BlackSuit ransomware is a malicious software designed to infiltrate computer systems and encrypt critical data. It primarily targets high-value organizations across critical sectors showcasing its potential to disrupt operations and inflict widespread damage. This ransomware has caused substantial financial losses and operational disruptions across various industries. Understanding how BlackSuit operates and implementing detection strategies against […]

Organizations face increasingly sophisticated threats that require a proactive and multi-layered defense strategy. Organizations often leverage multiple security solutions to improve their security posture. Centralized visibility for organizations that use multiple security solutions is essential for operational efficiency. Wazuh, an open source Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) platform […]

URLhaus is a project operated by abuse.ch. The purpose of the project is to collect, track, and share malware URLs, to help network administrators and security analysts protect their networks from cyber threats. URLhaus also offers an API to query information about malicious URLs. Integrating this API with Wazuh can help organizations improve their ability […]

The Snapekit rootkit was reported by Gen Threat Labs on X (formerly Twitter) on October 2, 2024. They identified several behavioral patterns of the rootkit. At the time of writing, all publicly available Snapekit samples specifically target Arch Linux (6.10.2-arch1-1 x86_64). However, the rootkit can be easily adapted to impact other versions of Arch Linux […]

Lumma Stealer, also known as LummaC2 Stealer, is a customizable malware written in C/C++ that allows for efficient and low-level access to system resources. It uses extensive obfuscation and anti-analysis features, making it highly effective and hard to detect. It is distributed as a Malware-as-a-Service (MaaS) model, with several plans available on underground forums and […]

Providing Ransomware protection on our endpoints is important as these attacks have become one of the most prevalent and damaging cyber threats faced by organizations and individuals. These types of attacks continue to rise due to the lucrative nature of ransom payments. Ransomware attacks adopt sophisticated techniques, such as advanced encryption algorithms and social engineering […]

Latrodectus malware is a sophisticated malware loader that has emerged as a significant threat in recent cyberattacks targeting Windows operating systems. Latrodectus is designed to deliver payloads and execute arbitrary commands on infected systems. Its distribution has been linked to threat actors TA577 and TA578, who have employed it in various threat campaigns. It is […]

CUPS (Common Unix Printing System) is a widely used printing system for Unix-like operating systems. It allows users to share printers over a network and provides a web-based interface for managing print jobs and configurations. However, in September 2024, several vulnerabilities were discovered in CUPS by Simone Margaritelli that could grant an attacker remote code […]

Mint Stealer is a Python-based malware that steals data from web browsers, cryptocurrency wallets, VPN clients, mail clients, game applications, and more. Mint Stealer is sold as a malware-as-a-service (MaaS), designed to covertly exfiltrate sensitive information from infected Windows endpoints to a command and control (C2) server. Mint Stealer uses encryption and obfuscation techniques to […]