Blog / Uncategorized / Detecting and responding to Apos malware with Wazuh

Apos, first identified in April 2024, has drawn significant attention in the security community due to its stealthy behavior and layered infection chain. Unlike opportunistic threats that indiscriminately target systems, Apos demonstrates a calculated focus on persistence and evasion. The malware often masquerades as legitimate software components, mimicking processes such as Chrome extension updates to […]

Blog / Engineering / Detecting and responding to Cephalus ransomware with Wazuh

Cephalus ransomware surfaced in mid-August 2025 and quickly attracted attention for its stealth and operational precision. The threat actors demonstrate a clear financial motivation and rely on initial access vectors. They exploit weak or exposed Remote Desktop Protocol (RDP) configurations, particularly targeting accounts lacking Multi-Factor Authentication (MFA) protection, to gain unauthorized access. Cephalus ransomware targets […]

Blog / Engineering / Detect and respond to BlackSuit ransomware with Wazuh

BlackSuit ransomware is a malicious software designed to infiltrate computer systems and encrypt critical data. It primarily targets high-value organizations across critical sectors showcasing its potential to disrupt operations and inflict widespread damage. This ransomware has caused substantial financial losses and operational disruptions across various industries. Understanding how BlackSuit operates and implementing detection strategies against […]

Blog / Engineering / Detecting Brain Cipher ransomware with Wazuh

Brain Cipher is a ransomware strain that surfaced in the middle of 2024, rapidly making its presence felt across various sectors worldwide. Its popularity skyrocketed following a high-profile attack on Indonesia’s National Data Center, which disrupted over 200 government agencies and critical public services, including immigration systems. Built on the leaked LockBit 3.0 builder, Brain […]

Blog / Engineering / Achieving CJIS compliance with Wazuh

The Criminal Justice Information Services (CJIS) security policy 2022, version 5.9.1, establishes the standards for safeguarding sensitive criminal justice information (CJI) in the United States. Issued by the FBI, this policy specifies the necessary security measures to maintain the confidentiality, integrity, and availability of CJI throughout its lifecycle. It imposes stringent controls on data access […]

Blog / Engineering / Detecting and removing Sosano backdoor malware with Wazuh

The Sosano backdoor emerged in late 2024 as a stealthy malware strain. It was used in a highly targeted campaign against organizations in critical sectors, including aviation, satellite communications, and transportation infrastructure. What sets the Sosano backdoor apart is its use of polyglot files – a rare and sophisticated technique that allows malware to masquerade […]

Blog / Engineering / Detecting Chrome CVE-2025-4664 vulnerability with Wazuh

A newly disclosed zero-day vulnerability, tracked as CVE-2025-4664, has recently been discovered to affect Google Chrome and Chromium web browsers on Windows and Linux endpoints, respectively. This vulnerability affects the Loader component of the browser, causing serious implications for cross-origin data protection, especially in environments that rely on Chrome’s referrer policies for safeguarding sensitive information. […]

Blog / Engineering / Integrating ServiceNow with Wazuh

ServiceNow is a cloud-based platform for IT Service Management (ITSM) that helps organizations manage digital workflows for enterprise operations. It provides a centralized system for handling incidents, changes, and requests, enabling process automation, visibility across departments, and structured response procedures. Integrating ServiceNow with Wazuh combines Wazuh threat detection and response capabilities with ServiceNow incident management. […]