Elastic Security Labs is tracking likely multiple on-net threat actors leveraging Exchange exploits, web shells, and the newly discovered SiestaGraph implant to achieve and maintain access, escalate privilege, and exfiltrate targeted data.
Discover our latest findings & strategic recommendations to better stay informed of potential directions threat actors may focus on.
Elastic Security Labs ist jetzt die offizielle Anlaufstelle für Bedrohungsforschung. Dort können Sie jederzeit Forschungen zu Sicherheitsbedrohungen finden und teilen, um Ihren Arbeitsplatz und die Branche allgemein besser zu schützen.
Elastic is deploying a new malware signature to identify the use of the Follina vulnerability. Learn more in this post.
Provide executive-level details about CVE-2022-22965, a recently-disclosed remote code execution (RCE) vulnerability also known as “Spring4Shell”.
In response to the Microsoft HAFNIUM 0-day exploit, Elastic Security has identified IoCs for highly damaging adversary objectives. Users with on-premise Exchange servers are advised to patch as soon as possible. View full details of identified IoCs.
Elastic Security has been updated and our users are not affected by SolarWinds’ recent security advisory regarding a supply-chain attack on the Orion management platform. Identify potential attacks using new and existing rules in this post.
Elastic will offer free Elastic Endpoint Security to the 2020 US presidential and congressional campaigns in partnership with Defending Digital Campaigns.
The absence of a turnkey validation toolkit with sufficient detail to account for the range of adversary behavior further limits an organization’s ability to ca