All news with #elastic tag

🔒 Researchers uncovered a campaign in which a threat actor exploited multiple enterprise software flaws to harvest system data and deposit it into a free-trial Elastic Cloud SIEM instance. The attacker used an encoded PowerShell payload to collect OS, hardware, Active Directory and patch details, sending records into an Elasticsearch index named systeminfo. Telemetry showed the trial was registered via a disposable email and accessed repeatedly through Kibana as the operator triaged victims. Huntress coordinated with Elastic and law enforcement to notify affected organisations and take the instance offline.

🔒 Elastic Security Labs disclosed a ClickFix campaign that leverages compromised legitimate websites to deliver a new remote access trojan named MIMICRAT. Attackers inject JavaScript to load an externally hosted PHP lure that shows a fake Cloudflare verification page and tricks victims into running a PowerShell command. A multi-stage PowerShell chain performs ETW and AMSI bypasses, then drops a Lua-based in-memory loader which decrypts shellcode to install the RAT. MIMICRAT communicates over HTTPS on port 443 using profiles that mimic web analytics and supports localized lures in 17 languages to widen impact.

🛡️ In 2025 CISOs reported that AI moved from experiment to dominant force, giving defenders major productivity gains while simultaneously enabling faster, more precise attacks. Leaders from Smartsheet, Calendly, Elastic and HCLTech say AI reshaped priorities, forced strategy changes, and amplified non-human identities and third-party risk. Heightened regulation and stricter enforcement of standards like NIST and ISO pushed security accountability up to boards.

🔒 Elastic Security Labs and Unit 42 describe a China‑focused campaign in which the actor Dragon Breath uses a multi‑stage loader named RONINGLOADER to deliver a modified Gh0st RAT. The attack leverages trojanized NSIS installers that drop two embedded packages—one benign and one stealthy—to load a DLL and an encrypted tp.png file containing shellcode. The loader employs signed drivers, WDAC tampering, and Protected Process Light abuse to neutralise endpoint protections popular in the Chinese market before injecting a persistent high‑privilege backdoor.

🔧 Amazon OpenSearch Service announced support for Derived Source, an opt-in feature that lets you omit persisting the document _source and reconstruct it dynamically when needed. The capability, available with OpenSearch 3.1, reduces domain storage by skipping stored _source fields while still supporting search, get, mget, reindex, and update operations. Enable Derived Source at index creation using composite index settings.

⚡ OpenSearch introduces the Star-Tree Index, an opt-in index type that pre-aggregates data at ingestion to enable sub-second responses for frequent high-cardinality and multi-dimensional aggregations such as terms, histogram, and range. The feature is designed for real-time analytics and requires no query syntax changes; OpenSearch automatically routes supported queries to the optimized path. Early benchmarks indicate markedly faster aggregation performance on large datasets with minimal impact to ingestion throughput. Available in regions that support OpenSearch 3.1 and enabled at index creation via composite index settings.