Guilgo Blog

Notes from my daily work with technology.

Wazuh releases 4.9.1 to mitigate Mirai botnet attacks (CVE-2025-24016)

Wazuh has released 4.9.1, which fixes the CVE-2025-24016 vulnerability (insecure deserialization in the Wazuh Server) that was later exploited by Mirai variants against exposed servers. Effective mitigation is to upgrade to 4.9.1 or later on manager, indexer and dashboard, then upgrade agents to maintain compatibility.

Executive summary

  • CVE-2025-24016 allows RCE on wazuh-manager (v ≥ 4.4.0 and < 4.9.1). Fixed in 4.9.1.
  • There was active exploitation by Mirai botnets in 2025 against servers with exposed API.
  • Wazuh stated that the bug requires API credentials; with panel or API exposed and weak keys, the risk is critical.

Sources: CVE/NVD, Release notes 4.9.1, Akamai/Censys advisories and official upgrade guide.

Posted by David Guillermo on Tuesday, September 30, 2025

Monitoring Active Directory and Office365 with Wazuh: custom rules and critical events

How to deploy Wazuh as SIEM/XDR to meet cybersecurity requirements, detecting account lockouts, authentication failures and key events on Windows and Office365.

How to deploy Wazuh to monitor Active Directory and Office365 with custom rules in local_rules.xml, critical EventIDs and centralized Kibana dashboards.

Posted by David Guillermo on Thursday, August 28, 2025

WSUS: how to repair the SUSDB database (reset WID and content)

Step-by-step guide with PowerShell, HeidiSQL and Wsusutil.exe

Fix WSUS console errors by resetting the SUSDB database and content directory. Safe steps with PowerShell and final verification.

Posted by David Guillermo on Tuesday, September 26, 2023

SSL on Amazon Lightsail: Enable HTTPS with bncert-tool on a LAMP Instance (2026 guide)

Updated guide to enable HTTPS on Amazon Lightsail LAMP/Bitnami: static IP, DNS (apex and www), secure phpMyAdmin access, bncert-tool SSL, snapshots and maintenance.

Posted by David Guillermo on Monday, July 3, 2023

Zabbix 6 on Docker: Monitoring Stack with MySQL, Nginx and Agents

How to deploy Zabbix 6 on Docker with MySQL and Nginx: persistent volumes, custom network, server/frontend/agent containers, and how to fix the 'dbversion table not found' error.

Posted by David Guillermo on Thursday, June 9, 2022

avatar

Sysadmin, self-taught by curiosity.

FEATURED TAGS
docker kubernetes linux microsoft monitoring powershell security sysadmin telegram wazuh wsus