ContactConnexion
Essai gratuiticon-magnifying-glass-24-blue.svg
icon-magnifying-glass-24-blue.svgicon-magnifying-glass-24-blue.svg
Security Labs

Topics

Vulnerability Updates

avatar

KNOTWEED Assessment Summary

KNOTWEED deploys the Subzero spyware through the use of 0-day exploits for Adobe Reader and the Windows operating system. Once initial access is gained, it uses different sections of Subzero to maintain persistence and perform actions on the host.

Par
Andrew Pease

Vulnerability summary: Follina, CVE-2022-30190

Elastic is deploying a new malware signature to identify the use of the Follina vulnerability. Learn more in this post.

Par
Devon Kerr

Elastic's response to the Spring4Shell vulnerability (CVE-2022-22965)

Provide executive-level details about CVE-2022-22965, a recently-disclosed remote code execution (RCE) vulnerability also known as “Spring4Shell”.

Par
Devon Kerr

Analysis of Log4Shell vulnerability & CVE-2021-45046

In this post, we cover next steps the Elastic Security team is taking for users to continue to protect themselves against CVE-2021-44228, or Log4Shell.

Par
Jake King

More on Vulnerability Updates

Videos

Detecting Exploitation of CVE-2021-44228 (Log4j2) with Elastic Security

This blog post provides a summary of CVE-2021-44228 and provides Elastic Security users with detections to find active exploitation of the vulnerability in their environment. Further updates will be provided to this post as we learn more.

Par
Jake King
Samir Bousseaden
Videos

Detection rules for SIGRed vulnerability

The SIGRed vulnerability impacts all systems leveraging the Windows DNS server service (Windows 2003+). To defend your environment, we recommend implementing the detection logic included in this blog post using technology like Elastic Security.

Par
Seth Goodwin
Daniel Stepanic
...