Cisco Talos Honeypot Analysis Reveals Rise in Attacks on Elasticsearch Clusters

Christopher Evans of Cisco Talos conducted the research for this post. Executive Summary Cisco Talos warns users that they need to keep a close eye on unsecured Elasticsearch clusters. We have recently observed a spike in attacks from multiple threat actors targeting these clusters. These attacke...

CVE-2018-3825

In Elastic Cloud Enterprise ECE versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, this master key is predictable across all ECE deployments. If an attacker can connect to ZooKeeper...