Grey Noise

The GreyNoise Labs team shares one way to dig into HTTP content in PCAPs generated by our Early Access Program sensors.

Citrix's NetScaler ADC and NetScaler Gateway have, once more, been found to have multiple vulnerabilities, tracked as CVE-2023-4966 and CVE-2023-4967. Read this blog to get all the details.

Explore an in-depth analysis of the critical software Web UI Privilege Escalation Vulnerability, CVE-2023-20198, in Cisco IOS XE. Learn about its exploitation in the wild, the threat it poses, and the current lack of a patch. Understand how it's leveraged for initial access and the subsequent delivery of an implant through an undetermined mechanism. Also discover how GreyNoise can help provide timely intelligence surrounding activity related to these Cisco IOS XE systems.‍

Discover Precursor, a revolutionary tool for payload similarity analysis in data science and cybersecurity. Dive deep into its features, potential applications, and how it can enhance your work in threat intelligence, malware detection, and network traffic analysis. Learn more now!"

On October 11th, 2023, a heap-based buffer overflow in curl was disclosed under the identifier CVE-2023-38545. The vulnerability affects libcurl 7.69.0 to and including 8.3.0. Vulnerable versions of libcurl may be embedded in existing applications. However, to reach the vulnerable code path, the application must be configured to utilize one of the SOCKS5 proxy modes and attempt to resolve a hostname with extraneous length.

A critical zero-day vulnerability has recently been discovered in the Confluence Data Center and Server. The vulnerability, known as CVE-2023-22515 and scored a CVSS 10 out of 10, is a privilege escalation vulnerability that allows external attackers to exploit the system and create administrator accounts that can be used to access Confluence instances. Check out this blog for all the details GreyNoise has compiled on this vulnerability.

The blog post introduces Sift, a new tool from GreyNoise that helps threat hunters filter out noise and prioritize investigation of potentially malicious web traffic. Sift uses AI techniques like large language models to analyze HTTP requests seen across GreyNoise's sensor network and generate reports on new and relevant threats. The reports describe and analyze suspicious payloads, estimate the threat level, provide contextual tags/information on associated IPs, and suggest Suricata rules to detect similar traffic. This allows analysts to focus only on the most critical potential threats instead of sifting through millions of requests manually. Sift is currently limited to HTTP traffic but will expand to other protocols soon. The post invites readers to provide feedback on how to further develop Sift's capabilities, such as expanding historical reports, customizing for specific organizations, analyzing submitted PCAPs, and integrating additional GreyNoise data/tools.

GreyNoise is excited to officially announce the emergence of GreyNoise Labs and Labs API. Check out this post to learn more.

This post recaps our recent webinar "How MSSPs Can Leverage Automation to Reduce Alerts & Maximize their Analysts." Check it out to see key takeaways related to their automation journey.

GreyNoise Labs introduces their new greynoiselabs CLI tool to work with cutting edge, experimental APIs that expose planetary scale internet honeypot and scan data to help defenders stay one step ahead of adversaries.

GreyNoise tags come from extremely talented humans who painstakingly craft detection rules for emergent threats that pass our “100%” test every time. Last week was bonkers when it comes to the number of tags (7) our team cranked out. Check out this blog to see why.

Many traditional threat intelligence solutions used by MSSPs can have an unintended consequence of creating more noise for your security operations center (SOC) – GreyNoise changes that. In this post, we will take a deeper look at exactly HOW existing GreyNoise MSSP customers are realizing these benefits.

The GreyNoise Labs team is proud to have hosted the GreyNoise NoiseFest 2023 CTF - who knows if we will do it again, but we had fun, so here’s a walkthrough on how and why we did it.

In this post we break down some of the broader themes from Black Hat and DEF CON 2023 and pull out some recurring themes across each that would cause some consternation for CISOs, CIOs, CEOs, and board members.

The Managed Security Service Provider (MSSP) and Managed Detection and Response (MDR) markets continue to face significant challenges in handling a large number of security alerts and vulnerabilities across multiple client environments. In this blog post you'll discover how GreyNoise helps these organizations reduce costs, improve scalability, and beat the adversary.

As we roll through the summer, GreyNoise is back from its July two-week shutdown with a bunch of fresh new improvements, including 63 new tags and a bunch of exciting new data insights for our customers to explore in our Labs API. We’ve also updated our integrations to add support for our IP Similarity and Timeline for our Palo Alto customers. Check out all our product updates for June and July.

Citrix has disclosed CVE-2023-3519, a remote code execution vulnerability, but further scrutiny reveals multiple vulnerabilities.

During our latest webinar we discussed some common use cases using GreyNoise with other SOAR platforms. The main goal of using GreyNoise with other SOAR platforms is to more quickly identify either opportunistic attacks, get better insight into how infrastructure is being used, as well as enriching alerts using RIOT data to IP's associated with common business services.

Artificial Intelligence and Machine Learning can provide extreme value to your product and workflows, but they are not trivial to introduce. With some care and simple guidelines, you can implement these in a way that helps your users without creating additional burden or ambiguity. 

GreyNoise researchers have identified active exploitation for a remote code execution (RCE) vulnerability in Citrix ShareFile (CVE-2023-24489)