User mode and kernel mode are two operating states within a computer system that define different levels of access and control to the hardware resources of a computer. Choosing the right mode between the two is important, as it affects the security and stability of the computer.  User mode is a restricted operating environment where […]

Snake keylogger, also known as “404 Keylogger” or “KrakenKeylogger” is a .NET-based trojan designed to target Windows endpoints and steal sensitive information. It is typically spread through phishing campaigns and can exfiltrate saved credentials from web browsers, email clients, and other commonly used applications. In addition, it can capture keystrokes, screenshots, and data from the […]

PowerShell is a tool widely used for managing Windows endpoints. Its versatility makes it a key resource for administrators, allowing them to control various system functions, automate workflows, and manage configurations efficiently. The scripting capabilities of PowerShell enable users to perform tasks that would otherwise require multiple steps manually, saving time and reducing human error. […]

BlackSuit ransomware is a malicious software designed to infiltrate computer systems and encrypt critical data. It primarily targets high-value organizations across critical sectors showcasing its potential to disrupt operations and inflict widespread damage. This ransomware has caused substantial financial losses and operational disruptions across various industries. Understanding how BlackSuit operates and implementing detection strategies against […]

Organizations face increasingly sophisticated threats that require a proactive and multi-layered defense strategy. Organizations often leverage multiple security solutions to improve their security posture. Centralized visibility for organizations that use multiple security solutions is essential for operational efficiency. Wazuh, an open source Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) platform […]

URLhaus is a project operated by abuse.ch. The purpose of the project is to collect, track, and share malware URLs, to help network administrators and security analysts protect their networks from cyber threats. URLhaus also offers an API to query information about malicious URLs. Integrating this API with Wazuh can help organizations improve their ability […]

The Snapekit rootkit was reported by Gen Threat Labs on X (formerly Twitter) on October 2, 2024. They identified several behavioral patterns of the rootkit. At the time of writing, all publicly available Snapekit samples specifically target Arch Linux (6.10.2-arch1-1 x86_64). However, the rootkit can be easily adapted to impact other versions of Arch Linux […]

Lumma Stealer, also known as LummaC2 Stealer, is a customizable malware written in C/C++ that allows for efficient and low-level access to system resources. It uses extensive obfuscation and anti-analysis features, making it highly effective and hard to detect. It is distributed as a Malware-as-a-Service (MaaS) model, with several plans available on underground forums and […]

Providing Ransomware protection on our endpoints is important as these attacks have become one of the most prevalent and damaging cyber threats faced by organizations and individuals. These types of attacks continue to rise due to the lucrative nature of ransom payments. Ransomware attacks adopt sophisticated techniques, such as advanced encryption algorithms and social engineering […]

Latrodectus malware is a sophisticated malware loader that has emerged as a significant threat in recent cyberattacks targeting Windows operating systems. Latrodectus is designed to deliver payloads and execute arbitrary commands on infected systems. Its distribution has been linked to threat actors TA577 and TA578, who have employed it in various threat campaigns. It is […]