In March 2024, a backdoor was detected within XZ Utils, earning the designation CVE-2024-3094. The vulnerability has a CVSS score of 10, indicating its potential for critical impact if exploited. The vulnerability affects XZ versions 5.6.0 and 5.6.1 and presents a serious threat to endpoints that run Unix-like operating systems. Previously, we detailed how to […]
In this blog post, we combine the capabilities of Cisco Secure Endpoint with the versatility of Wazuh, a unified XDR and SIEM platform. Cisco Secure Endpoint offers cloud-delivered endpoint detection and response. We forward logs from Cisco Secure Endpoint to Wazuh, enabling you to streamline the collection, analysis, and alerting of security logs. We begin […]
Microsoft Hyper-V is a widely used virtualization platform in enterprise environments, powering everything from development labs to production workloads.
Supervisory Control and Data Acquisition (SCADA) systems are essential for monitoring and controlling industrial processes. Rapid SCADA is an open source SCADA platform used for data acquisition, automation, and remote control in industrial and critical infrastructure systems. It can be deployed on Windows or Linux endpoints, making it a flexible solution for different environments. Like […]
The Snapekit rootkit was reported by Gen Threat Labs on X (formerly Twitter) on October 2, 2024. They identified several behavioral patterns of the rootkit. At the time of writing, all publicly available Snapekit samples specifically target Arch Linux (6.10.2-arch1-1 x86_64). However, the rootkit can be easily adapted to impact other versions of Arch Linux […]
Docker has revolutionized the way to deploy applications, offering scalability, consistency, and efficiency. However, these benefits come with security challenges that must be addressed to protect your infrastructure. The Center for Internet Security (CIS) Docker Benchmark provides a comprehensive set of guidelines to secure Docker environments. This blog post shows how to automate the compliance […]
DFIR-IRIS is an open source platform for case management and incident response, enabling incident responders to document, track, and analyze security incidents. It supports remote investigations by allowing responders to access and share technical details about incidents, fostering collaboration and coordinated responses to threats. Integrating DFIR-IRIS with the Wazuh XDR and SIEM platform provides a […]
XZ Utils is a widely utilized suite of command-line tools for lossless data compression on virtually all Unix-like operating systems, including Linux. Among its prominent components are xz and lzma, useful in compressing files, distributing packages, and managing backups. Andres Freund discovered a backdoor within XZ Utils, specifically in the liblzma library, and reported it […]
Keyloggers are spyware that monitor and record user keystrokes on endpoints. Some variants relay the recorded data to an external party or attacker, enabling threat actors to exfiltrate user credentials or other sensitive information. This blog post focuses on detecting Indicators of Compromise (IoC) for keyloggers that utilize living-off-the-land (LOTL) techniques. LOTL is an attack […]
Recently, a zero-day vulnerability dubbed Log4Shell with CVE-2021-44228 was detected in Apache’s Log4J 2 that allows malicious actors to launch RCE attacks. Learn how Wazuh can help with the monitoring and detection of the Log4Shell vulnerability.
It is essential to log and audit Kubernetes cluster events. Check our new blog post to learn how to audit Kubernetes events with Wazuh.
Crypto miners are programs that utilize computer resources to mine cryptocurrency. Mining is the process that several cryptocurrencies use to generate new coins and verify new transactions. Crypto miners usually get rewarded a token for every successful transaction mined, which makes crypto mining a profitable activity. The monetary gain of mining cryptocurrency is a motivation […]
Please make sure that all words are spelled correctly.