Grey Noise

A comprehensive analysis of benign internet scanning activity from November 2024, examining how quickly and thoroughly various legitimate scanning services (like Shodan, Censys, and others) discover and probe new internet-facing assets. The study deployed 24 new sensors across 8 geographies and 5 autonomous systems, revealing that most scanners found new nodes within 5 minutes, with ONYPHE leading in first contacts.

Attackers exploit vulnerabilities within hours of PoC releases. Learn how GreyNoise provides real-time intelligence to detect and disrupt threats, helping defenders respond faster and stay ahead of evolving risks.

Discover why over 220 cybersecurity professionals ranked effective communication as the most undervalued skill in the industry. A Storm⚡️Watch podcast poll revealed the critical role "soft skills" play in bridging technical complexity with business needs. Explore real-world stories from industry experts who honed their communication abilities, from simplifying incident reports for executives to adapting technical messages for diverse audiences. Learn how emotional intelligence, adaptability, and clarity drive collaboration and success in cybersecurity. Dive into the full discussion for actionable insights on mastering this essential skill.

A new Censys report found 145,000 exposed ICSs and thousands of insecure human-machine interfaces (HMIs), providing attackers with an accessible path to disrupt critical operations. Real-world examples underscore the danger, with Iranian and Russian-backed hackers exploiting HMIs to manipulate water systems in Pennsylvania and Texas. GreyNoise research further highlights the urgency: attackers are actively scanning for HMIs and prioritizing Remote Access Services (RAS) over complex ICS protocols, making these easily accessible entry points prime targets for exploitation.

Discover insights from a multi-year APT campaign that exploited network perimeter vulnerabilities to target high-value entities, revealing critical gaps in edge device security. GreyNoise shares strategic intelligence and actionable steps for defending against these sophisticated threats, empowering security teams to strengthen their perimeter defenses against ongoing exploitation.

GreyNoise has discovered previously undisclosed zero-day vulnerabilities in IoT-connected live streaming cameras, leveraging AI to catch an attack before it could escalate. This marks one of the first instances where threat detection has been augmented by AI to discover zero-day vulnerabilities.

Joint U.S. and UK advisory identifies 24 vulnerabilities exploited by Russian state-sponsored APT 29, with GreyNoise detecting active probing on nine of these critical CVEs. Stay informed with real-time intelligence to prioritize patching and strengthen your organization's defenses against opportunistic cyber threats.

Deepfakes and disinformation campaigns are reshaping the election cybersecurity landscape, threatening the integrity of democratic processes. This final part of our series explores how AI-driven tools spread false narratives, erode trust, and increase polarization, while outlining the urgent need for public awareness, media literacy, and collaborative defense strategies to safeguard democracy in the digital age.

Discover how GreyNoise’s honeypots are monitoring exploit attempts on the SolarWinds Serv-U vulnerability (CVE-2024-28995). Gain insights into the specific files attackers target and how real-time data helps security teams focus on true threats. Read our full blog for detailed analysis.

Discover how phishing and social engineering threaten the 2024 U.S. elections in part three of our 'Election Cybersecurity' series. Learn how attackers exploit human vulnerabilities to compromise systems and how to defend against these evolving threats.

Discover the latest findings from Censys and GreyNoise on the real-world threats facing internet-exposed Industrial Control Systems (ICS). At LABSCon 2024, they revealed surprising research on how attackers prioritize common Remote Access Service (RAS) protocols over ICS-specific communication, highlighting key security challenges for critical infrastructure. Learn more about how internet-connected HMIs are rapidly targeted and the implications for ICS security.

GreyNoise reveals mysterious Noise Storms, spoofed traffic events linked to covert communications and China. Learn how these disruptions impact global networks and what security leaders can do to stay prepared.

Explore the critical role of state-sponsored actors in election interference in part two of our "Understanding the Election Cybersecurity Landscape" series. Learn about their tactics, such as cyberespionage and disinformation, and how they undermine democratic processes. Discover effective countermeasures to safeguard elections and protect public trust.

Dive into the fascinating and overlooked realm of Bluetooth Low Energy (BTLE) security in GreyNoise Labs' latest blog post. Learn techniques for remote device identification, uncover vulnerabilities, and explore the broader implications for IoT and healthcare.

The CISA KEV Catalog is a crucial resource for organizations to understand and prioritize actively exploited vulnerabilities. This blog post delves into three key insights from an analysis of the KEV Catalog, offering valuable strategies to enhance vulnerability management practices.

Discover how GreyNoise’s fresh, real-time vulnerability prioritization tool offers actionable insights into current threats, just like homemade tortillas are always better when made from scratch. Find out how to keep your security team ahead with up-to-date intelligence that ensures you’re tackling the most pressing vulnerabilities effectively.

GreyNoise is launching a multipart series on election cybersecurity. This series will cover the key threats and offer actionable steps to protect the integrity of our elections. Today, we start with an overview of the main risks and the adversaries involved. Stay tuned for insights on state-sponsored actors, phishing, social engineering, and the dangers of deepfakes and disinformation.

We've uncovered a path traversal vulnerability in the D-Link DIR-859 router that leads to information disclosure. This exploit allows extraction of account details and poses long-term risks since the product is End-of-Life and won't be patched.

Discover details about CVE-2024-28995, a path-traversal vulnerability in SolarWinds Serv-U, and see how a honeypot setup revealed diverse exploit attempts, including manual attacks. Learn how attackers bypassed filters and targeted specific files in this comprehensive analysis.

Examine the technical details of CVE-2024-4577, a serious remote code execution vulnerability in PHP affecting Windows deployments. Discovered by DEVCORE and demonstrated by watchTowr, this vulnerability exploits a 'best-fit' Unicode processing behavior in Windows.