ThoughtLab’s newly released cybersecurity benchmark study revealed that cybersecurity is at a critical inflection point across industries.

Threats knock on your door all the time. In this research piece, we explore BPFDoor — a backdoor payload specifically crafted for Linux in order to gain re-entry into a previously or actively compromised target environment. This payload has been observed across systems for five years, suggesting that the threat actors responsible for operating the malware have been around for some time and have likely operated undetected in many environments.

Today, we’re happy to announce that Elastic and Tines are partnering to help our joint users detect security threats and reduce mean time to respond. Many of the world’s best security teams rely on the power of Elastic’s high-speed, cloud-scale detection, prevention, and response capabilities to investigate and contain potential security threats within their environments.

Cybersecurity strategies within cloud environments are often seen as a complicated landscape with rapidly developing technologies, architectures, and terms. Simultaneously, there are continuously motivated individuals and groups trying to utilize vulnerabilities for illicit uses such as to increase access to the data, install malware, disrupt services, and more.

Yesterday, the Elastic Security Research Team released a detailed report outlining technical details regarding the BLISTER launcher, a sophisticated campaign that we uncovered in December 2021. This latest release continues on research we’ve developed while observing the campaign over the last few months — specifically pertaining to the technical details of how the group behind this payload is able to stay under the radar and evade detection for many new samples identified.

Elastic Security 8.2 powers the efficiency and effectiveness of security teams, arming analysts with invaluable insights and deep visibility into the attacks targeting their organization. The release delivers rich alert contextualization, osquery host inspection directly from an alert, new investigation guides, and the general availability of threat intelligence. Let’s jump in.