Grey Noise

If you want to know way too much about attacks against F5 BIG-IP devices, then this is the blog for you!

Our first-hand observations of how attackers leverage CVE-2023-46805 and CVE-2024-21887 to install cryptocurrency miners.

Get an overview of SnakeYAML deserialization vulnerabilities (CVE-2022-1471) - how it works, why it works, and what it affects.

In the blog we discuss the importance of securing your Atlassian products, provide valuable insights on various IP activities, and offer friendly advice on proactive measures to protect your organization.

See what predictions and hot takes our Storm Watch hosts have for 2024.

Discover the fascinating story of a GreyNoise researcher who found that attackers were using his demonstration code for a vulnerability instead of the real exploit. Explore the implications of this situation and learn about the importance of using accurate and up-to-date exploits in the cybersecurity community.

Discover what our amazing researcher Matthew Remacle uncovers as he investigates a new vulnerability in Apache Struts! This weakness enables attackers to remotely drop and call a web shell through a public interface.

GreyNoise researcher Jacob Fisher discusses the importance of reactive honeypots/sensors for accurate and comprehensive packet captures, along with his methodology for exploring real-world service exploitation.

Through further investigation into CVE-2022-28958 revealed that the vulnerability did not actually exist. This case serves as a reminder of the importance of thorough and rigorous vulnerability verification.

While the 10/10 CVE-2023-49103 got all the attention last week, organizations should not quickly overlook CVE-2023-49105!

File server and collaboration platform ownCloud publicly disclosed a critical vulnerability with a CVSS severity rating of 10 out of 10. This vulnerability, tracked as CVE-2023-49103, affects the "graphapi" app used in ownCloud.

Learn more about our new integration for Microsoft Sentinel that enhances threat intelligence capabilities for business security.

The Cybersecurity and Infrastructure Security Agency (CISA) has added a field to their Known Exploited Vulnerabilities (KEV) catalog that denotes if a KEV CVE has been used in ransomware attacks. 35% of those have a corresponding GreyNoise tag. See how together CISA and GreyNoise can help you stay even further ahead of our combined adversaries

Explore the high-severity vulnerability CVE-2023-29552 in the Service Location Protocol (SLP) that enables potential attackers to launch powerful Denial-of-Service (DoS) attacks. Learn about the potential impacts, the affected organizations, and the steps to mitigate this vulnerability. Discover how GreyNoise's new tag helps identify sources scanning for internet accessible endpoints exposing the SLP and how their customers can gain proactive protection.

Despite each’s similar purpose of early threat detection, honeypots and honeytokens vastly differ in deployment, interaction, and scope. Let's delve into the various aspects that contribute to the misunderstanding and clarify the distinctive features of each.

The GreyNoise Labs team shares one way to dig into HTTP content in PCAPs generated by our Early Access Program sensors.

Citrix's NetScaler ADC and NetScaler Gateway have, once more, been found to have multiple vulnerabilities, tracked as CVE-2023-4966 and CVE-2023-4967. Read this blog to get all the details.

Explore an in-depth analysis of the critical software Web UI Privilege Escalation Vulnerability, CVE-2023-20198, in Cisco IOS XE. Learn about its exploitation in the wild, the threat it poses, and the current lack of a patch. Understand how it's leveraged for initial access and the subsequent delivery of an implant through an undetermined mechanism. Also discover how GreyNoise can help provide timely intelligence surrounding activity related to these Cisco IOS XE systems.‍

Discover Precursor, a revolutionary tool for payload similarity analysis in data science and cybersecurity. Dive deep into its features, potential applications, and how it can enhance your work in threat intelligence, malware detection, and network traffic analysis. Learn more now!"

On October 11th, 2023, a heap-based buffer overflow in curl was disclosed under the identifier CVE-2023-38545. The vulnerability affects libcurl 7.69.0 to and including 8.3.0. Vulnerable versions of libcurl may be embedded in existing applications. However, to reach the vulnerable code path, the application must be configured to utilize one of the SOCKS5 proxy modes and attempt to resolve a hostname with extraneous length.