DFIR-IRIS is an open source platform for case management and incident response, enabling incident responders to document, track, and analyze security incidents. It supports remote investigations by allowing responders to...
In March 2024, a backdoor was detected within XZ Utils, earning the designation CVE-2024-3094. The vulnerability has a CVSS score of 10, indicating its potential for critical impact if exploited....
XZ Utils is a widely utilized suite of command-line tools for lossless data compression on virtually all Unix-like operating systems, including Linux. Among its prominent components are xz and lzma,...
Keyloggers are spyware that monitor and record user keystrokes on endpoints. Some variants relay the recorded data to an external party or attacker, enabling threat actors to exfiltrate user credentials...
In this blog post, we combine the capabilities of Cisco Secure Endpoint with the versatility of Wazuh, a unified XDR and SIEM platform. Cisco Secure Endpoint offers cloud-delivered endpoint detection...
This blog post shows how to integrate Wazuh with Shuffle with the out-of-the-box integration introduced in Wazuh 4.4.
It is essential to log and audit Kubernetes cluster events. Check our new blog post to learn how to audit Kubernetes events with Wazuh.
Crypto miners are programs that utilize computer resources to mine cryptocurrency. Mining is the process that several cryptocurrencies use to generate new coins and verify new transactions. Crypto miners usually...
A remote code execution vulnerability affecting Microsoft Windows Support Diagnostic Tool (MSDT) was observed to be exploited as early as May 2022. The vulnerability is dubbed Follina and has the...
The Windows task scheduler is a tool in the Windows operating system that launches programs and executes predefined scripts at scheduled times or after specified time intervals. While Windows Task...
A remote code execution (RCE) vulnerability that affects the Spring Java framework has been discovered. The vulnerability is dubbed Spring4Shell or SpringShell by the security community. It has the designation...
Wazuh is a unified SIEM and XDR platform that you can use to protect your infrastructure. A SIEM is essential to security operations, and in many instances, Security Operations Centers...