Detecting and responding to Latrodectus malware with Wazuh

Detecting and responding to Latrodectus malware with Wazuh

Post icon
/ Engineering
By

Latrodectus malware is a sophisticated malware loader that has emerged as a significant threat in recent cyberattacks targeting Windows operating systems. Latrodectus is designed to deliver payloads and execute arbitrary commands on infected systems. Its distribution has been linked to threat actors TA577 and TA578, who have employed it in various threat campaigns. It is […]

Read more
Post icon
/ Engineering

Detecting and responding to Latrodectus malware with Wazuh

By

Latrodectus malware is a sophisticated malware loader that has emerged as a significant threat in recent cyberattacks targeting Windows operating systems. Latrodectus is designed to deliver payloads and execute arbitrary commands on infected systems. Its distribution has been linked to threat actors TA577 and TA578, who have employed it in various threat campaigns. It is […]

Read more
Detecting CUPS remote code execution vulnerability with Wazuh

Detecting CUPS remote code execution vulnerability with Wazuh

Post icon
/ Engineering
By and

CUPS (Common Unix Printing System) is a widely used printing system for Unix-like operating systems. It allows users to share printers over a network and provides a web-based interface for managing print jobs and configurations. However, in September 2024, several vulnerabilities were discovered in CUPS by Simone Margaritelli that could grant an attacker remote code […]

Read more
Post icon
/ Engineering

Detecting CUPS remote code execution vulnerability with Wazuh

By and

CUPS (Common Unix Printing System) is a widely used printing system for Unix-like operating systems. It allows users to share printers over a network and provides a web-based interface for managing print jobs and configurations. However, in September 2024, several vulnerabilities were discovered in CUPS by Simone Margaritelli that could grant an attacker remote code […]

Read more
How Wazuh detects and responds to Mint Stealer

How Wazuh detects and responds to Mint Stealer

Post icon
/ Engineering
By

Mint Stealer is a Python-based malware that steals data from web browsers, cryptocurrency wallets, VPN clients, mail clients, game applications, and more. Mint Stealer is sold as a malware-as-a-service (MaaS), designed to covertly exfiltrate sensitive information from infected Windows endpoints to a command and control (C2) server. Mint Stealer uses encryption and obfuscation techniques to […]

Read more
Post icon
/ Engineering

How Wazuh detects and responds to Mint Stealer

By

Mint Stealer is a Python-based malware that steals data from web browsers, cryptocurrency wallets, VPN clients, mail clients, game applications, and more. Mint Stealer is sold as a malware-as-a-service (MaaS), designed to covertly exfiltrate sensitive information from infected Windows endpoints to a command and control (C2) server. Mint Stealer uses encryption and obfuscation techniques to […]

Read more
Detecting PureHVNC malware with Wazuh

Detecting PureHVNC malware with Wazuh

Post icon
/ Engineering
By

PureHVNC is a Remote Access Trojan (RAT) that focuses specifically on the stealthy remote control of Windows endpoints. The HVNC in PureHVNC stands for “Hidden Virtual Network Computing.” This means attackers can manipulate an endpoint remotely without the user’s awareness.  PureHVNC malware is usually distributed through phishing campaigns that use urgent messaging to deceive victims […]

Read more
Post icon
/ Engineering

Detecting PureHVNC malware with Wazuh

By

PureHVNC is a Remote Access Trojan (RAT) that focuses specifically on the stealthy remote control of Windows endpoints. The HVNC in PureHVNC stands for “Hidden Virtual Network Computing.” This means attackers can manipulate an endpoint remotely without the user’s awareness.  PureHVNC malware is usually distributed through phishing campaigns that use urgent messaging to deceive victims […]

Read more
Scanning Docker infrastructure against CIS Benchmark with Wazuh

Scanning Docker infrastructure against CIS Benchmark with Wazuh

Post icon
/ Engineering
By

Docker has revolutionized the way to deploy applications, offering scalability, consistency, and efficiency. However, these benefits come with security challenges that must be addressed to protect your infrastructure. The Center for Internet Security (CIS) Docker Benchmark provides a comprehensive set of guidelines to secure Docker environments. This blog post shows how to automate the compliance […]

Read more
Post icon
/ Engineering

Scanning Docker infrastructure against CIS Benchmark with Wazuh

By

Docker has revolutionized the way to deploy applications, offering scalability, consistency, and efficiency. However, these benefits come with security challenges that must be addressed to protect your infrastructure. The Center for Internet Security (CIS) Docker Benchmark provides a comprehensive set of guidelines to secure Docker environments. This blog post shows how to automate the compliance […]

Read more
Ensuring NIS2 compliance with Wazuh

Ensuring NIS2 compliance with Wazuh

Post icon
/ Engineering
By

Network and Information Systems (NIS2) is a European Union (EU) legislation raising cybersecurity standards for businesses due to new cyber threats across the EU. It’s an update and expansion of the original NIS (Network and Information Systems) directive adopted in 2016. NIS2 broadens the scope to include energy, transport, banking, public administration, and space sectors. […]

Read more
Post icon
/ Engineering

Ensuring NIS2 compliance with Wazuh

By

Network and Information Systems (NIS2) is a European Union (EU) legislation raising cybersecurity standards for businesses due to new cyber threats across the EU. It’s an update and expansion of the original NIS (Network and Information Systems) directive adopted in 2016. NIS2 broadens the scope to include energy, transport, banking, public administration, and space sectors. […]

Read more
Managing multiple Wazuh clusters with Cross-Cluster Search

Managing multiple Wazuh clusters with Cross-Cluster Search

Post icon
/ Engineering
By

Cross-Cluster Search (CCS) in Wazuh allows alerts from remote Wazuh clusters to be queried and viewed at a centralized location. The centralized location known as the Cross-Cluster Search (CCS) environment is trusted by the remote Wazuh clusters, enabling it to perform search operations. This lets security alerts be seen via a single Wazuh dashboard at […]

Read more
Post icon
/ Engineering

Managing multiple Wazuh clusters with Cross-Cluster Search

By

Cross-Cluster Search (CCS) in Wazuh allows alerts from remote Wazuh clusters to be queried and viewed at a centralized location. The centralized location known as the Cross-Cluster Search (CCS) environment is trusted by the remote Wazuh clusters, enabling it to perform search operations. This lets security alerts be seen via a single Wazuh dashboard at […]

Read more
Daolpu infostealer detection and response with Wazuh

Daolpu infostealer detection and response with Wazuh

Post icon
/ Engineering
By

Daolpu is a malware that steals sensitive information from infected Windows endpoints. This malware was first seen in July 2024, after CrowdStrike distributed a legitimate update to its Falcon product that caused widespread disruptions to Windows systems running this product. Due to this update, roughly 8.5 million Windows systems crashed and were unable to reboot […]

Read more
Post icon
/ Engineering

Daolpu infostealer detection and response with Wazuh

By

Daolpu is a malware that steals sensitive information from infected Windows endpoints. This malware was first seen in July 2024, after CrowdStrike distributed a legitimate update to its Falcon product that caused widespread disruptions to Windows systems running this product. Due to this update, roughly 8.5 million Windows systems crashed and were unable to reboot […]

Read more
Achieving CJIS compliance with Wazuh

Achieving CJIS compliance with Wazuh

Post icon
/ Engineering
By

The Criminal Justice Information Services (CJIS) security policy 2022, version 5.9.1, establishes the standards for safeguarding sensitive criminal justice information (CJI) in the United States. Issued by the FBI, this policy specifies the necessary security measures to maintain the confidentiality, integrity, and availability of CJI throughout its lifecycle. It imposes stringent controls on data access […]

Read more
Post icon
/ Engineering

Achieving CJIS compliance with Wazuh

By

The Criminal Justice Information Services (CJIS) security policy 2022, version 5.9.1, establishes the standards for safeguarding sensitive criminal justice information (CJI) in the United States. Issued by the FBI, this policy specifies the necessary security measures to maintain the confidentiality, integrity, and availability of CJI throughout its lifecycle. It imposes stringent controls on data access […]

Read more
How to configure Rsyslog client to send events to Wazuh

How to configure Rsyslog client to send events to Wazuh

Post icon
/ Engineering
By and

Learn how to configure a Rsyslog client to send event messages to the Wazuh manager step by step.

Read more
Post icon
/ Engineering

How to configure Rsyslog client to send events to Wazuh

By and

Learn how to configure a Rsyslog client to send event messages to the Wazuh manager step by step.

Read more
Exploring security alerting options for improved threat detection in Wazuh – Part 2

Exploring security alerting options for improved threat detection in Wazuh – Part 2

Post icon
/ Engineering
By

An improved security alerting system enhances data breach prevention, ensures compliance, and streamlines operations through timely detection and efficient alert management. In exploring security alerting options for improved threat detection in Wazuh – Part 1, we covered the basic configuration and the first two monitor types. Now, let’s explore the remaining monitor types for better […]

Read more
Post icon
/ Engineering

Exploring security alerting options for improved threat detection in Wazuh – Part 2

By

An improved security alerting system enhances data breach prevention, ensures compliance, and streamlines operations through timely detection and efficient alert management. In exploring security alerting options for improved threat detection in Wazuh – Part 1, we covered the basic configuration and the first two monitor types. Now, let’s explore the remaining monitor types for better […]

Read more
Integrating Imperva cloud web application firewall (CWAF) with Wazuh

Integrating Imperva cloud web application firewall (CWAF) with Wazuh

Post icon
/ Engineering
By

Imperva Cloud WAF is a web application security firewall that protects against security threats, including OWASP Top 10, such as cross-site scripting, illegal resource access, and remote file inclusion. Web applications are common targets for cybercriminals who aim to exploit vulnerabilities and gain unauthorized access. Wazuh is a free and open source SIEM and XDR […]

Read more
Post icon
/ Engineering

Integrating Imperva cloud web application firewall (CWAF) with Wazuh

By

Imperva Cloud WAF is a web application security firewall that protects against security threats, including OWASP Top 10, such as cross-site scripting, illegal resource access, and remote file inclusion. Web applications are common targets for cybercriminals who aim to exploit vulnerabilities and gain unauthorized access. Wazuh is a free and open source SIEM and XDR […]

Read more
Keep up to date
with our digest of articles