Storm⚡️Watch by GreyNoise Intelligence GreyNoise Intelligence

Half of the Storm⚡Watch crew is DoS’d at RSA this week, so we’re taking a bit of a break! But, the cyber news never stops, so, we’ve put together an async edition of the show to ensure our amazing live contributors, video-on-demand viewers, and podcast listeners have something to fill the dire gap that will exist in your lives.
Rest assured, we’ll be back next Tuesday with the full crew and plenty to dig into. Read the accompanying blog/show notes here.
Storm Watch Homepage >>
Learn more about GreyNoise >>
 
 

Forecast = Great weather for phishing, with a chance of scattered ransomware showers throughout the week.
This week's episode features a detailed discussion on the use of anonymous proxies in cybersecurity. This segment will explore various facets of anonymous proxies, including their role in masking user identity and the challenges they pose to cybersecurity efforts. The discussion will be enriched with insights from several sources, including Okta, Orange Cyber Defense, Talos Intelligence, and DataDome, providing a comprehensive overview of how these proxies are used and detected in the cyber landscape.
Another highlight of the episode is the "Cyber Spotlight" segment, which will delve into the intriguing world of vulnerability markets. This discussion will be informed by research from arXiv, offering listeners a deep dive into the complexities and ethical considerations surrounding the trade and exploitation of software vulnerabilities.
Listeners will also be introduced to Arkime, an open-source tool designed for network traffic analysis, in the "Tool Time" segment. This tool is crucial for professionals looking to gain deeper insights into their network traffic and enhance their security posture.
The episode will not shy away from promoting its own advancements and contributions to the cybersecurity field. Under "Shameless Self-Promotion," the podcast will discuss Censys and its recent findings on CVE-2024-4040, as well as GreyNoise's insights into Fortinet's FortiOS and their user-centric approach to cybersecurity.
The "Tag Roundup" segment will provide updates on recent and active cybersecurity campaigns, offering listeners a snapshot of the current threat landscape, while the "We Need to Talk About KEV" segment will focus on a roundup of known exploited vulnerabilities, providing crucial information for cybersecurity defense.
Storm Watch Homepage >>
Learn more about GreyNoise >>
 

In this episode of Storm⚡️Watch, we discuss a wide range of intriguing cybersecurity topics.
A significant highlight of this episode is our discussion on the recent vulnerabilities discovered in CrushFTP. This popular file transfer software was found to have a critical remote code execution vulnerability, which has been actively exploited. The vulnerability, identified as CVE-2023-43177, allows unauthenticated attackers to execute arbitrary code and access sensitive data. Despite patches being released, the software remains a target for opportunistic attacks, emphasizing the need for users to update and secure their systems promptly.
We also explore the cutting-edge realm of LLM (Large Language Model) agents with the capability to autonomously exploit and hack websites. Recent studies have shown that these agents can autonomously perform complex tasks like SQL injections and database schema extractions without prior knowledge of the vulnerabilities. This development poses new challenges and opportunities in cybersecurity, highlighting the dual-use nature of AI technologies in cyber offense and defense.
Our "Tool Time" segment introduces listeners to the CPE Guesser tools, which aid in predicting Common Platform Enumeration names, helping cybersecurity professionals streamline their vulnerability management processes.
In a lighter segment, "Shameless Self-Promotion," we celebrate GreyNoise's achievement of reaching '1337' status with their tagging system.
We also provide updates on the latest cybersecurity trends with our "Tag Roundup," discussing recent and active campaigns, and conclude with a "KEV Roundup" where we discuss the Known Exploited Vulnerabilities catalog by CISA, providing listeners with crucial information on vulnerabilities that require immediate attention.
As we wrap up the episode, we reflect on the discussions and insights shared, encouraging our listeners to stay proactive in managing cybersecurity risks.
Forecast = The KEV drought continues well-into its second week, but a vulnerable frontal system could bring some much needed exploit rain.
Storm Watch Homepage >>
Learn more about GreyNoise >>
 

Forecast = Scattered AI showers with a chance of phishing breezes.
‍
In this episode of Storm⚡Watch, listeners delve into the latest AI technology and its impact on cybersecurity. Featuring Erick Galinkin, an esteemed AI expert, the discussion covers various topics, from Erick's AI security work at NVIDIA to recent AI-assisted threats affecting LastPass and healthcare facilities. Additionally, insights from Check Point's President on AI's evolving role in cybersecurity, as discussed in a December 2023 Fortune article, are shared.
In the cyber spotlight, the team examines a XZ-style attack attempt on OpenJS, signaling a concerning development for the JavaScript community. The episode also includes a tool time segment featuring Malpedia, an extensive library of malware profiles, and a captivating data visualization project mapping out malware relationships.
As usual, the show embraces a touch of self-promotion, providing updates on Censys' research into vulnerabilities affecting D-Link and Sisense. GreyNoise shares highlights from the recent NetNoiseCon event and discusses a command injection vulnerability in Palo Alto Networks' PAN-OS.
We close it out with a tag roundup, spotlighting recent tags and active campaigns from GreyNoise's visualization tools. In addition, the episode offers a KEV roundup, summarizing the Known Exploited Vulnerabilities catalog from CISA, ensuring listeners are well-informed on current cybersecurity challenges.
Storm Watch Homepage >>
Learn more about GreyNoise >>
 

Forecast = Hazy, with a 60% chance of KEV squals towards the end of the week.
In this episode of Storm⚡Watch, we start by discussing Ivanti's CEO Jeff Abbott's pledge for a comprehensive security overhaul following a series of breaches linked to vulnerabilities, including CVE-2024-21894. We also explore Andres Freund's accidental heroism in uncovering a backdoor in Linux software, and delve into the vulnerability of D-Link NAS devices to remote code execution.
Cybersecurity Frontlines: Ivanti's Pledge and Vulnerabilities Ivanti CEO Jeff Abbott has publicly committed to a comprehensive security overhaul following
a series of breaches linked to vulnerabilities in Ivanti's products. This episode will explore the
implications of Ivanti's new security initiatives and the recent discovery of critical
vulnerabilities, including CVE-2024-21894, a heap overflow vulnerability in Ivanti Connect
Secure and Policy Secure. We'll discuss the company's promise to adopt a Secure-By-
Design ethos and the potential impact on the cybersecurity community.
Andres Freund: The Accidental Hero
 Our Cyber Spotlight shines on Andres Freund, a software engineer whose routine
maintenance work led to the inadvertent discovery of a backdoor in a piece of Linux software
(XZ). This discovery potentially thwarted a major cyberattack, earning Freund accolades from
the tech community and a feature in The New York Times. We'll discuss the critical role of
open-source software maintainers in cybersecurity and the importance of vigilance in the
industry.

D-Link NAS Devices Under Siege
 A significant threat looms over users of D-Link NAS devices as CVE-2024-3273, a remote
code execution vulnerability, is actively being exploited in the wild. With, perhaps, 92,000
devices at risk, we'll dissect the nature of the vulnerability, the hardcoded backdoor account,
and the command injection flaw that leaves these devices open to attack. We'll also cover the
steps D-Link has taken to address the issue and the importance of securing legacy devices.

Shameless Self-Promotion: GreyNoise and Censys
 Don't miss our segment on GreyNoise and Censys, where we'll highlight their contributions to the cybersecurity field. GreyNoise's analysis of the D-Link NAS vulnerability and their
upcoming NetNoiseCon event are on the agenda, as well as Censys' Threat Hunting
Workshop in Philadelphia.

Tag Round-Up: Vulnerability Alerts
 We'll wrap up with a rapid-fire rundown of recent vulnerability alerts, including a variety of
CVEs that have been identified and tagged for tracking. This segment will provide listeners
with a concise overview of the threats they should be aware of and the actions they can take
to protect their systems.
Storm Watch Homepage >>
Learn more about GreyNoise >>
 

In this episode of Storm⚡️Watch, we cover a variety of cybersecurity topics, opening with a poignant tribute to Ross J. Anderson. Anderson's legacy is vast, with contributions spanning machine learning, cryptographic protocols, and digital rights advocacy. His seminal textbook, "Security Engineering," has been a cornerstone in the education of many in the field. His passing is a significant loss to the academic and security communities, leaving behind a legacy that will continue to influence for years to come.
This week we are also joined by special guest Zach Hanley of Horizon3AI. Hanley shares his journey into cybersecurity and the founding of Horizon3AI, as well as insights into the innovative NodeZero platform. This platform aids organizations in focusing on safety and resilience, a crucial aspect in today's digital landscape. Hanley also discusses the three key challenges outlined in Horizon3AI's 2023 report, "Proactive Cybersecurity Unleashed," providing listeners with a glimpse into the ongoing struggles organizations face in cybersecurity.
In the segment "Cyberside Chat: Big (Tech) Trouble In Little China," we cover recent sanctions by the United States Treasury Department on individuals linked to the Chinese hacking group APT31, known for targeting critical U.S. infrastructure. Additionally, we discuss the formation of a Water Sector Cybersecurity Task Force in response to threats from the Chinese hacking group Volt Typhoon, and the implications of China's revised state secrets law for U.S. tech firms operating in China.
For those interested in the technical side of cybersecurity, we introduce "vulnerability lookup," a tool for fast vulnerability lookup correlation from different sources. This tool is a rewrite of cve-search and supports independent vulnerability ID management and coordinated vulnerability disclosure (CVD).
As usual we wrap up with a roundup of recent tags and active campaigns and discuss the Known Exploited Vulnerabilities (KEV) catalog from CISA.
Episode Slides >>
Storm Watch Homepage >>
Learn more about GreyNoise >>