Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label elastic. Show all posts
Zero Day
Cyber Security EDR elastic PoC Software Zero Day

Elastic Denies Serious Security Flaw in Its Defend Software

 



Elastic, the company known for its enterprise search and security products, has pushed back against recent claims of a serious vulnerability in its Defend endpoint detection and response (EDR) tool.

The controversy began after a small cybersecurity group, AshES Cybersecurity, published a blog post on August 16. In their write-up, they said they had discovered a “zero-day” bug, a term used to describe flaws that are unknown to the software maker and therefore left unpatched. According to AshES, the issue was a remote code execution (RCE) vulnerability in Elastic Defend’s kernel driver called elastic-endpoint-driver.sys. They suggested that an attacker could exploit this flaw to avoid being monitored by the EDR system, run malicious code, and even maintain long-term access to a computer.

To support their claims, the researcher from AshES described using a custom-built driver in a controlled test to trigger the flaw. However, the group did not provide Elastic with a full proof-of-concept (PoC) — the technical demonstration usually required to verify a security bug.

Elastic quickly responded with a detailed statement. Its internal Security Engineering team said they carried out a “thorough investigation” but were unable to find any evidence that the vulnerability exists. They also noted that AshES had sent in multiple reports but that none contained sufficient detail to recreate the alleged exploit. Elastic stressed that without reproducible proof, such claims cannot be confirmed.

The company also pointed out that AshES declined to share the PoC directly with Elastic or its bug bounty team. Instead, the researchers chose to publish their findings publicly, which runs counter to the practice of coordinated disclosure: a process where researchers privately alert a company first, allowing time to investigate and fix issues before public release.

Elastic reaffirmed that it takes all security reports seriously and highlighted its long-standing bug bounty program, which has been in place since 2017. Through this program, the company has paid more than $600,000 to independent researchers who responsibly report real, verifiable vulnerabilities.

At this stage, the alleged zero-day flaw remains unconfirmed, and Elastic maintains that no evidence supports the existence of the supposed bug.


Read more »
Hackers
Cactus ransomware Cyber crimes elastic Google Hackers

Cybercriminals Are Dividing Tasks — Why That’s a Big Problem for Cybersecurity Teams

 



Cyberattacks aren’t what they used to be. Instead of one group planning and carrying out an entire attack, today’s hackers are breaking the process into parts and handing each step to different teams. This method, often seen in cybercrime now, is making it more difficult for security experts to understand and stop attacks.

In the past, cybersecurity analysts looked at threats by studying them as single operations done by one group with one goal. But that method is no longer enough. These days, many attackers specialize in just one part of an attack—like finding a way into a system, creating malware, or demanding money—and then pass on the next stage to someone else.

To better handle this shift, researchers from Cisco Talos, a cybersecurity team, have proposed updating an older method called the Diamond Model. This model originally focused on four parts of a cyberattack: the attacker, the target, the tools used, and the systems involved. The new idea is to add a fifth layer that shows how different hacker groups are connected and work together, even if they don’t share the same goals.

By tracking relationships between groups, security teams can better understand who is doing what, avoid mistakes when identifying attackers, and spot patterns across different incidents. This helps them respond more accurately and efficiently.

The idea of cybercriminals selling services isn’t new. For years, online forums have allowed criminals to buy and sell services—like renting out access to hacked systems or offering ransomware as a package. Some of these relationships are short-term, while others involve long-term partnerships where attackers work closely over time.

In one recent case, a group called ToyMaker focused only on breaking into systems. They then passed that access to another group known as Cactus, which launched a ransomware attack. This type of teamwork shows how attackers are now outsourcing parts of their operations, which makes it harder for investigators to pin down who’s responsible.

Other companies, like Elastic and Google’s cyber threat teams, have also started adapting their systems to deal with this trend. Google, for example, now uses separate labels to track what each group does and what motivates them—whether it's financial gain, political beliefs, or personal reasons. This helps avoid confusion when different groups work together for different reasons.

As cybercriminals continue to specialize, defenders will need smarter tools and better models to keep up. Understanding how hackers divide tasks and form networks may be the key to staying one step ahead in this ever-changing digital battlefield.

Read more »
Subscribe to: Posts (Atom)