Detecting and responding Mamona ransomware with Wazuh

Detecting and responding Mamona ransomware with Wazuh

Post icon
/ Engineering
By

Mamona is a lightweight ransomware strain that is widely available and primarily targets Windows endpoints. Unlike more sophisticated ransomware families, it operates entirely offline, encrypting files locally without any command-and-control (C2) communication or data exfiltration. This absence of network activity makes it harder to detect using network traffic analysis alone. Mamona ransomware uses custom encryption […]

Read more
Post icon
/ Engineering

Detecting and responding Mamona ransomware with Wazuh

By

Mamona is a lightweight ransomware strain that is widely available and primarily targets Windows endpoints. Unlike more sophisticated ransomware families, it operates entirely offline, encrypting files locally without any command-and-control (C2) communication or data exfiltration. This absence of network activity makes it harder to detect using network traffic analysis alone. Mamona ransomware uses custom encryption […]

Read more
Detecting DOGE Big Balls ransomware with Wazuh

Detecting DOGE Big Balls ransomware with Wazuh

Post icon
/ Engineering
By

The DOGE Big Balls is a sophisticated ransomware variant linked to the Fog ransomware group, first observed in early 2025. It has affected organizations across various sectors, such as technology, education, and finance, by combining technical exploits with psychological manipulation. Delivered primarily through phishing campaigns containing malicious ZIP archives, the ransomware uses PowerShell scripts to […]

Read more
Post icon
/ Engineering

Detecting DOGE Big Balls ransomware with Wazuh

By

The DOGE Big Balls is a sophisticated ransomware variant linked to the Fog ransomware group, first observed in early 2025. It has affected organizations across various sectors, such as technology, education, and finance, by combining technical exploits with psychological manipulation. Delivered primarily through phishing campaigns containing malicious ZIP archives, the ransomware uses PowerShell scripts to […]

Read more
Wazuh for CMMC compliance

Wazuh for CMMC compliance

Post icon
/ Engineering
By

Cybersecurity frameworks are structured standards, guidelines, and best practices for managing and reducing cybersecurity risks. Some examples include NIST, HIPAA Security Rule, PCI DSS, and CMMC. These frameworks provide a foundational blueprint for securing sensitive data and strengthening cyber resilience, especially in regulated industries. Wazuh, an open source Security Information and Event Management (SIEM) and […]

Read more
Post icon
/ Engineering

Wazuh for CMMC compliance

By

Cybersecurity frameworks are structured standards, guidelines, and best practices for managing and reducing cybersecurity risks. Some examples include NIST, HIPAA Security Rule, PCI DSS, and CMMC. These frameworks provide a foundational blueprint for securing sensitive data and strengthening cyber resilience, especially in regulated industries. Wazuh, an open source Security Information and Event Management (SIEM) and […]

Read more
Detecting XWorm malware with Wazuh

Detecting XWorm malware with Wazuh

Post icon
/ Engineering
By

XWorm is a .NET-based Remote Access Trojan (RAT) that initially emerged in early 2022 and resurfaced in 2025 with enhanced capabilities and renewed activity in targeted cyberattacks. Designed to compromise Windows endpoints, XWorm is widely adopted by threat actors due to its modular design and low detection rates when obfuscated, making it a persistent threat […]

Read more
Post icon
/ Engineering

Detecting XWorm malware with Wazuh

By

XWorm is a .NET-based Remote Access Trojan (RAT) that initially emerged in early 2022 and resurfaced in 2025 with enhanced capabilities and renewed activity in targeted cyberattacks. Designed to compromise Windows endpoints, XWorm is widely adopted by threat actors due to its modular design and low detection rates when obfuscated, making it a persistent threat […]

Read more
Leveraging artificial intelligence for threat hunting in Wazuh

Leveraging artificial intelligence for threat hunting in Wazuh

Post icon
/ Engineering
By

Artificial intelligence (AI) makes threat hunting in Wazuh more efficient and effective as it can process vast amounts of security data at high speeds. It can spot subtle patterns and anomalies that human analysts might miss. By leveraging AI in Wazuh threat hunting, security teams can be more efficient and focus their expertise where it’s […]

Read more
Post icon
/ Engineering

Leveraging artificial intelligence for threat hunting in Wazuh

By

Artificial intelligence (AI) makes threat hunting in Wazuh more efficient and effective as it can process vast amounts of security data at high speeds. It can spot subtle patterns and anomalies that human analysts might miss. By leveraging AI in Wazuh threat hunting, security teams can be more efficient and focus their expertise where it’s […]

Read more
Addressing the CVE-2025-24016 vulnerability

Addressing the CVE-2025-24016 vulnerability

Post icon
/ Engineering
By

Recent articles have linked CVE-2025-24016, an old Wazuh server vulnerability, to botnet activity via remote code execution. This issue was fixed in October 2024 with version 4.9.1. Any instance running 4.9.1 or later is fully patched and secure. It’s also important to understand the nature of CVE-2025-24016. This is an authenticated vulnerability, meaning it can […]

Read more
Post icon
/ Engineering

Addressing the CVE-2025-24016 vulnerability

By

Recent articles have linked CVE-2025-24016, an old Wazuh server vulnerability, to botnet activity via remote code execution. This issue was fixed in October 2024 with version 4.9.1. Any instance running 4.9.1 or later is fully patched and secure. It’s also important to understand the nature of CVE-2025-24016. This is an authenticated vulnerability, meaning it can […]

Read more
Monitoring Hyper-V with Wazuh

Monitoring Hyper-V with Wazuh

Post icon
/ Engineering
By

Microsoft Hyper-V is a widely used virtualization platform in enterprise environments, powering everything from development labs to production workloads.

Read more
Post icon
/ Engineering

Monitoring Hyper-V with Wazuh

By

Microsoft Hyper-V is a widely used virtualization platform in enterprise environments, powering everything from development labs to production workloads.

Read more
Enhancing Linux security with AppArmor and Wazuh

Enhancing Linux security with AppArmor and Wazuh

Post icon
/ Engineering
By

The Linux operating system is widely deployed across various systems, from embedded devices to cloud infrastructure. Its popular use makes it a frequent target for threat actors, increasing the importance of enforced security mechanisms. Linux uses the Discretionary Access Control (DAC) permission model by default. In this model, the owner of a file or process […]

Read more
Post icon
/ Engineering

Enhancing Linux security with AppArmor and Wazuh

By

The Linux operating system is widely deployed across various systems, from embedded devices to cloud infrastructure. Its popular use makes it a frequent target for threat actors, increasing the importance of enforced security mechanisms. Linux uses the Discretionary Access Control (DAC) permission model by default. In this model, the owner of a file or process […]

Read more
Detecting Chrome CVE-2025-4664 vulnerability with Wazuh

Detecting Chrome CVE-2025-4664 vulnerability with Wazuh

Post icon
/ Engineering
By and

A newly disclosed zero-day vulnerability, tracked as CVE-2025-4664, has recently been discovered to affect Google Chrome and Chromium web browsers on Windows and Linux endpoints, respectively. This vulnerability affects the Loader component of the browser, causing serious implications for cross-origin data protection, especially in environments that rely on Chrome’s referrer policies for safeguarding sensitive information. […]

Read more
Post icon
/ Engineering

Detecting Chrome CVE-2025-4664 vulnerability with Wazuh

By and

A newly disclosed zero-day vulnerability, tracked as CVE-2025-4664, has recently been discovered to affect Google Chrome and Chromium web browsers on Windows and Linux endpoints, respectively. This vulnerability affects the Loader component of the browser, causing serious implications for cross-origin data protection, especially in environments that rely on Chrome’s referrer policies for safeguarding sensitive information. […]

Read more
Detecting FrigidStealer malware with Wazuh

Detecting FrigidStealer malware with Wazuh

Post icon
/ Engineering
By and

FrigidStealer is an information-stealing malware that emerged in January 2025. It targets macOS endpoints to steal sensitive user data through deceptive tactics. Unlike traditional malware, FrigidStealer exploits user trust in routine software updates, making it particularly insidious. As a significant threat, it underscores the need for extended security measures on macOS endpoints. The malware’s financial […]

Read more
Post icon
/ Engineering

Detecting FrigidStealer malware with Wazuh

By and

FrigidStealer is an information-stealing malware that emerged in January 2025. It targets macOS endpoints to steal sensitive user data through deceptive tactics. Unlike traditional malware, FrigidStealer exploits user trust in routine software updates, making it particularly insidious. As a significant threat, it underscores the need for extended security measures on macOS endpoints. The malware’s financial […]

Read more
Detecting and responding to InvisibleFerret with Wazuh

Detecting and responding to InvisibleFerret with Wazuh

Post icon
/ Engineering
By

InvisibleFerret is a Python-based backdoor malware that affects both Windows and Linux endpoints. It is used in targeted campaigns by North Korean threat actors, particularly the notorious Lazarus Group. This malware is deployed through advanced social engineering tactics, often disguised as part of legitimate job recruitment processes. Threat actors impersonate recruiters, luring victims, primarily professionals […]

Read more
Post icon
/ Engineering

Detecting and responding to InvisibleFerret with Wazuh

By

InvisibleFerret is a Python-based backdoor malware that affects both Windows and Linux endpoints. It is used in targeted campaigns by North Korean threat actors, particularly the notorious Lazarus Group. This malware is deployed through advanced social engineering tactics, often disguised as part of legitimate job recruitment processes. Threat actors impersonate recruiters, luring victims, primarily professionals […]

Read more
Detecting Windows persistence techniques with Wazuh

Detecting Windows persistence techniques with Wazuh

Post icon
/ Engineering
By

Persistence techniques refer to methods attackers or malicious software use to maintain access to a compromised endpoint even after reboots, logouts, or other interruptions. These techniques ensure that the malware or unauthorized user remains active and can continue to execute malicious activities without re-exploitation. Common Windows persistence techniques involve modifying startup scripts, abusing scheduled tasks […]

Read more
Post icon
/ Engineering

Detecting Windows persistence techniques with Wazuh

By

Persistence techniques refer to methods attackers or malicious software use to maintain access to a compromised endpoint even after reboots, logouts, or other interruptions. These techniques ensure that the malware or unauthorized user remains active and can continue to execute malicious activities without re-exploitation. Common Windows persistence techniques involve modifying startup scripts, abusing scheduled tasks […]

Read more
Keep up to date
with our digest of articles