Blog / Engineering / Detect and respond to BlackSuit ransomware with Wazuh
BlackSuit ransomware is a malicious software designed to infiltrate computer systems and encrypt critical data. It primarily targets high-value organizations across critical sectors showcasing its potential to disrupt operations and inflict widespread damage. This ransomware has caused substantial financial losses and operational disruptions across various industries. Understanding how BlackSuit operates and implementing detection strategies against […]
Blog / Engineering / Detecting Brain Cipher ransomware with Wazuh
Brain Cipher is a ransomware strain that surfaced in the middle of 2024, rapidly making its presence felt across various sectors worldwide. Its popularity skyrocketed following a high-profile attack on Indonesia’s National Data Center, which disrupted over 200 government agencies and critical public services, including immigration systems. Built on the leaked LockBit 3.0 builder, Brain […]
Blog / Engineering / Achieving CJIS compliance with Wazuh
The Criminal Justice Information Services (CJIS) security policy 2022, version 5.9.1, establishes the standards for safeguarding sensitive criminal justice information (CJI) in the United States. Issued by the FBI, this policy specifies the necessary security measures to maintain the confidentiality, integrity, and availability of CJI throughout its lifecycle. It imposes stringent controls on data access […]
Blog / Engineering / Detecting and removing Sosano backdoor malware with Wazuh
The Sosano backdoor emerged in late 2024 as a stealthy malware strain. It was used in a highly targeted campaign against organizations in critical sectors, including aviation, satellite communications, and transportation infrastructure. What sets the Sosano backdoor apart is its use of polyglot files – a rare and sophisticated technique that allows malware to masquerade […]
Blog / Engineering / Detecting Chrome CVE-2025-4664 vulnerability with Wazuh
A newly disclosed zero-day vulnerability, tracked as CVE-2025-4664, has recently been discovered to affect Google Chrome and Chromium web browsers on Windows and Linux endpoints, respectively. This vulnerability affects the Loader component of the browser, causing serious implications for cross-origin data protection, especially in environments that rely on Chrome’s referrer policies for safeguarding sensitive information. […]