Jake King

Author

Jake King

Elastic Security Intelligence Team Lead


Articles

Elastic Advances LLM Security with Standardized Fields and Integrations

Elastic Advances LLM Security with Standardized Fields and Integrations

Discover Elastic’s latest advancements in LLM security, focusing on standardized field integrations and enhanced detection capabilities. Learn how adopting these standards can safeguard your systems.

500ms to midnight: XZ / liblzma backdoor

500ms to midnight: XZ / liblzma backdoor

Elastic Security Labs is releasing an initial analysis of the XZ Utility backdoor, including YARA rules, osquery, and KQL searches to identify potential compromises.

Analysis of Log4Shell vulnerability & CVE-2021-45046

Analysis of Log4Shell vulnerability & CVE-2021-45046

In this post, we cover next steps the Elastic Security team is taking for users to continue to protect themselves against CVE-2021-44228, or Log4Shell.

Detecting Exploitation of CVE-2021-44228 (Log4j2) with Elastic Security

Detecting Exploitation of CVE-2021-44228 (Log4j2) with Elastic Security

This blog post provides a summary of CVE-2021-44228 and provides Elastic Security users with detections to find active exploitation of the vulnerability in their environment. Further updates will be provided to this post as we learn more.

Detecting and responding to Dirty Pipe with Elastic

Detecting and responding to Dirty Pipe with Elastic

Elastic Security is releasing detection logic for the Dirty Pipe exploit.

Elastic protects against data wiper malware targeting Ukraine: HERMETICWIPER

Elastic protects against data wiper malware targeting Ukraine: HERMETICWIPER

Analysis of the HERMETICWIPER malware targeting Ukranian organizations.

A peek behind the BPFDoor

A peek behind the BPFDoor

In this research piece, we explore BPFDoor — a backdoor payload specifically crafted for Linux in order to gain re-entry into a previously or actively compromised target environment.

Nimbuspwn: Leveraging vulnerabilities to exploit Linux via Privilege Escalation

Nimbuspwn: Leveraging vulnerabilities to exploit Linux via Privilege Escalation

Microsoft 365 Defender team released a post detailing several identified vulnerabilities. These vulnerabilities allow adversarial groups to escalate privileges on Linux systems, allowing for deployment of payloads, ransomware, or other attacks.

Okta and LAPSUS$: What you need to know

Okta and LAPSUS$: What you need to know

The latest organization under the microscope of the LAPSUS$ group is Okta. Threat hunt for the recent breach targeting Okta users using these simple steps in Elastic