Grey Noise

On Friday, April 21, 2023, CISA added CVE-2023-27350 (a critical unauthenticated remote code execution vulnerability) impacting PaperCut MF and PaperCut NG to the Known Exploited Vulnerabilities (KEV) list. PaperCut MF and PaperCut NG are both enterprise printer management software. 

GreyNoise, in conjunction with TrinityCyber, has observed active exploitation attempts using weaknesses found in CVE-2023-1389 against TP-Link Archer gigabit routers. This post provides information about a new GreyNoise tag for this activity as well as details on the exploit attempt and how organizations can keep themselves safe from harm.

GreyNoise is changing how we classify environment file crawlers from unknown intent to malicious intent. This change will result in the reclassification of over 11,000 IPs as malicious. Users who use GreyNoise’s malicious tag to block IPs based on malicious intent will see an increase in blocked IPs.

GreyNoise can help SOC teams reduce false positives by providing context to the alerts on internet-wide scanners, crawlers, and other suspicious activity that may trigger false alarms. So what can you do with ~8+ hours of your life back each week?

We recently built out a new Premium Feed for Anomali ThreatStream. Anomali customers can now pull in all malicious IPs GreyNoise has seen hitting our sensors in the past 24 hours, on a daily basis. 

GreyNoise is a powerful cybersecurity solution that provides valuable context on internet-wide scan and attack data. By collecting and analyzing this data, we help organizations distinguish between targeted attacks and background noise, reducing false positives and improving security operations efficiency and overall security outcomes for every organization that uses both our Visualizer or API. Today, we'll explore the GreyNoise integrations universe, discuss how these extensions can benefit every category of security tool and service, plus explain why both vendor flexibility and community support is essential.

Cyber threats are constantly evolving, and organizations need to stay on top of the latest techniques and tools to protect themselves against attacks. One of the most critical aspects of this is having an effective threat intel program in place. But how do you upgrade your program to keep up with the ever-changing threat landscape?

For April Fools this year, the GreyNoise team created GhostieBot, an Artificial Unintelligence bot serving you all the answers you didn’t need.

At GreyNoise, we're excited to announce that our Voluntary Product Accessibility Template (VPAT) is now available. We believe that everyone should have equal access to our product and service, regardless of their disabilities or abilities.

Take a deep dive into how we took our new feature IP Similarity from an idea to reality.

ChatGPT recently announced a "plugin" capability which lets their revolutionary chatbot and API reach out and touch external resources, enabling prompt engineers to — essentially — build complete, working applications. Unfortunately their examples contain an outdated component which attackers are actively exploiting in other contexts.

If you’re looking for an extremely wholesome conference to attend, look no further than PancakesCon. This conference requires speakers to talk about 2 things: (1) a brief talk about any cybersecurity topic and (2) a brief talk about something which is not IT-related. As you might imagine, this leads to some great talks!

Whether you’re working with netflow data collected from your own devices, flow logs from a cloud provider, or purchasing data from netflow providers, you may find it challenging to get immediate value out of it.

GreyNoise researchers explain the process of gaining a foothold in firmware or a physical device for vulnerability research and achieving a debuggable interface. While existing Proof-Of-Concept code for (yet another) D-Link vulnerability CVE-2022-1262 is utilized within this document, as well as strong hints at suspect areas of code, don’t expect to find any new ready-to-fire exploits buried in the contents below.

GreyNoise researchers continue their "week in the life of a GreyNoise sensor" series and take a deep dive into the non-benign activity that awaits systems and services that are connected to the internet.

Why are SOC Analysts struggling so much? In this blog you will learn how GreyNoise and Cribl work better together to solve this challenge. You can also watch GreyNoise founder & CEO, Andrew Morris' livestream video with Ed Bailey from Cribl.

Giving back to the cyber security community will always be a key part of the GreyNoise mission, so our free plan isn’t going anywhere. But there are a lot of benefits to a paid plan that may not be immediately obvious. Here are the 7 reasons you should upgrade, and when a paid plan might not be a good. fit for you.

The IP Timeline provides context to 60 days of data collected on an IP displayed in timechart format. Users can correlate the behavior of an IP they have seen in their data, learn what schedule an IP operates on, or gain a greater understanding of ownership and behavioral changes.

To create IP Similarity, we have been collecting, analyzing, and labeling internet background noise, and we have come to identify patterns among scanners and background noise traffic. We want to enable anyone to quickly sniff out these groups without synthesizing large amounts of raw data to find similar behavior combinations.