forensics, and a vendor-agnostic approach to work with existing tools and environments. Engagements follow a structured IR lifecycle—Preparation, Identification, Containment, Eradication, Recovery, and Lessons learned—to minimize disruption and build long-term resilience.

CrowdStrike Launches Threat AI: Agentic Threat Intel

🔍 CrowdStrike unveiled Threat AI, described as the industry’s first agentic threat intelligence system, built on the Falcon platform to reason, hunt, and act across adversary activity. The initial agents — a Malware Analysis Agent and a Hunt Agent — automate complex workflows like reversing, classification, retrohunting, and continuous threat hunting to surface actionable recommendations. CrowdStrike also released a Threat Intelligence Browser Extension for Chrome to provide intelligence in analysts’ workflows, aiming to accelerate investigations and help SOCs respond at machine speed.

Advanced Threat Hunting Workshop — Labscon 2025 LLMs

🔎 Our colleague Joseliyo Sánchez, together with SentinelOne researcher Aleksandar Milenkoski, will present a hands-on workshop at Labscon on automating large-scale threat hunting using the VirusTotal Enterprise API. Attendees will employ Python and Google Colab to process massive datasets, track APT behaviors, and apply LLMs to enhance analysis, query building, and visualizations. The session targets CTI analysts, threat hunters, incident responders, SOC analysts, and security researchers. A follow-up blog post will publish example exercises and materials for further learning.

Turning Threat Research into Practical VirusTotal Detections

🔎 Detection engineering guidance for researchers and defenders. This post shows how VirusTotal can be used to hunt for recent, sandboxed samples and derive behavioral Sigma rules by combining targeted VT queries, sandbox logs (CAPE/Zenbox), and manual analysis. Using Lummac and VenomRAT examples, the team created experimental Sigma detections for process execution (more.com/vbc.exe) and suspicious .conf file creation to aid SOCs and hunting teams.