CyberSecurity news

FlagThis - #elastic

Ameer Owda@socradar.io //

Critical Kibana Vulnerability Exposes Systems to Code Execution

A critical security vulnerability, CVE-2025-25012, has been identified in Kibana, the data visualization platform used with Elasticsearch. This flaw stems from prototype pollution and could enable attackers to execute arbitrary code on affected systems. Given Kibana's widespread adoption across various industries, this vulnerability poses a significant risk to data security, integrity, and system stability. The vulnerability has a CVSS score of 9.9.

Versions 8.15.0 up to 8.17.3 are affected, where users with the Viewer role can be exploited, and versions 8.17.1 and 8.17.2 can be exploited through roles with elevated privileges. It is advised to update Kibana to version 8.17.3. Immediate action is crucial for organizations using vulnerable versions of Kibana to mitigate the potential for unauthorized access, data exfiltration, and service disruption.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • socradar.io: Critical Kibana Vulnerability (CVE-2025-25012) Exposes Systems to Code Execution, Patch Now
  • securityaffairs.com: Security Affairs article on Elastic patching critical Kibana flaw.
  • The Hacker News: The Hacker News article on Elastic releasing an urgent fix for a critical Kibana vulnerability.
  • thecyberexpress.com: Elastic Issues Urgent Update for Critical Kibana Vulnerability Exposing Remote Code Execution Risk
  • Rescana: Critical Kibana Vulnerability Report: Urgent Mitigation Needed for CVE-2025-25015
  • securityonline.info: CVE-2025-25012 (CVSS 9.9): Critical Code Execution Vulnerability Patched in Elastic Kibana
  • securityonline.info: CVE-2025-25015 (CVSS 9.9): Critical Code Execution Vulnerability Patched in Elastic Kibana
  • research.kudelskisecurity.com: Critical Kibana Vulnerability Enabling Remote Code Execution (CVE-2025-25012)
  • Tom Sellers: Elastic has published a security advisory for a CVSSv3 9.9 rated RCE in Kibana versions 8.15.0 to 8.17.2. The access required varies depending on the version, see the post below. Kibana version 8.17.3 has been released to address this vulnerability.
  • securityaffairs.com: Elastic patches critical Kibana flaw allowing code execution
Classification:
  • HashTags: #Kibana #Vulnerability #Elasticsearch
  • Company: SocRadar
  • Target: Kibana Users
  • Product: Kibana
  • Feature: Code Execution
  • Malware: CVE-2025-25012
  • Type: Vulnerability
  • Severity: Critical
info@thehackernews.com (The@The Hacker News //

OUTLAW Linux Botnet Expands with SSH Brute Force

The OUTLAW Linux botnet is rapidly expanding by targeting vulnerable SSH servers through brute-force attacks. Cybersecurity researchers have identified the botnet, also known as Dota, as an "auto-propagating" cryptocurrency mining operation that uses simple yet effective techniques to maintain persistence on compromised systems. This includes exploiting weak credentials, manipulating SSH keys, and leveraging cron jobs to ensure the malware restarts after reboots or termination attempts.

The botnet uses a multi-stage infection process, beginning with a dropper shell script that downloads and unpacks a malicious archive file. This file launches a modified XMRig miner for cryptojacking and installs components in hidden directories to avoid detection. The botnet also uses a custom SSH brute-forcer called BLITZ to scan for and infect other vulnerable systems on the network, perpetuating its spread in a worm-like fashion. Despite its basic techniques, OUTLAW has proven to be a persistent and effective threat.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • securityonline.info: Outlaw Linux Malware: Persistent Threat Leveraging Simplicity
  • www.scworld.com: Additional details on Outlaw Linux cryptomining botnet emerge
  • Cyber Security News: Attackers aim to find zero-days in the PAN-OS gateways they can exploit.
  • The Hacker News: Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with weak credentials.
Classification:
@cyberinsider.com //

FinalDraft Malware Uses Outlook Drafts for C2

A new malware family, dubbed FinalDraft, has been discovered using Microsoft Outlook drafts for command-and-control (C2) communication. This covert method allows the malware to blend into typical Microsoft 365 traffic, making it harder to detect. The malware has been used in attacks against a ministry in a South American country and was identified by Elastic Security Labs during an investigation into the REF7707 intrusion set.

The FinalDraft toolkit includes a loader, named PathLoader, a backdoor, and multiple submodules. PathLoader is a lightweight Windows PE executable that downloads AES-encrypted shellcode from attacker-controlled infrastructure, decrypts it, and executes it in memory, avoiding static analysis through API hashing and obfuscation. FinalDraft itself is a 64-bit malware written in C++ focused on data exfiltration and process injection, exploiting Outlook's mail drafts as a C2 channel. The malware creates session draft emails, reads and deletes command request drafts generated by the attackers, executes commands, and writes responses as draft emails.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • cyberinsider.com: Elastic Security Labs has identified a new malware family named FinalDraft, that uses Microsoft’s Graph API to communicate through Outlook email drafts, allowing attackers to bypass traditional network monitoring.
  • Virus Bulletin: infosec.exchange post on finaldraft
  • The Hacker News: FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux
  • BleepingComputer: A new malware called FinalDraft has been using Outlook email drafts for command-and-control communication in attacks against a ministry in a South American country.
  • securityonline.info: SecurityOnline article detailing how FinalDraft malware uses Outlook drafts for covert communication.
  • www.bleepingcomputer.com: BleepingComputer news article on FinalDraft malware abusing Outlook email drafts for command-and-control.
  • securityonline.info: In a recent investigation into the REF7707 intrusion set, Elastic Security Labs has identified a new malware family The post appeared first on .
  • Anonymous ???????? :af:: A new malware called FinalDraft has been using email drafts for command-and-control communication in attacks against a ministry in a South American country.
Classification:
  • HashTags: #FinalDraftMalware #MicrosoftOutlook #StealthyCommunication
  • Target: South American ministry
  • Product: Microsoft Outlook
  • Malware: FinalDraft
  • Type: Malware
  • Severity: Medium

Posts

Blogs

Research Tools