With the release of Elastic Security 8.1, enhance defenses against novel attacks like Log4Shell and prevent adversaries from compromising macOS systems. Achieve visibility into host-based network activity, leverage new sources of threat intelligence, collect data from across your enterprise, and more. Let’s jump in.

Elastic Security discovered PHOREAL malware, which is targeting Southeast Asia financial organizations, particularly those in the Vietnamese financial sector. Given the continuous pace of malware development, it's no surprise that adversarial groups will leverage successful campaigns as the basis of developing future attacks, and the recently discovered backdoor campaign targeting Vietnamese financial services is no exception.

The idea behind the SIEM (and now XDR!) technologies was to provide a single engine at the heart of the SOC, aggregating data, enabling analytics and powering workflow automation. The SIEM would act as one place to train analysts and integrate a range of complementary technologies and processes. Given the efficiency that comes from centralization, I was surprised to hear that a growing number of defenders are actually using two SIEMs. Why is that?

Many modern applications are regularly accessed by countless users from all over the world, which makes it difficult to identify anomalous patterns in login activity indicative of a security breach. This challenge is compounded by the fact that people travel often and regularly access their accounts from new locations. To detect this common attack vector, the Datadog Cloud SIEM now provides the impossible travel detection rule type which helps you spot suspicious logins with confidence.

Recently, we have seen several malware campaigns attacking Ukrainian organizations — Operation Bleeding Bear is a recent one of note. Elastic Security researchers recently verified a data wiper malware campaign that is targeting Ukrainian systems. As this malware campaign is new, with more information being uncovered hourly, it is being referred to as HERMETICWIPER.

We are excited to announce that Gartner has awarded ManageEngine Firewall Analyzer with the Peer Insights Customers’ Choice award for SIEM for 2021. We are humbled and thank all of our customers who have taken the time to review us on Gartner.

I joined Devo in May of 2021 to lead the company’s FedRAMP efforts. After a lot of work from many talented, experienced people, we have reached our first public milestone. Devo is now officially listed as “In-Process” on the FedRAMP Marketplace! First, I want to thank the Small Business Administration (SBA) for being our FedRAMP sponsor. We couldn’t have achieved this initial milestone without their support.

Gary Pelczar, Devo’s vice president of global alliances, has been named a 2022 Channel Chief by CRN. Gary and his team launched Devo Drive, the company’s partner program for resellers, MSSPs and global systems integrators in 2021. In this post Gary shares his thoughts about the growth of Devo Drive, the value Devo delivers to partners, and what lies ahead.

Readers Note : This is a summarized post of a detailed write up by the Elastic Security Intelligence and Analytics team. A deep dive on UAC Bypass is available to read here.