Amazon Elastic Container Registry (ECR) is an Amazon Web Services (AWS) managed container image registry service that stores, shares, and deploys container images. Amazon ECR provides an image scanning feature that uses the Common Vulnerabilities and Exposure (CVEs) database from the open source Clair project to detect vulnerabilities in container images. AWS provides a template […]

Keyloggers are spyware that monitor and record user keystrokes on endpoints. Some variants relay the recorded data to an external party or attacker, enabling threat actors to exfiltrate user credentials or other sensitive information. This blog post focuses on detecting Indicators of Compromise (IoC) for keyloggers that utilize living-off-the-land (LOTL) techniques. LOTL is an attack […]

AWS Simple Notification Service (SNS) is a fully managed messaging service that enables sending notifications from the cloud. It supports publishing messages to various endpoints like AWS services, email, SMS, and HTTP/HTTPS webhooks. SNS facilitates application-to-application (A2A) and application-to-person (A2P) communication. This post explores using A2P to publish Wazuh security alerts to SNS topics. The […]

Monitoring USB drives on a Linux endpoint is essential for maintaining the security and integrity of the system. USB drives can serve as a potential entry point for malware and unauthorized data access. By monitoring these drives, administrators can detect and prevent the introduction of malicious software or unauthorized data transfers. Additionally, monitoring USB drives […]

Configuration management is the process of maintaining computer systems, servers, network devices, and software in a desired and consistent state. Configuration management tools allow you to quickly and remotely control large numbers of different endpoints in an automated way from a centralized location. There are several popular configuration management tools. These include Ansible, Chef, Puppet, […]

Maltiverse is a threat intelligence platform that collects, analyses, and provides insights into malicious domains, IP addresses, and other digital artifacts commonly associated with cyber threats. It provides a wealth of information on known malicious entities and indicators of compromise (IOCs), making it a valuable resource for cybersecurity professionals. Extensive threat intelligence of Maltiverse complements […]

Conducting container vulnerability scans is an approach to protecting containers and the infrastructure that supports them. Containers provide isolated environments for applications, maintaining consistency across other platforms. Detecting and resolving security threats within containers through container vulnerability scanning is an essential proactive security practice. This is important given the dynamic nature of software and the […]

Blackbit ransomware is a variant of the LokiLocker ransomware. It utilizes sophisticated techniques to encrypt and obstruct data recovery. The ransomware is built on the Ransomware-as-a-service (RaaS) model. RaaS is a subscription-based business model where ransomware groups lease out their infrastructure to ransomware affiliates or cybercriminals to launch cyberattacks.  The Blackbit ransomware uses .NET Reactor […]

In this blog post, we combine the capabilities of Cisco Secure Endpoint with the versatility of Wazuh, a unified XDR and SIEM platform. Cisco Secure Endpoint offers cloud-delivered endpoint detection and response. We forward logs from Cisco Secure Endpoint to Wazuh, enabling you to streamline the collection, analysis, and alerting of security logs. We begin […]