Living Off the Land (LOTL) attacks are a cyber threat technique in which attackers leverage existing, legitimate tools and features within an environment to conduct malicious activities. This approach allows attackers to blend in with normal system activity, making detection by conventional security measures more challenging.  The solution to LOTL attacks is to use a […]

The Kuiper ransomware is a strain of ransomware written in Golang that encrypts data on various endpoints such as Windows, macOS, and Linux in exchange for money.  It utilizes a combination of RSA, ChaCha20, and AES encryption algorithms to encrypt files on infected endpoints. Specifically, it employs RSA for key exchange, ChaCha20 for initial encryption, […]

XZ Utils is a widely utilized suite of command-line tools for lossless data compression on virtually all Unix-like operating systems, including Linux. Among its prominent components are xz and lzma, useful in compressing files, distributing packages, and managing backups.  Andres Freund discovered a backdoor within XZ Utils, specifically in the liblzma library, and reported it […]

PostgreSQL is an open source, highly stable database management system that uses several features to securely store and scale data workloads. PostgreSQL is supported by major operating systems such as Linux, macOS, Microsoft Windows, FreeBSD, OpenBSD, and Solaris. It is primarily used by users, organizations, and businesses to store data for mobile applications, websites, analytics […]

Phobos ransomware has become a growing concern due to its tactics in targeting state and territorial governments. The ransomware group compromises Windows endpoints using phishing as the primary method to gain initial entry, deploying covert payloads such as SmokeLoader and Cobalt Strike. Also, attackers exploit vulnerable networks by scanning and brute-forcing open Remote Desktop Protocol […]

Wazuh introduced the Fluentd module, which allows the forwarding of information to a Fluentd server. Gain more security visibility on your system today.

In this case, we will learn how to deploying the Wazuh agent on a Windows Active Directory infrastructure using Group Policy Objects (GPO).

Centralized configuration management offers a unified approach for organizing, controlling, and modifying configurations within a large infrastructure. They mitigate the challenges associated with manual configuration management, such as human errors, inconsistencies, and time-consuming updates. Wazuh, the unified XDR and SIEM platform, offers a feature for streamlining agent configuration and enhancing security management: Wazuh agent groups […]

AWS Managed Microsoft Active Directory (AD) is an AWS Directory Service that provides users, businesses, and organizations different options to use Microsoft Active Directory (AD) with other AWS services. AWS Managed Microsoft AD stores information about users, groups, and devices, and system administrators use this Directory Service to manage access to this information.  AWS Managed […]

SentinelOne XDR is designed to provide comprehensive protection against advanced threats and cyberattacks. By leveraging sophisticated behavioral analysis and threat intelligence, SentinelOne XDR delivers a robust defense mechanism to ensure a proactive and adaptive approach to cybersecurity. By integrating SentinelOne XDR with Wazuh, a unified XDR and SIEM platform, security analysts and administrators can benefit […]

AsyncRAT is an open source remote access tool that is commonly used by threat actors for file exfiltration and remote desktop control. Threat actors use script injectors and phishing attachments to deliver AsyncRAT to victim endpoints across numerous campaigns. AsyncRAT has consistently ranked among the top 10 malware trends on Any.run for several months. BleepingComputer […]

USB drives are useful for transferring files on macOS systems, providing a quick and simple way to share documents, photos, and more between devices. They’re plug-and-play, allowing users to easily access and transfer data. However, it’s essential to be cautious about security. USB drives can carry malware, posing a risk to your macOS systems. Organizations […]