Grey Noise

In 2021, Ivanti patched a vulnerability that they called “code injection”. Rumors say it was a backdoor in an open source project. Let’s find out what actually happened!

See why Andrew Morris, GreyNoise's founder, is thrilled to step into his dream role as Chief Architect, focusing on technical innovation and AI strategy. With Ash Devata joining as CEO, Andrew is excited to partner with someone known for their customer focus and industry expertise, ensuring GreyNoise continues to thrive in the ever-evolving landscape of cybersecurity.

Discover insights into the drawbacks of a proposed ban on open-source SDR, and explore the argument for enhanced security measures to strike a balance between innovation and safeguarding against vulnerabilities in wireless systems.

Discover how CISA's Ransomware Vulnerability Warning Pilot (RVWP) and GreyNoise tags can bolster your cybersecurity. Learn to utilize actionable intelligence from GreyNoise to combat ransomware threats and protect your organization's technology stack, from collaboration tools to middleware services. Stay ahead of diverse ransomware attacks with our in-depth analysis and strategic defense guidance.

Welcome to our Monthly Roundup, where we curate a unique mix of articles, books, podcasts, and more that have captured the attention of the GreyNoise team. From deeply technical articles to literary treasures, join us on this eclectic journey through the media that sparks our curiosity each month. Explore + discover as we share the gems that have fueled our inspiration!

Discover the key insights from GreyNoise Labs' report on mass exploitation in 2023, including: Observations on attacker tactics and behaviors: the impact of 242 Common Vulnerabilities & Exposures (CVEs); and, the role of nation-state conflicts in the mass exploitation landscape. Learn how GreyNoise's detection network and research contribute to a safer internet.

If you want to know way too much about attacks against F5 BIG-IP devices, then this is the blog for you!

Our first-hand observations of how attackers leverage CVE-2023-46805 and CVE-2024-21887 to install cryptocurrency miners.

Get an overview of SnakeYAML deserialization vulnerabilities (CVE-2022-1471) - how it works, why it works, and what it affects.

In the blog we discuss the importance of securing your Atlassian products, provide valuable insights on various IP activities, and offer friendly advice on proactive measures to protect your organization.

See what predictions and hot takes our Storm Watch hosts have for 2024.

Discover the fascinating story of a GreyNoise researcher who found that attackers were using his demonstration code for a vulnerability instead of the real exploit. Explore the implications of this situation and learn about the importance of using accurate and up-to-date exploits in the cybersecurity community.

Discover what our amazing researcher Matthew Remacle uncovers as he investigates a new vulnerability in Apache Struts! This weakness enables attackers to remotely drop and call a web shell through a public interface.

GreyNoise researcher Jacob Fisher discusses the importance of reactive honeypots/sensors for accurate and comprehensive packet captures, along with his methodology for exploring real-world service exploitation.

Through further investigation into CVE-2022-28958 revealed that the vulnerability did not actually exist. This case serves as a reminder of the importance of thorough and rigorous vulnerability verification.

While the 10/10 CVE-2023-49103 got all the attention last week, organizations should not quickly overlook CVE-2023-49105!

File server and collaboration platform ownCloud publicly disclosed a critical vulnerability with a CVSS severity rating of 10 out of 10. This vulnerability, tracked as CVE-2023-49103, affects the "graphapi" app used in ownCloud.

Learn more about our new integration for Microsoft Sentinel that enhances threat intelligence capabilities for business security.

The Cybersecurity and Infrastructure Security Agency (CISA) has added a field to their Known Exploited Vulnerabilities (KEV) catalog that denotes if a KEV CVE has been used in ransomware attacks. 35% of those have a corresponding GreyNoise tag. See how together CISA and GreyNoise can help you stay even further ahead of our combined adversaries

Explore the high-severity vulnerability CVE-2023-29552 in the Service Location Protocol (SLP) that enables potential attackers to launch powerful Denial-of-Service (DoS) attacks. Learn about the potential impacts, the affected organizations, and the steps to mitigate this vulnerability. Discover how GreyNoise's new tag helps identify sources scanning for internet accessible endpoints exposing the SLP and how their customers can gain proactive protection.