,Key takeaways:Elastic Security uncovered a stealthy malware campaign that leverages valid code signing certificates to evade detectionA novel malware loader, BLISTER was used to execute second stage malware payloads in-memory and maintain persistenceThe identified malware samples have very low or no detections on VirusTotalElastic provided layered prevention coverage from this threat out of the boxOverviewThe Elastic Security team identified a noteworthy cluster of malicious activity after revi
,We are pleased to announce new versions of Elasticsearch and Logstash, 7.16.2 and 6.8.22, to upgrade to the latest release of Apache Log4j and address false positive concerns with some vulnerability scanners. Elastic also maintains ongoing updates via our advisory to ensure our Elastic customers and our communities can stay up-to-date on the latest developments. December 10th started with the public disclosure of the Apache Log4j vulnerability - CVE-2021-44228 affecting the popular open sourc
,Welcome to Elastic’s Log4j2 vulnerability information hub. Here we will explain what the specific Log4j2 vulnerability is, why it matters, and what tools and resources Elastic is providing to help negate the opportunity for malware exploits, cyberattacks, and other cybersecurity risks stemming from Log4j2. What is Log4j2? Log4j2 is an open source logging framework incorporated into many Java based applications on both end-user systems and servers. It is one of the most popular logging librarie
