Category
Vulnerability updates
This article introduces a previously-unnamed class of Windows vulnerability that demonstrates the dangers of assumption and describes some unintended security consequences.
![Vulnerability summary: Follina, CVE-2022-30190](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fvulnerability-summary-follina%2Fblog-security-detection-720x420.png&w=828&q=75)
Vulnerability summary: Follina, CVE-2022-30190
Elastic is deploying a new malware signature to identify the use of the Follina vulnerability. Learn more in this post.
![Analysis of Log4Shell vulnerability & CVE-2021-45046](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fanalysis-of-log4shell-cve-2021-45046%2Fphoto-edited-12-e.jpg&w=828&q=75)
Analysis of Log4Shell vulnerability & CVE-2021-45046
In this post, we cover next steps the Elastic Security team is taking for users to continue to protect themselves against CVE-2021-44228, or Log4Shell.
![KNOTWEED Assessment Summary](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fknotweed-assessment-summary%2Fblog-thumb-blind-spots.png&w=828&q=75)
KNOTWEED Assessment Summary
KNOTWEED deploys the Subzero spyware through the use of 0-day exploits for Adobe Reader and the Windows operating system. Once initial access is gained, it uses different sections of Subzero to maintain persistence and perform actions on the host.
![Detecting Exploitation of CVE-2021-44228 (Log4j2) with Elastic Security](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fdetecting-log4j2-with-elastic-security%2Fblog-security-detection-720x420.png&w=828&q=75)
Detecting Exploitation of CVE-2021-44228 (Log4j2) with Elastic Security
This blog post provides a summary of CVE-2021-44228 and provides Elastic Security users with detections to find active exploitation of the vulnerability in their environment. Further updates will be provided to this post as we learn more.
![Detection rules for SIGRed vulnerability](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fdetection-rules-for-sigred-vulnerability%2Fblog-thumb-security-laptop.png&w=828&q=75)
Detection rules for SIGRed vulnerability
The SIGRed vulnerability impacts all systems leveraging the Windows DNS server service (Windows 2003+). To defend your environment, we recommend implementing the detection logic included in this blog post using technology like Elastic Security.
![Elastic's response to the Spring4Shell vulnerability (CVE-2022-22965)](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-response-to-the-the-spring4shell-vulnerability-cve-2022-22965%2Fthumbnail-security-logos-lock.png&w=828&q=75)
Elastic's response to the Spring4Shell vulnerability (CVE-2022-22965)
Provide executive-level details about CVE-2022-22965, a recently-disclosed remote code execution (RCE) vulnerability also known as “Spring4Shell”.