Submitting the form

All results for 'Awwal Ishiaku'

Showing 12 of 18 results

Detecting exploitation of XZ Utils vulnerability (CVE-2024-3094) with Wazuh

Blog / Engineering / Detecting exploitation of XZ Utils vulnerability (CVE-2024-3094) with Wazuh

In March 2024, a backdoor was detected within XZ Utils, earning the designation CVE-2024-3094. The vulnerability has a CVSS score of 10, indicating its potential for critical impact if exploited. The vulnerability affects XZ versions 5.6.0 and 5.6.1 and presents a serious threat to endpoints that run Unix-like operating systems.  Previously, we detailed how to […]

Integrating Cisco Secure Endpoint with Wazuh

Blog / Engineering / Integrating Cisco Secure Endpoint with Wazuh

In this blog post, we combine the capabilities of Cisco Secure Endpoint with the versatility of Wazuh, a unified XDR and SIEM platform. Cisco Secure Endpoint offers cloud-delivered endpoint detection and response. We forward logs from Cisco Secure Endpoint to Wazuh, enabling you to streamline the collection, analysis, and alerting of security logs. We begin […]

Monitoring Hyper-V with Wazuh

Blog / Engineering / Monitoring Hyper-V with Wazuh

Microsoft Hyper-V is a widely used virtualization platform in enterprise environments, powering everything from development labs to production workloads.

Monitoring Rapid SCADA with Wazuh

Blog / Engineering / Monitoring Rapid SCADA with Wazuh

Supervisory Control and Data Acquisition (SCADA) systems are essential for monitoring and controlling industrial processes. Rapid SCADA is an open source SCADA platform used for data acquisition, automation, and remote control in industrial and critical infrastructure systems. It can be deployed on Windows or Linux endpoints, making it a flexible solution for different environments. Like […]

Snapekit detection with Wazuh

Blog / Engineering / Snapekit detection with Wazuh

The Snapekit rootkit was reported by Gen Threat Labs on X (formerly Twitter) on October 2, 2024. They identified several behavioral patterns of the rootkit. At the time of writing, all publicly available Snapekit samples specifically target Arch Linux (6.10.2-arch1-1 x86_64). However, the rootkit can be easily adapted to impact other versions of Arch Linux […]

Scanning Docker infrastructure against CIS Benchmark with Wazuh

Blog / Engineering / Scanning Docker infrastructure against CIS Benchmark with Wazuh

Docker has revolutionized the way to deploy applications, offering scalability, consistency, and efficiency. However, these benefits come with security challenges that must be addressed to protect your infrastructure. The Center for Internet Security (CIS) Docker Benchmark provides a comprehensive set of guidelines to secure Docker environments. This blog post shows how to automate the compliance […]

Enhancing incident response with Wazuh and DFIR-IRIS integration

Blog / Engineering / Enhancing incident response with Wazuh and DFIR-IRIS integration

DFIR-IRIS is an open source platform for case management and incident response, enabling incident responders to document, track, and analyze security incidents. It supports remote investigations by allowing responders to access and share technical details about incidents, fostering collaboration and coordinated responses to threats. Integrating DFIR-IRIS with the Wazuh XDR and SIEM platform provides a […]

Detecting XZ Utils vulnerability (CVE-2024-3094) with Wazuh

Blog / Engineering / Detecting XZ Utils vulnerability (CVE-2024-3094) with Wazuh

XZ Utils is a widely utilized suite of command-line tools for lossless data compression on virtually all Unix-like operating systems, including Linux. Among its prominent components are xz and lzma, useful in compressing files, distributing packages, and managing backups.  Andres Freund discovered a backdoor within XZ Utils, specifically in the liblzma library, and reported it […]

Detecting keyloggers (T1056.001) on Linux endpoints

Blog / Engineering / Detecting keyloggers (T1056.001) on Linux endpoints

Keyloggers are spyware that monitor and record user keystrokes on endpoints. Some variants relay the recorded data to an external party or attacker, enabling threat actors to exfiltrate user credentials or other sensitive information. This blog post focuses on detecting Indicators of Compromise (IoC) for keyloggers that utilize living-off-the-land (LOTL) techniques. LOTL is an attack […]

Detecting Log4Shell with Wazuh

Blog / Engineering / Detecting Log4Shell with Wazuh

Recently, a zero-day vulnerability dubbed Log4Shell with CVE-2021-44228 was detected in Apache’s Log4J 2 that allows malicious actors to launch RCE attacks. Learn how Wazuh can help with the monitoring and detection of the Log4Shell vulnerability.

Detecting illegitimate crypto miners on Linux endpoints

Blog / Engineering / Detecting illegitimate crypto miners on Linux endpoints

Crypto miners are programs that utilize computer resources to mine cryptocurrency. Mining is the process that several cryptocurrencies use to generate new coins and verify new transactions. Crypto miners usually get rewarded a token for every successful transaction mined, which makes crypto mining a profitable activity. The monetary gain of mining cryptocurrency is a motivation […]

No results for 'Awwal Ishiaku'

Please make sure that all words are spelled correctly.