Devon Kerr

Author

Devon Kerr

Elastic Security Labs Lead, Elastic

Subscribe

Articles

Fall 2023 Global Threat Report Outro

Fall 2023 Global Threat Report Outro

This article highlights the essential contributions to the Global Threat Report from the Security Intelligence team, and describes three major phenomena impacting the threat landscape.

Elastic users protected from SUDDENICON’s supply chain attack

Elastic users protected from SUDDENICON’s supply chain attack

Elastic Security Labs is releasing a triage analysis to assist 3CX customers in the initial detection of SUDDENICON, a potential supply-chain compromise affecting 3CX VOIP softphone users.

Elastic publishes 2023 Global Threat Report Spring Edition

Elastic publishes 2023 Global Threat Report Spring Edition

This week, we’re publishing a new version of this report that’s online and interactive, which includes additional data covering the remainder of 2022, written using Elastic technologies.

Elastic Global Threat Report Multipart Series Overview

Elastic Global Threat Report Multipart Series Overview

Each month, the Elastic Security Labs team dissects a different trend or correlation from the Elastic Global Threat Report. This post provides an overview of those individual publications.

Update to the REF2924 intrusion set and related campaigns

Update to the REF2924 intrusion set and related campaigns

Elastic Security Labs is providing an update to the REF2924 research published in December of 2022. This update includes malware analysis of the implants, additional findings, and associations with other intrusions.

Vulnerability summary: Follina, CVE-2022-30190

Vulnerability summary: Follina, CVE-2022-30190

Elastic is deploying a new malware signature to identify the use of the Follina vulnerability. Learn more in this post.

SiestaGraph: New implant uncovered in ASEAN member foreign ministry

SiestaGraph: New implant uncovered in ASEAN member foreign ministry

Elastic Security Labs is tracking likely multiple on-net threat actors leveraging Exchange exploits, web shells, and the newly discovered SiestaGraph implant to achieve and maintain access, escalate privilege, and exfiltrate targeted data.

2022 Elastic Global Threat Report Announcement

2022 Elastic Global Threat Report Announcement

Discover our latest findings & strategic recommendations to better stay informed of potential directions threat actors may focus on.

Elastic's response to the Spring4Shell vulnerability (CVE-2022-22965)

Elastic's response to the Spring4Shell vulnerability (CVE-2022-22965)

Provide executive-level details about CVE-2022-22965, a recently-disclosed remote code execution (RCE) vulnerability also known as “Spring4Shell”.