Detecting data exfiltration is an important aspect of maintaining cybersecurity, especially when attackers leverage native system tools to evade detection. This technique, known as Living Off the Land (LOTL), involves the misuse of legitimate utilities in the operating system, making malicious activities blend with normal operations. Advanced Persistent Threat (APT) groups commonly use LOTL techniques, […]

Peaklight malware is an information stealer designed to collect sensitive data from compromised endpoints. It is frequently distributed through underground channels and, in some cases, offered as a Malware-as-a-Service (MaaS). Its flexible structure and frequent updates make it a continuously evolving and potent threat, capable of bypassing conventional security measures. Peaklight leverages multiple anti-analysis mechanisms […]

Maintaining the security of containerized environments is an important part of modern IT infrastructure. Vulnerabilities in container images and runtime environments expose organizations to significant risks, which makes proactive vulnerability scanning an essential practice. Trivy is an open source vulnerability scanner designed for containers, filesystems, and software dependencies. It supports a range of targets including […]

Lynx ransomware is a sophisticated malware threat that has been active since mid-2024, with over 20 victims across various industries. It primarily targets Windows operating systems, encrypting files using the Advanced Encryption Standard (AES) with a 128-bit key in CTR mode, and employs double extortion, threatening to leak stolen data. Operated by the Lynx ransomware […]

Organizations face challenges connecting Cyber Threat Intelligence (CTI) and Digital Forensics and Incident Response (DFIR) efforts. Effective collaboration between these domains is necessary for addressing threats proactively and efficiently. Yeti (Your Everyday Threat Intelligence) is an open source Forensics Intelligence platform that helps bridge the gap between CTI and DFIR efforts. It provides DFIR teams […]

Brain Cipher is a ransomware strain that surfaced in the middle of 2024, rapidly making its presence felt across various sectors worldwide. Its popularity skyrocketed following a high-profile attack on Indonesia’s National Data Center, which disrupted over 200 government agencies and critical public services, including immigration systems. Built on the leaked LockBit 3.0 builder, Brain […]

Data breaches and leaked credentials have become a recurring threat in the cybersecurity landscape, exposing sensitive information such as usernames, passwords, and email addresses. When attackers gain access to this data, they can exploit it for unauthorized access, phishing attacks, or identity theft. The risk to businesses and individuals is significant, whether leaked credentials from […]

Criminal IP is a threat intelligence platform that provides insights into IP addresses, domains, and other network components. It provides the necessary information to assess risks and identify potential threats, enabling security teams to react to malicious activity proactively. Integrating Wazuh with Criminal IP creates a synergy that enhances security monitoring, network management, and system […]

Razr is a highly destructive ransomware that compromises systems by encrypting files, effectively rendering them inaccessible to users. This ransomware commonly propagates through phishing emails containing malicious attachments or by exploiting vulnerabilities in software and operating systems.  Once infected, the Razr ransomware scans for valuable data, including documents, images, and databases. It activates its payload […]

A Large Language Model (LLM) is an Artificial Intelligence (AI) program that recognizes, processes, and generates human-like texts. Claude Haiku is an LLM model designed by Antropic that can perform code completion, interactive chatbots, and content moderation tasks.  The Claude Haiku model can be integrated as a chatbox feature in the Wazuh dashboard. Performing this […]

DevSecOps, which stands for Development, Security, and Operations, is a methodology that integrates security practices into the software development lifecycle. It emphasizes integrating security into every phase of the software development lifecycle rather than treating it as a separate or final step. By embedding security checks early,  DevSecOps detects vulnerabilities sooner. Integrating security into Continuous […]

DeerStealer is a Windows-based stealer malware designed to steal sensitive user information, including login credentials, web browser data, and cryptocurrency wallet contents. It has similarities with other stealer malware like XFiles and Lummar. It is commonly spread through phishing emails and malvertising campaigns that appear trustworthy like the Google Authenticator incident. Upon infecting a system, […]