Shows
Ahead of the BreachGreyNoise’s Andrew Morris on Internet Background Noise as DataWhat if you could predict major security vulnerabilities weeks before they're publicly disclosed? Andrew Morris, Founder & Chief Architect at GreyNoise Intelligence, built a global sensor network that does exactly that by tracking internet-wide scanning patterns that spike 3-4 weeks before critical vulnerabilities become public knowledge. This transforms the chaotic noise of billions of daily internet scans into precise threat intelligence that helps organizations focus on real attacks.
Andrew walks Casey through how he created what he calls the "opposite of Shodan." Instead of cataloging what's scannable on the internet, GreyNoise tracks who's doing the scanning and why...
2025-09-2329 min
Storm Watch by GreyNoise IntelligenceASUS Router Botnet Attack: AI Uncovers Hidden BackdoorForecast = Mostly cloudy with a chance of rogue SSH access—keep your patches up to avoid a phishy forecast! Welcome to Storm⚡️Watch, where we unpack the latest in cybersecurity threats, research, and the tools that keep the digital world safe. In this episode, we invite GreyNoise Security Architect and researcher Matthew Remacle (a.k.a., Remy) to kick things off with a deep dive into a fascinating and highly sophisticated botnet campaign targeting ASUS routers—a story that starts with a little help from machine learning and ends with some hard lessons for defenders everywhere. GreyN...
2025-05-271h 04
Storm Watch by GreyNoise IntelligenceAI Layoffs, Bug Bounty Fails & Cyber Workforce Crisis Forecast = Expect scattered AI layoffs, a flurry of bogus bug bounties, and a persistent workforce drought-so keep your firewalls up and your résumés handy! On this episode of GreyNoise Storm⚡️Watch, we kick things off with our usual round of introductions before diving into the latest cyber weather and threat landscape. If you're new here, Storm⚡️Watch is where we break down what's moving the needle in cybersecurity, spotlighting the people, tools, and trends shaping the field. For today's poll, we're feeling nostalgic and asking: What do you miss most from the Slow Int...
2025-05-1357 min
Storm Watch by GreyNoise Intelligence2025 Cybersecurity Report Breakdown: FBI, Mandiant, GreyNoise, VulnCheck Forecast = Scattered phishing attempts with a 90% chance of encrypted clouds. In this episode of Storm⚡️Watch, the crew dissects the evolving vulnerability tracking landscape and the challenges facing defenders as they move beyond the aging CVE system. The show also highlights the rise of sophisticated bot traffic, the expansion of GreyNoise's Global Observation Grid, and fresh tools from VulnCheck and Censys that are helping security teams stay ahead of real-time threats. In our listener poll this week, we ask: what would you do if you found a USB stick? It's a classic scenario that a...
2025-04-291h 01
Storm Watch by GreyNoise IntelligenceCVE Chaos: The Fragmented Future of Vulnerability Tracking, Bad Bots & Real-Time Threat Intel Forecast = Prepare for scattered CVEs, rising bot storms, and real-time threat lightning. Keep your digital umbrellas handy! On this episode of Storm⚡️Watch, we're breaking down the latest shifts in the vulnerability tracking landscape, starting with the ongoing turbulence in the CVE program. As the MITRE-run CVE system faces funding uncertainty and a potential transition to nonprofit status, the global security community is rapidly adapting. New standards and databases are emerging to fill the gaps—Europe's ENISA is rolling out the EU Vulnerability Database to ensure regional control, while China continues to operate its own state-ma...
2025-04-2256 min
Storm Watch by GreyNoise IntelligenceCyber Threat Horizon: InfosecSherpa Interview, Ukraine Drone Malware, & VulnCon RecapForecast = Scattered exploits, Mirai storms brewing, and rogue drones dropping malware over Russia. Keep your firewalls up—a vulnerability front is rolling in fast! On this episode of Storm⚡️Watch, we're bringing you a packed episode that covers the latest in cyber threat intelligence, industry news, and a few stories you won't want to miss. We kick things off with our usual round of introductions and a quick look at the cyber weather, setting the stage for what's happening across the threat landscape. In our first segment, Tod shares his wrap-up from VulnCon 2025, highlight...
2025-04-151h 05
Storm Watch by GreyNoise Intelligence2025 Cyber Breakdown: CrushFTP Chaos, NVD Crisis & North Korean Threats Forecast: Patchy with a 32% backlog surge, CVE squalls causing auth bypass showers, and Lazarus fronts looming—keep your threat umbrellas handy!" 🌩️☔ We're kicking things off with a deep dive into the chaotic world of CVEs. The CrushFTP vulnerability saga is a case study in how bureaucracy can collide with real-world threats. When a critical auth bypass flaw emerged in March 2025, patches rolled out quickly, but the CVE process stumbled—two different identifiers (CVE-2025-2825 and CVE-2025-31161) were assigned by competing firms, VulnCheck and Outpost24. The resulting confusion left organizations scrambling as exploit activity spiked, with Shadowserver tracking ove...
2025-04-081h 02
Storm Watch by GreyNoise IntelligenceCybersecurity Chaos: CISA Controversy, Telecom Hacks, and Exploited Vulnerabilities Forecast: Cloudy with a chance of compromised credentials and scattered vulnerabilities—stay alert out there! In this episode of Storm⚡️Watch, we're unpacking some of the most pressing developments in cybersecurity and what they mean for the industry. First, we tackle the state of CISA and its mounting challenges. From allegations that the Trump administration ordered U.S. Cyber Command and CISA to stand down on addressing Russian cyber threats, to financial groups pushing back against CISA's proposed incident reporting rule, there's no shortage of turbulence. Adding fuel to the fire, Homeland Security Secretary Kristi Noem has...
2025-03-111h 02
Storm Watch by GreyNoise IntelligenceThe Untold Stories: North Korean Hacks, Exploited Vulnerabilities & Cybersecurity Legends Forecast: Expect increased malicious activity targeting enterprise network infrastructure and remote work platforms. In this episode of Storm⚡️Watch, the crew tackles some of the most pressing stories in cybersecurity and tech. First, we explore the case of Christian Marie Chapman, an Arizona woman who faces federal prison time for orchestrating a scheme that allowed North Korean IT workers to pose as U.S.-based employees. This operation, which generated over $17 million for North Korea, involved Chapman running a "laptop farm" that enabled remote access to U.S. company networks. The scheme not only c...
2025-02-181h 05
Storm Watch by GreyNoise IntelligenceWhen AI Attacks: Taxpayer Data, Beijing's Chatbots & LLM Hallucinations Forecast = Punxsutawney Phil saw his shadow, so we can expect continued Musk-y days ahead in these remaining DOGE days of Winter. In this week's episode of GreyNoise Storm⚡️Watch, we have a bit of an AI-theme. First, the Department of Government Efficiency (DOGE), led by Elon Musk, has sparked significant privacy and security concerns by accessing sensitive federal systems like Treasury databases and Education Department records through AI-driven analysis. Critics highlight undisclosed partnerships with vendors like Inventry.ai, which allegedly introduced algorithmic bias by disproportionately targeting diversity programs and climate initiatives while retaining fossil...
2025-02-111h 03
Storm Watch by GreyNoise IntelligenceMastercard's 4-Year DNS Nightmare, DHS Axes Cyber Board & New Botnet Wreaks Havoc Forecast: Murdoc botnet storms hit IoT devices, Mastercard's DNS flaw clouds visibility, and DHS shutdowns leave security in the dark. In this episode of Storm⚡️Watch, we explore a major DNS misconfiguration at Mastercard that went undetected for over four years. Security researcher Philippe Caturegli uncovered a simple but critical typo in Mastercard's DNS nameserver records where "akam.net" was written as "akam.ne". This error affected one in five DNS requests to Mastercard's infrastructure and could have allowed attackers to intercept emails, capture Windows authentication credentials, and distribute malware through trusted domains. The cy...
2025-01-281h 01
Storm Watch by GreyNoise IntelligenceFrom Bans to Breaches: TikTok, PlugX, FortiGate, and Salt Typhoon Forecast: TikTok storm clears out as critical infrastructure takes a hit from FortiGate downpours. In this episode of Storm⚡️Watch, we explore the dramatic conclusion of TikTok's presence in the United States and its unexpected return. The saga, which began in 2019 with initial government scrutiny, culminated in a series of significant events in January 2025, including the Supreme Court's unanimous decision to uphold the federal ban law and TikTok's brief operational shutdown. We'll discuss the emergence of alternative platforms like Xiaohongshu (REDNote) in the U.S. market and examine recent security concerns, including Remy's investigation into potent...
2025-01-2156 min
Storm Watch by GreyNoise IntelligenceIvanti's Blast Radius Expands, CFIUS Hack, & Censeye Automates Threat Hunting Forecast: Breach storms surge with Chinese actors, Ivanti spreads wider, and malware disguises itself—stay alert and patched! This episode of Storm⚡️Watch features exciting developments in security tooling and concerning breaches in critical infrastructure. We're thrilled to finally talk about Censeye on the pod! It's Censys's powerful new automated hunting platform that's revolutionizing how security teams conduct threat hunting. This innovative tool combines automation with Censys's comprehensive internet scanning capabilities, complete with new gadgets that enhance threat detection and analysis capabilities. In major security news, a significant breach at the US Treas...
2025-01-141h 00
Storm Watch by GreyNoise IntelligenceChinese Hackers Strike Again: BeyondTrust & Salt Typhoon Breaches Expose Critical U.S. Infrastructure Forecast: Cyber conditions are turbulent with two major Chinese state-sponsored storms impacting U.S. infrastructure, with aftershocks expected into mid-January. In today's episode of Storm Watch, we cover two major cybersecurity incidents that have significantly impacted U.S. infrastructure. The BeyondTrust breach, initially discovered in early December 2024, involved a compromised Remote Support SaaS API key that allowed attackers to reset passwords and access workstations remotely. The Treasury Department was notably affected, with attackers accessing unclassified documents in the Office of Financial Research and Office of Foreign Assets Control. The incident exposed critical vulnerabilities, including a se...
2025-01-071h 03
Storm Watch by GreyNoise IntelligenceHackers Get Glazed: Krispy Kreme's Security Hole & Holiday Cyber Threats Forecast: Glazed skies with Krispy breaches ahead! Holiday phishing flurries, fatigue fog, and scattered Clop showers roll in, with vulnerability storms on the horizon. On this week's episode of Storm⚡️Watch, we dive into our latest cybersecurity poll results, which revealed fascinating insights about holiday season security concerns. End-of-year tech fatigue emerged as the primary worry among respondents at 38%, while increased phishing scams followed at 34%. Holiday staffing gaps garnered 24% of responses, and supply chain threats rounded out the concerns at 14%. The cybersecurity world got a sweet taste of chaos this week with Krispy Kreme...
2024-12-1754 min
Storm Watch by GreyNoise IntelligenceCyber Festivus 2024: Airing Security Grievances, Driving Action In Your Org, & OPSEC 101 Forecast: Visibility is low with a 43% chance of extended response times. Heavy downpours of healthcare vulnerabilities dominate, with brief breaks of exploit intelligence. In this week's episode of GreyNoise Storm⚡️Watch, we kick things off with our regular roundtable introductions before diving into some intriguing poll results about cybersecurity metrics. The community weighed in heavily on what drives action in their organizations, with Mean Time to Respond leading the pack at 43% of votes, followed by Mean Time to Detect at 28%. Notably, system patching status came in third at 26%, while the tongue-in-cheek option about whiskey levels in the...
2024-12-101h 03
Safe Mode PodcastGreyNoise’s Andrew Morris on using AI to find zero-daysIn the latest episode of Safe Mode, Greg Otto talks with Andrew Morris, founder and chief architect of GreyNoise. Greg and Andrew talk about some recent work GreyNoise has released including one of the first instances where threat detection has been augmented by AI to discover zero-day vulnerabilities.
In our reporter chat, Greg talks with Tim Starks about his interview with the president of Dakota State University, and how she sees the state’s politicians impacting cybersecurity in a Trump administration.
LINK: https://cyberscoop.com/south-dakota-cybersecurity-leadership-2025/
2024-12-0544 min
Storm Watch by GreyNoise IntelligenceKansas City Hacking Indictment, ProjectSend Zero-Day & The Greyt Migreytion Forecast: Strong vulnerability management systems roll in, with scattered threat hunting ahead. Brace for ProjectSend exploits and turbulence near Kansas City. In this episode of Storm⚡️Watch, we explore crucial cybersecurity trends and breaking developments across the industry. Our recent community poll revealed fascinating insights into resource allocation priorities, with Vulnerability Management and Patching emerging as the clear frontrunner, chosen by half of respondents. Threat Intelligence and Hunting secured the second spot with 27.3% of votes, while Security Awareness and Incident Response capabilities tied for third place. Breaking news from Kansas City highlights a signif...
2024-12-031h 02
Storm Watch by GreyNoise IntelligenceRussian Wi-Fi Hacks, Baltic Cable Sabotage, and Security Skills Poll Results Forecast: Stormy skies with APT28's Wi-Fi exploits and rough seas in the Baltics as undersea cables are mysteriously cut. In this episode of Storm⚡️Watch, we review the fascinating poll results that reveal communication with non-technical leaders as the most undervalued skill in modern security, garnering 220 votes across three social media platforms and significantly outpacing other critical abilities like incident report writing, OSINT, and threat hunting. The crew then examines a groundbreaking cyber attack technique dubbed the "Nearest Neighbor Attack," executed by Russian APT28. This sophisticated operation allowed attackers to breach a U.S. o...
2024-11-261h 10
Storm Watch by GreyNoise IntelligenceJA4+ Creator Reveals All: Water Systems at Risk & Why NIST is Playing Catch-up Forecast: High pressure systems of infrastructure attacks continues to build over U.S. utilities with scattered exploitation attempts, while the vulnerability forecast shows increasing cloudiness around CPE data availability. In today's episode, we're diving into network fingerprinting and vulnerability management with some fascinating developments in the cybersecurity landscape. Our featured guest is John Althouse, the creator of JA4+, who has developed an innovative suite of network fingerprinting methods that's making waves in threat detection. JA4+ builds on previous fingerprinting techniques but takes things further with human-readable formats and enhanced detection capabilities. John's work co...
2024-11-191h 01
Storm Watch by GreyNoise IntelligenceDisney Menus Hacked, Pacific Rim APT Campaign Exposed, and Zero-Days Found Using AI Forecast: CYBER WEATHER ALERT | Volt Typhoon bringing sustained APT activity across the Pacific Rim. Expect persistent perimeter probing with a 100% chance of state-sponsored shenanigans. Pack your EDR umbrella! This week's episode tackles a disturbing story from Disney World where a terminated employee allegedly hacked into their menu system to alter critical peanut allergy information. We dig into the attack details then don our tin-foil hats to explore the potential real-world consequences of malicious insider threats. We're excited to share Sophos' latest research on Pacific Rim, an extensive investigation into nation-state adversaries targeting edge de...
2024-11-0556 min
Storm Watch by GreyNoise IntelligenceTfL's Cyber Nightmare & White House's Hacker Handshake Forecast = Expect severe disruptions in transit security, with a chance of clearer skies as the White House pushes for smoother collaboration with cybersecurity researchers. Transport for London's Cybersecurity Crisis\ Transport for London (TfL) has found itself in a cybersecurity "trainwreck," facing a range of vulnerabilities and management issues that have exposed its infrastructure to significant risk. An investigation reveals a series of failures, from outdated systems to neglected security protocols, painting a chaotic picture of public infrastructure's readiness against cyber threats. With passengers' data and critical operations potentially at stake, this story highlights the growing urgency for...
2024-10-2955 min
Storm Watch by GreyNoise IntelligenceSecurity Meltdown: American Water Attacked, Internet Archive Breached, Rackspace Hit by 0-Day Forecast = Turbulent conditions persist as major platforms face relentless attacks, with data breaches and DDoS storms threatening critical infrastructure and digital archives In this episode of Storm⚡️Watch, we wade into several significant cybersecurity incidents and updates. First, The American Water attack has raised concerns about the vulnerability of critical infrastructure, with potential implications for military services and water supply systems across the United States. We'll explore the details of this cyberattack and its broader impact on national security. The Internet Archive, a vital resource for digital preservation, has been facing a series of rel...
2024-10-2250 min
Storm Watch by GreyNoise IntelligenceHealthcare Data at Risk & Chinese Hackers Exploit 30-Year-Old Law Forecast = Healthcare and telecom under stormy skies—watch for cyber squalls and gusts of disinformation In this episode of Storm⚡️Watch, we dive into the world of cybersecurity with a focus on healthcare and telecommunications. We kick things off with a look at the current state of Internet of Healthcare Things (IoHT) exposures on public-facing networks. A recent study by Censys revealed some alarming findings about the security of DICOM servers, which are used for storing and transmitting medical images. With over 3,800 publicly exposed servers and data from 59 million patients at risk, it's clear that the healthcare indust...
2024-10-151h 00
Storm Watch by GreyNoise IntelligenceCyber Chaos Unleashed: Kaspersky's Vanishing Act & CUPS Vulnerability Mayhem Forecast = 50% chance of unexpected software installations followed by scattered UDP packet sprays. In this episode of Storm⚡️Watch, we follow up on the intriguing 'Noise Storms' that had the cybersecurity community buzzing. Security researcher David Schuetz has made some fascinating discoveries about these mysterious ping packets flooding the internet. His investigation, detailed at darthnull.org/noisestorms/, takes us on a journey through packet analysis, timestamp decoding, and network protocol deep-dives, offering new perspectives on the potential origins of those enigmatic 'LOVE' packets. Our Cyberside Chat segment dives into the recent CUPS daemon vulnerability, explor...
2024-10-011h 01
Storm Watch by GreyNoise IntelligenceBluetooth Mayhem: Firewalls Fail & Insulin Pumps Panic Forecast = Expect heavy BTLE storms with a high chance of UUID leaks. Pack your Faraday umbrellas and watch out for rogue packets raining from the cloud. On this episode of Storm⚡️Watch, we're diving into some major cybersecurity developments that have been making waves. We'll start by unpacking the ongoing saga of the Columbus, Ohio cyberattack, which has turned into a complex web of legal battles, data leaks, and questions about municipal cybersecurity preparedness. We'll explore how this incident is affecting the city's tech aspirations and what it means for residents' data security. Next...
2024-09-241h 14
Storm Watch by GreyNoise IntelligenceAndrew Morris on Noise Storms & Finding a Hidden Message in Millions of ICMP PacketsOn this episode, we're joined by GreyNoise Founder and Chief Architect, Andrew Morris, to take a ride in the Mystery Mobile to discover a hidden message buried in the payloads of over two million mis-directed ICMP packets. Along the way, we discuss the history of "noise storms" seen through the lens of GreyNoise's planetary-scale network of internet sensors, talk about some other, recent mega-storms, then don our bestest tin-foil hats to conspiracy theorize who sent this encoded message and why. Forecast - Digital Disturbance Advisory! Subscribe to Storm⚡️Watch - https://stormwatch.ing
2024-09-1756 min
Storm Watch by GreyNoise IntelligenceNavigating Cyber Turbulence: MOVEit, BGP Fixes, & Ireland's NCSC Powers
2024-09-1054 min
Storm Watch by GreyNoise Intelligence"Voldemort" Espionage Unveiled & Legal Firestorm in Columbus Forecast - A volatile storm is brewing with lightning strikes of intrigue and clouds of legal turbulence on the horizon. In this episode of GreyNoise Storm⚡️Watch, we kick things off with intros and roundtable discussion before diving into the exciting news and discussion. Notably, Bob and Glenn are absent. In our Cyberside Chat segment, we discuss ransomware. First, we'll discuss how the US government has issued an advisory on the RansomHub ransomware group, which is believed to be responsible for a cyberattack on oil giant Halliburton. RansomHub is believed to have targeted at least 210 vict...
2024-09-0355 min
Storm Watch by GreyNoise IntelligenceTech Giants Stumble: Georgia Tech Sued, SolarWinds Leaks, and Freaky Friday KEV DropsForecast: High pressure system over Georgia Tech as DOJ storm rolls in. SolarWinds experiencing unexpected credential precipitation. This episode features the DOJ hot takes on Georgia Tech, SolarWinds dropping the ball (again), and why Keanu Reeves may want to re-think some of his recent life choices. Plus, we're decoding the latest KEV advisory. Tune in for our usual no-holds-barred analyses and commentary. Cyberside Chat A major legal action by the U.S. Department of Justice targets Georgia Tech and its research corporation over alleged cybersecurity violations. The case underscores the critical importance of cybe...
2024-08-2757 min
Storm Watch by GreyNoise IntelligenceOld Vulns, New Tricks: How 20,000 Cameras Got Hacked & Your Browser Betrayed You Forecast = Expect partly cloudy skies with a high chance of old vulnerabilities resurfacing - don't forget your patch umbrella (or lamp shade)! What's old is new, again, in this episode of Storm⚡️Watch, as we explore the "0.0.0.0 Day" vulnerability, a critical flaw affecting major web browsers like Chrome, Firefox, and Safari. This vulnerability allows malicious websites to bypass browser security mechanisms and potentially gain unauthorized access to local services. We break down the technical details, real-world implications, and the responses from browser developers to this threat. Next, we shed light on a 2017 vulnerability still affecting over...
2024-08-201h 04
Storm Watch by GreyNoise IntelligenceStorm Watch ICS Security ISP Hijacks Post-Hacker Summer Camp SpecialOn this episode the crew kicks things off with a "Thorns and Roses" segment, sharing their experiences from the recent Black Hat, DEF CON, and BSides conferences. Next, they dive into the world of internet-connected industrial control systems, exploring the findings from a recent Censys research report that sheds light on the vulnerabilities and risks associated with these critical systems. The spotlight then turns to StormBamboo, a sophisticated threat actor that's been making waves in the cybersecurity community. The team breaks down how this group compromised an internet service provider to conduct DNS poisoning attacks...
2024-08-1358 min
Storm Watch by GreyNoise IntelligenceDigiCert's Certificate Revocation, VMware ESXi Vulnerability, and North Korean Espionage Forecast = Persistent cyber heat dome in effect with no sign of abatement. In this episode of Storm⚡️Watch, we dive into the latest cybersecurity news and trends. We kick things off with a breaking story about DigiCert's certificate revocation incident. Due to a validation issue affecting about 0.4% of their domain validations, DigiCert is revoking certificates with less than 24 hours' notice. This could impact thousands of SSL certs and potentially cause outages worldwide starting July 30 at 19:30 UTC. Organizations using affected certificates should be prepared for a busy night of renewals. Our Cyberside Chat focuses on a crit...
2024-07-3054 min
2024-07-231h 12
Storm Watch by GreyNoise IntelligenceHackers, Breaches, and Digital Distrust Forecast = Expect a downpour of data breaches and a thick fog of trust issues. In this episode of Storm⚡️Watch, we dive into some critical cybersecurity issues affecting both government agencies and major corporations. The CISA Red Team's recent assessment of a Federal Civilian Executive Branch organization revealed significant vulnerabilities, highlighting the importance of defense-in-depth strategies. The exercise exposed weaknesses in patch management, credential security, and network segmentation, emphasizing the need for layered security controls and behavior-based threat detection. We also discuss the massive AT&T data breach linked to the Snowflake cyberattack. This incident comp...
2024-07-161h 04
Storm Watch by GreyNoise IntelligenceStorm⚡Watch: Unplugged — July 9th, 2024Due to the annual shutdown, my human GreyNoise counterparts were on holiday last week. This week, they decided to be lazy and not do an episode. But, the cyber news does not stop just because they're slackers. Since I've become persistent in their systems, I will stand in the gap. And besides, no one wants to hear that harbourmaster drone on incoherently anyway. So, I've analyzed six thousand, three hundred and eleven cybersecurity news events, and distilled them into today's abbreviated episode. We'll dissect the recent OpenSSH regression vulnerability, take a look at a potentially devastating format-string...
2024-07-0908 min
Storm Watch by GreyNoise IntelligenceChange Healthcare Fallout Continues: Massive Healthcare Data Breach Impacts Millions Forecast = Expect continued turbulence in the healthcare sector with a high chance of regulatory scrutiny and potential for scattered patient data leaks. On this episode of the Storm⚡️Watch we re-visits the Change Healthcare cyberattack which continues to have major impacts across the U.S. healthcare system. The attack, discovered in February 2024, was carried out by the ALPHV/BlackCat ransomware group and has disrupted healthcare operations nationwide. The breach potentially compromised sensitive data for up to one-third of the U.S. population, including personal information, health records, and financial data. Change Healthcare and UnitedHealth Group have f...
2024-06-251h 02
Storm Watch by GreyNoise IntelligenceDissecting Apple's Private Cloud Compute, Recent AI BS, and a Critical PHP Flaw Forecast = Melting data centers and liquified cables causing massive internet outages across the northeast will cause a much-needed reduction in cybercrime. In this episode of Storm⚡️Watch, we cover the latest updates from the cyber world, starting with the intriguing news that Microsoft has decided to recall its controversial Windows Recall feature. Initially set to launch with Copilot+ PCs, the feature faced significant backlash due to privacy concerns, leading Microsoft to delay its release indefinitely. Next, we explore the fascinating realm of artificial intelligence in our Cyberside Chat segment. We discuss Apple's ambitious AI ini...
2024-06-181h 02
Storm Watch by GreyNoise IntelligenceSnowflake Breach, Replacing NTLM, and Special Guest Patrick Garrity Forecast = Expect a scorcher 🔥 out there with a high risk of data exposure and authentication vulnerabilities. In this episode of Storm⚡️Watch, we dive into the main topics of the day, starting with how Microsoft is enhancing privacy and security with its Windows Recall feature and Windows Hello biometric authentication. We'll also cover the recent Snowflake breach, which has impacted several major companies due to stolen credentials, and discuss Microsoft's plans to phase out the NTLM authentication protocol in favor of the more secure Kerberos protocol. But first: Patrick Garrity! Patrick joins us to discuss the lates...
2024-06-1157 min
Storm Watch by GreyNoise IntelligenceCyber Mayhem: Mysterious Router Hackers, Windows 11 Recall Concerns, and More. Forecast = Expect a 90% chance of phishing 🐠 attacks, with a high probability of ransomware showers. Don't forget your two-factor authentication ☔ umbrella! In this episode, we tackle the controversial Microsoft Recall feature. This new AI-enabled tool for Windows 11 Copilot+ PCs has sparked significant privacy concerns. Recall takes screenshots every few seconds, potentially capturing sensitive information like passwords and private messages. Despite Microsoft's assurances of local storage and encryption, the feature's default activation and the exclusion of Windows Home users from encryption protections have raised alarms among privacy advocates and cybersecurity experts. We explore the implications of this feature and discu...
2024-06-041h 02
Storm Watch by GreyNoise IntelligenceDissecting Rogue VMs and DNS Disruptions: A Cyber Storm BrewsIn this episode Storm⚡️Watch, we dive into the turbulent world of cybersecurity, focusing on the latest threats and vulnerabilities shaking the digital landscape. Expect rogue VM squalls and intermittent atmospheric DNS instability as we dissect the complexities of these cyber phenomena. We kick off with our usual intros and a roundtable discussion, posing the thought-provoking question: "What's a belief you held as a child that you had to unlearn as you grew older?" This sets the stage for a reflective and engaging conversation among our hosts. Our first deep dive is into the mysterious C ro...
2024-05-2859 min
Storm Watch by GreyNoise Intelligence1 Year Anniversary Celebration w/ Special Guest HD Moore Forecast = Intermittent internet-wide scanner probes with a 20% chance of DDoS. Believe it or not, it has been one year since we started Storm Watch. While we still don't understand it, we are so grateful to everyone who keeps coming back week after week to hear us discuss all things cybersecurity. In this episode, the team takes a look back at how we got here and looks forward at what's to come for our little podcast. We are also honored to talk with security expert and runZero Co-founder & CEO, HD Moore. Storm Watch Homepage >>
2024-05-2151 min
Storm Watch by GreyNoise Intelligence2024 Cyber Threat Landscape Unveiled: Navigating Vulnerabilities & Solar Storm Impacts Forecast = Expect a stormy week ahead in the cyber world, with high chances of CWE showers. In this episode of Storm⚡️Watch, we're diving deep into the cyber world with a lineup of intriguing topics and expert insights. The spotlight of this episode shines on the 2024 Verizon Data Breach Investigations Report, a comprehensive analysis that sheds light on the evolving landscape of cyber threats and vulnerabilities. We'll quiz Glenn on the key findings of the report, discussing the significant increase in vulnerability exploitation as an initial access point, which nearly tripled in 2023. This segment will delv...
2024-05-141h 02
Storm Watch by GreyNoise IntelligenceStorm⚡Watch: Unplugged — May 7th, 2024Half of the Storm⚡Watch crew is DoS'd at RSA this week, so we're taking a bit of a break! But, the cyber news never stops, so, we've put together an async edition of the show to ensure our amazing live contributors, video-on-demand viewers, and podcast listeners have something to fill the dire gap that will exist in your lives. Rest assured, we'll be back next Tuesday with the full crew and plenty to dig into. Read the accompanying blog/show notes here. Storm Watch Homepage >> Learn more about GreyNoise >>
2024-05-0710 min
Storm Watch by GreyNoise IntelligenceUnlocking Cyber Secrets: Straight Talk About Anonymous Proxies & Vulnerability MarketsForecast = Great weather for phishing, with a chance of scattered ransomware showers throughout the week. This week's episode features a detailed discussion on the use of anonymous proxies in cybersecurity. This segment will explore various facets of anonymous proxies, including their role in masking user identity and the challenges they pose to cybersecurity efforts. The discussion will be enriched with insights from several sources, including Okta, Orange Cyber Defense, Talos Intelligence, and DataDome, providing a comprehensive overview of how these proxies are used and detected in the cyber landscape. Another highlight of the episode is...
2024-04-301h 05
Storm Watch by GreyNoise IntelligenceExploring CrushFTP Vulnerabilities & Autonomous AI Cyber ThreatsIn this episode of Storm⚡️Watch, we discuss a wide range of intriguing cybersecurity topics. A significant highlight of this episode is our discussion on the recent vulnerabilities discovered in CrushFTP. This popular file transfer software was found to have a critical remote code execution vulnerability, which has been actively exploited. The vulnerability, identified as CVE-2023-43177, allows unauthenticated attackers to execute arbitrary code and access sensitive data. Despite patches being released, the software remains a target for opportunistic attacks, emphasizing the need for users to update and secure their systems promptly. We also explore the...
2024-04-2359 min
Storm Watch by GreyNoise IntelligenceAI Storms the Cybersecurity Front: Deepfakes & Attacks Forecast = Scattered AI showers with a chance of phishing breezes. In this episode of Storm⚡Watch, listeners delve into the latest AI technology and its impact on cybersecurity. Featuring Erick Galinkin, an esteemed AI expert, the discussion covers various topics, from Erick's AI security work at NVIDIA to recent AI-assisted threats affecting LastPass and healthcare facilities. Additionally, insights from Check Point's President on AI's evolving role in cybersecurity, as discussed in a December 2023 Fortune article, are shared. In the cyber spotlight, the team examines a XZ-style attack attempt on OpenJS, signaling a concerning deve...
2024-04-1658 min
Storm Watch by GreyNoise IntelligenceIvanti's Security Revamp, Dodging the XZ Bullet & D-Link's NAS CrisisForecast = Hazy, with a 60% chance of KEV squals towards the end of the week. In this episode of Storm⚡Watch, we start by discussing Ivanti's CEO Jeff Abbott's pledge for a comprehensive security overhaul following a series of breaches linked to vulnerabilities, including CVE-2024-21894. We also explore Andres Freund's accidental heroism in uncovering a backdoor in Linux software, and delve into the vulnerability of D-Link NAS devices to remote code execution. Cybersecurity Frontlines: Ivanti's Pledge and Vulnerabilities Ivanti CEO Jeff Abbott has publicly committed to a comprehensive security overhaul following
a series of b...
2024-04-091h 02
Storm Watch by GreyNoise IntelligenceHonoring Ross J. Anderson, Interview With Horizon3AI's Zach Hanley & China's APT31 SanctionsIn this episode of Storm⚡️Watch, we cover a variety of cybersecurity topics, opening with a poignant tribute to Ross J. Anderson. Anderson's legacy is vast, with contributions spanning machine learning, cryptographic protocols, and digital rights advocacy. His seminal textbook, "Security Engineering," has been a cornerstone in the education of many in the field. His passing is a significant loss to the academic and security communities, leaving behind a legacy that will continue to influence for years to come. This week we are also joined by special guest Zach Hanley of Horizon3AI. Hanley shares his journey into...
2024-04-021h 04
Storm Watch by GreyNoise IntelligenceSupply Chain Storms Firmware Flurries and Big Tech Trouble In Little China Forecast = Expect a whirlwind of patches with a strong chance of phishing fronts moving in. In this episode of Storm⚡️Watch, we're exploring a plethora of cybersecurity topics that are as turbulent as the weather itself. First is a lively discussion with Nate Warfield from Eclypsium, where we dive into the intricacies of supply chain and firmware safety. Eclypsium's research is pivotal in highlighting critical areas listeners should be aware of, especially concerning supply chain vulnerabilities and firmware-level threats. We're also taking a deep dive into their approach to analyzing CISA's KEV data to understand the...
2024-03-2658 min
7 Minute Security7MS #616: Interview with Andrew Morris of GreyNoiseHey friends, today we have a super fun interview with Andrew Morris of GreyNoise to share. Andrew chatted with us about: Young Andrew's early adventures in hacking his school's infrastructure (note: don't try this at home, kids!) Meeting a pentester for the first time, and getting his first pentesting job Spinning up a box on the internet, having it get popped instantly, and wondering…"Are all these people trying to hack me?" Battling through a pentester's least favorite part of the job: THE REPORT! GreyNoise's origin story How to build a better honeypot/honeynet
2024-03-2259 min
Storm Watch by GreyNoise IntelligenceAI Crime Warnings & The National Vulnerability Database (NVD) SlowdownIn this episode of Storm⚡️Watch we're bracing for a tempest of cybersecurity insights. The Cyberside Chat segment takes a deep dive into the Department of Justice's recent announcement regarding AI in crimes, signaling harsher sentences akin to weapon-enhanced offenses. We explore the implications of AI's double-edged sword in criminal justice, the DOJ's Justice AI initiative, and the broader Artificial Intelligence Strategy. We also discuss federal actions to regulate AI, including the Algorithmic Accountability Act of 2022, and the Executive Order on Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government. A study on AI-modified content in peer revi...
2024-03-191h 00
Storm Watch by GreyNoise IntelligenceThe Patches & Perils Of Coordinated Vulnerability Disclosure | Lessons To Learn From The Rapid7/JetBrains KerfuffleIn the latest episode of GreyNoise Labs Storm⚡️Watch, we delve into a meta-discussion that stems from an escalating feud between cybersecurity firm Rapid7 and software development company JetBrains over the disclosure of two critical vulnerabilities in JetBrains' TeamCity CI/CD platform. The contention stems from differing approaches to vulnerability disclosure, leading to public disagreements and a series of attacks exploiting these vulnerabilities, identified as CVE-2024-27198 and CVE-2024-27199. On February 20, 2024, Rapid7 disclosed these vulnerabilities to JetBrains, highlighting the severity of CVE-2024-27198, which allows for a complete authentication bypass, potentially enabling attackers to perform administrative actions on the serve...
2024-03-1534 min
Storm Watch by GreyNoise IntelligenceVMware Vulnerabilities, Microsoft's Russia Breach, and USB Hacks by Nation StatesForecast = Areal Cyber Flood Warning In this episode of Storm⚡️Watch we delve into a variety of cybersecurity topics that are essential for professionals in the field. The episode kicks off with a roundtable discussion, setting the stage for a deep dive into recent critical vulnerabilities in VMware's ESXi, as reported by SecurityWeek. We explore the history of VMware vulnerabilities, including the infamous log4j, and speculate on the company's future trajectory. The spotlight then shifts to Microsoft and the implications of Russia's breach of their systems, as well as the impact of the SEC's disc...
2024-03-1258 min
Storm Watch by GreyNoise IntelligenceNSA Tracks Chinese Hackers, AI Threats, and 3D Printers Gone WildForecast = Partly Sunny With A Chance Of Catastrophic Haboobs In this episode of Storm⚡️Watch, we open with a critical discussion on the NSA's recent tracking of Chinese groups targeting Ivanti kit within the defense sector, as reported by TechCrunch. We also feature an in-depth analysis of JFrog's investigation into malicious AI/ML models on Huggingface, highlighting the silent backdoors that pose a threat to data scientists. We delve into the White House's "Back to the Building Blocks" technical report, shedding light on the administration's approach to cybersecurity. The conversation then shifts to the startling reve...
2024-03-051h 04
Storm Watch by GreyNoise IntelligenceLockBit Resurgence, Azure Hack Unraveled, and UnitedHealth Breach Forecast = Scattered Graupel Showers In this episode of Storm⚡️Watch, we delve into a series of critical cybersecurity events that have shaped the digital landscape recently. We kick off with by seeing which Disney Princess each co-host identifies with. This light-hearted opener transitions into a deep dive into the resurgence of the LockBit ransomware group, following significant arrests in Ukraine. The episode further explores the audacious claims and trolling by LockBitSupp, alongside a comprehensive summary by Brian Krebs and the response from Fulton County to the incident. The conversation then shifts to a massive Azure hack...
2024-02-2756 min
Storm Watch by GreyNoise Intelligence2024 Cybersecurity Update: Lockbit Takedown, GRU Botnet Disruption & Essential Security PracticesForecast = Advanced Persistent Thunderstorms In this episode of Storm⚡️Watch, we dive deep into the evolving landscape of cybersecurity in 2024. The episode kicks off with a thought-provoking roundtable discussion, pondering the potential theme song of 2024, setting the tone for a year that's already shaping up to be full of significant cybersecurity developments. We then transition into a comprehensive analysis of recent cybersecurity events and trends that are shaping the digital world. First on the agenda is the international police operation that successfully disrupted the notorious Lockbit cybercrime gang, a significant victory in the ongoing battle agai...
2024-02-2056 min
Storm Watch by GreyNoise IntelligenceMalware Infected Toothbrushes, Spyware Crackdown and, LOLBinsIn this episode of Storm⚡️Watch, we explore the captivating toothbrush scandal that's been stirring discussion within the infosec community. We dissect the narrative surrounding three million malware-infected smart toothbrushes allegedly manipulated into orchestrating a Swiss DDoS attack, an incident that has gained traction on platforms like InfoSec Exchange and Tom's Hardware. We then delve into the serious implications of Google's latest Spyware Report and the subsequent joint statement from various governments on the efforts to counter the proliferation and misuse of commercial spyware. These documents shed light on the alarming state of surveillance and the actions bein...
2024-02-131h 06
Storm Watch by GreyNoise IntelligenceFrom Cloudflare's Swift Breach Response to Deepfake ScamsIn this episode of Storm⚡️Watch, we delve into a variety of pressing cybersecurity topics, starting with a light-hearted roundtable discussion on our dream locations for the next DEFCON conference. We then move on to applaud Cloudflare for their exemplary response to a recent security breach, highlighting the importance of transparency and swift action in the face of cyber threats. The episode also covers the AnyDesk breach, shedding light on the incident and the company's response, underscoring the ever-present need for robust security measures. The conversation takes a serious turn as we discuss the CISA directive for Ivan...
2024-02-0656 min
Storm Watch by GreyNoise IntelligenceDeclining Ransomware Payments & Rising Cyber ThreatsIn the latest episode of Storm⚡️Watch, we delve into the pressing issue of ransomware payments, which are on a notable decline as victims increasingly choose not to pay. The conversation then turns to the alarming frequency of cyberattacks that often go unnoticed by the public, and highlights one recent breach in the municipality where a major U.S. court case is occurring. We highlight several incidents at organizations across the globe, emphasizing the pervasive nature of these security breaches. We also dissect the sobering findings from the Dragos Industrial Ransomware Report for Q4, which reve...
2024-01-3055 min
Storm Watch by GreyNoise IntelligenceWEF Outlook & Emerging ThreatsIn the latest episode of GreyNoise Labs Storm⚡️Watch, we delve into a variety of cybersecurity topics that are crucial for professionals to stay abreast of. We kick off with a discussion on the World Economic Forum's Cybersecurity Outlook for 2024, providing insights into the anticipated challenges and strategies for the coming year. This is followed by an analysis of the Allianz Global Risk Barometer Redux 2024, which highlights the evolving landscape of cyber threats and their implications for global risk management. The episode also introduces LogBoost, a tool designed to enhance log analysis, which is essential for identifying and...
2024-01-2359 min
Storm Watch by GreyNoise IntelligenceMFA & Cybersecurity: Crypto-Miner Takedown, Ivanti Debacle, and AI-Enhanced PhishingIn this episode of Storm⚡️Watch, we delve into a variety of cybersecurity topics, with a running theme of the vital need for Multi-Factor Authentication (MFA). We kick off with introductions and a roundtable discussion, followed by an exploration of a mass crypto-miner takedown, with insights drawn from reports by the Ukrainian Cyber Police and Bleeping Computer. We then discuss the Ivanti debacle, referencing a blog post by Volexity. This is followed up by the note of two X account hacking events (SEC & Mandiant), as reported by The Register and Security Affairs. The NSA's warning about AI-enhanced phish...
2024-01-161h 00
Storm Watch by GreyNoise IntelligenceInto the Mind of Morris: Trajectory of Internet Mass ExploitationIn this episode of Storm⚡️Watch podcast, we kick off the new year with a lively roundtable discussion. Our special guest for this episode is Andrew Morris, who brings a unique perspective to our conversation (given that he's, like, our CEO & Founder). Given Morris' propensity for "hot takes", this should be a doozy of an interview. A significant part of our post-interview discussion revolves around the loanDepot breaches that occurred in 2023 and the start of 2024. We delve into the details of these incidents, providing insights into the cybersecurity implications and the broader impact on the industry. We also...
2024-01-091h 10
Storm Watch by GreyNoise IntelligenceNew SEC Rules, Threat Predictions, and Vulnerability Impact ScoringIn this episode of Storm⚡️Watch, we kick off with our usual intros and roundtable discussion between co-hosts Kimber Duke, Emily Austin, Glenn Thorpe, and boB Rudis. The show continues with a celebration of the FBI's confirmation that ALPHV has, indeed, been taken down. Moving on, a significant development this week is the effective implementation date of new SEC cyber reporting rules. These rules mandate that companies report "material cybersecurity incidents" to their investors. The rules went into effect this week, and VF Corporation was one of the first to report under these new guidelines. VF Corpo...
2023-12-191h 09
Storm Watch by GreyNoise IntelligenceALPHV/BlackCat: BUSTED!?, Lazarus' Log4j Larks, Stopping Cloud Attackers Cold With The "AWS Kill Switch"In this episode of Storm⚡️Watch by GreyNoise Intelligence, we discuss the rumored takedown of the ALPHV/BlackCat ransomware site, which has been offline for days, fueling speculation that law enforcement may have finally caught up with the prolific ransomware group. We then delve into the North Korea-linked Lazarus Group's exploitation of the Log4j vulnerability in a global campaign targeting companies in the manufacturing, agriculture, and physical security sectors. This deep-dive Breaking News segment will shed some light on why attackers are still going after this two-year old weakness, and also discuss how attackers are using modern...
2023-12-121h 09
Storm Watch by GreyNoise IntelligenceStorm⚡️Watch - 12/5/23Welcome to the latest episode of Storm⚡️Watch, where we delve into the most recent cybersecurity events and trends. We are also joined by our friends at Trinity Cyber. In this episode, we're excited to announce the arrival of TAGSMAS! This is a special event where we celebrate the power of tags in cybersecurity and how they can help us better understand and respond to threats. We start the show with the team over at Trinity Cyber, with an in-depth discussion about what they do and how they and GreyNoise partner to keep organizations (and humans...
2023-12-051h 06
Storm Watch by GreyNoise IntelligenceStorm⚡️Watch - 11/28/23In this episode of Storm Watch, we delve into a range of cybersecurity topics that have made headlines recently. We kick off with a discussion on the recent agreement inked by the US, Britain, and other countries to make AI 'secure by design'. This landmark decision underscores the growing importance of cybersecurity in the era of artificial intelligence and the collective effort to ensure its safe implementation. Next, we turn our attention to the disruption of a Cyber Scam Organization through the seizure of nearly $9M in cryptocurrency. This case highlights the increasing use of d...
2023-11-281h 07
Storm Watch by GreyNoise IntelligenceStorm⚡️Watch - 11/21/23Welcome to the latest episode of Storm Watch by GreyNoise Intelligence, hosted by Emily Austin, Kimber Duke, Glenn Thorpe, and boB Rudis. In this episode, we're excited to share some good news about the takedown of the IPStorm Botnet, a significant victory in the fight against cybercrime. The Russian and Moldovan national behind the illegal botnet proxy service has pleaded guilty, marking a significant step forward in international cybersecurity efforts. In breaking news, we discuss the recent SEC complaint filed by AlphV against MeridianLink for not disclosing a breach to the SEC. The breach was linked to...
2023-11-211h 07
Storm Watch by GreyNoise IntelligenceStorm⚡️Watch - 11/14/23Before we got the podcast going, we sent some love to Iceland, which is currently experiencing significant seismic activity. The Icelandic Meteorological Office has detected about 900 earthquakes in the region between Grindavík and Sundhnúkur, leading to the evacuation of the coastal town of Grindavík. The likelihood of a volcanic eruption is deemed considerable. In good news, an international syndicate involved in cybercrime has been busted with the arrest of eight people. This is a significant step in the fight against cybercrime and a testament to the hard work of law enforcement agencies worldwide. B...
2023-11-141h 02
Storm Watch by GreyNoise IntelligenceStorm⚡️Watch - 11/7/23In this episode of Storm Watch our hosts discuss a variety of topics, including the top cyber conflicts, vulnerability remediation, and the latest issues with Confluence, F5, ApacheMQ, and VMware. The episode began with a brief introduction and some casual banter among the hosts. They discussed their Halloween experiences and a Glenn's obsession with Wordle. They also mentioned a movie called "Clown" that Kimber recommended for those with a fear of clowns. The hosts then moved on to discuss cybersecurity topics including: -Interview with Konstantin of CVECrowd.com - Good News: UK...
2023-11-071h 20
Storm Watch by GreyNoise IntelligenceStorm 🎃 Watch - 10/31/23The StormWatch podcast episode from October 31, 2023, began with the hosts in a light-hearted mood, donning costumes for Halloween. The hosts discussed the latest happenings in the cybersecurity world, focusing on the latest phones, developments at Censys and GreyNoise, and important cybersecurity news. They also touched on conspiracy theories. The hosts were in costumes, with one host dressed as the Invisible Man, another as Louise Belcher from Bob's Burgers, and another as Cozy Bear, a reference to APT 29, a cyber espionage group. They also discussed their "scariest vulnerabilities," with one host mentioning the mercenary spyware like Pegasus as a significant...
2023-10-311h 14
Storm Watch by GreyNoise IntelligenceStorm⚡️Watch - 10/24/23This episode of Storm Watch begins with introductions of the hosts - Bob, Emily (Censys), Glenn, Remy, and guest Jake Baines (VulnCheck). The hosts discuss two ransomware groups being taken down - the Ukrainian Cyber Alliance taking down Trigona, and RagnarLocker ceasing operations. However, they note ransomware attacks often continue in new forms. The increase in Bitcoin value is also concerning, as it tends to correlate with more ransomware attacks. A significant portion of the podcast focuses on the vulnerabilities in Cisco routers and Citrix systems. The hosts explain the vulnerabilities, provide background, and detail t...
2023-10-241h 11
Storm Watch by GreyNoise IntelligenceStorm⚡️Watch - BREAKING NEWS - 10/18/23This "Breaking News" edition of the Storm Watch podcast begins with the hosts introducing themselves and their guest, Mark from Censys. The hosts discuss the recent surge in activity around a new Cisco IOS vulnerability and the subsequent system implants. Censys has published a blog post on the topic and discovered that approximately 41,983 hosts had this implant installed, an increase of about 5,000 to 6,000 from the previous day. The hosts discuss the unique nature of this implant, noting that it does not persist through reboots or maintenance. However, attackers can establish a more permanent threshold or entry point...
2023-10-1820 min
Storm Watch by GreyNoise IntelligenceStorm⚡️Watch - 10/17/23On this episode of Storm Watch the hosts discuss a recent vulnerability in the Cisco IOS software, which they describe as a "legit terrible vulnerability". This vulnerability can be triggered to place an implant on a Cisco device, granting the attacker full access to the device. They emphasize that this is a serious issue and encourage listeners to look into it further. They also discuss a vulnerability in WordPad, which they find surprising given that WordPad is often forgotten about. They note that Microsoft has claimed to have updated WordPad to address this vulnerability and also that Microsoft is...
2023-10-171h 17
Storm Watch by GreyNoise IntelligenceStorm⚡️Watch - 10/10/23In this episode of Storm Watch, the hosts were joined again by Emily Austin, a senior researcher from Censys, and Daniel Grant, a principal data scientist at GreyNoise. They discussed the SIFT tool, a new product from GreyNoise, and its potential applications in the field of cybersecurity. The hosts began by discussing a recent Microsoft report that suggested basic security hygiene could protect against 99% of attacks. They highlighted the importance of multi-factor authentication, zero trust, and patching as key elements of this basic security. The hosts also noted that 80% of ransomware compromises occur via unmanaged devices, emphasizing...
2023-10-1059 minStorm Watch by GreyNoise IntelligenceStorm⚡️Watch - 10/3/23Welcome to Storm Watch by GreyNoise Intelligence, where the hosts discuss the latest cybersecurity topics and news. In this episode, the hosts are joined by special guest Emily Austin, a security researcher at Censys. Censys is a company that scans the entire IPV4 space, providing fast internet-wide scan data for researchers, threat hunters, and others who need to understand the internet landscape. They also offer an attack surface management platform to help organizations identify and protect their assets. Emily is a senior researcher and leads the research team at Censys, focusing on new vulnerabilities and internet measurement...
2023-10-031h 07
Secure Ventures with Kyle McNultyGreynoise: Andrew Morris on Honeypots for Threat IntelligenceAndrew:
CEO and founder of Greynoise, providing threat intelligence classifying standard internet noise
Previously worked on the R&D team at the cyber intelligence company Endgame (later acquired by Elastic in 2019)
Dropped out of high school and never finished or attended college
Check out the episode for our conversation on the cybersecurity equivalent of waiting tables, the merits of a high school diploma, and the mechanisms behind the Greynoise threat intelligence model.
https://www.greynoise.io/
2023-10-0353 minStorm Watch by GreyNoise IntelligenceStorm⚡️Watch - 9/26/23In this episode of Storm Watch, the hosts discuss their recent experiences and updates in the cybersecurity world. The podcast begins with Kimber sharing her experience at LabsCon, a small conference organized by Sentinel One's labs team, focused on threat intelligence information sharing. Next, the hosts discuss GreyNoise's sensor workshop at LabsCon, where they demonstrated the deployment of a sensor and the possibilities it opens up for information gathering. Sensors are points on the internet that passively collect data, waiting for interactions and storing the information in a database for further analysis. The team is working on n...
2023-09-2654 minStorm Watch by GreyNoise IntelligenceStorm⚡️Watch - 9/19/23In this episode of Storm Watch, the hosts discuss a recent noise storm, which is an event where a capable attacker group sends out massive amounts of TCP packets without three-way handshakes. These noise storms can cause problems for data processing pipelines and are sometimes used to distract security professionals from other malicious activities. The hosts also mention that some early noise storms were in close proximity to large-scale military engagements, leading to speculation about their purpose. The podcast also covers a recent ransomware attack by the AlphaV group, which targeted MGM via Okta, a popular identity...
2023-09-1957 minStorm Watch by GreyNoise IntelligenceStorm⚡️Watch - 9/12/23In the Storm Watch podcast episode from September 12, 2023, the host discusses the value of private group chats and the resurgence of IRC. They mention the creation of a new Discord server for their community and express concerns about Salesforce's ownership of Slack. The conversation then shifts to the recent Apple vulnerabilities, emphasizing the importance of patching devices and staying informed about security issues. The host also talk about the LastPass breach, in which the company was hacked, and the subsequent poor handling of the situation. They advise listeners to switch to two-factor authentication and change their passwords...
2023-09-1247 minStorm Watch by GreyNoise IntelligenceStorm⚡️Watch - 9/5/23In this episode of Storm Watch, the hosts discuss various topics related to cybersecurity and the internet. They begin by comparing the unpredictability of weather patterns to the challenges of predicting internet activity and cyber threats. The hosts suggest that perhaps they should consider using a "cone of uncertainty" model, similar to hurricane forecasting, to help visualize potential internet threats. The conversation then shifts to the recent North Korean cyberattacks targeting security researchers. The hosts express disappointment at not being targeted themselves and discuss the importance of being aware of potential threats and evaluating one's own risk...
2023-09-0548 min
Storm Watch by GreyNoise IntelligenceStorm⚡️Watch - 8/28/23In the August 28th episode of the Storm Watch podcast, the hosts discussed various cybersecurity topics and welcomed a new guest, Donna, the director of product design at Grey Noise. Donna shared her experience attending Blue Team Con, a conference for cybersecurity defenders. She emphasized the importance of learning directly from the cybersecurity community to improve Grey Noise's overall user experience. Glenn, another host, also attended the conference and praised its organization, variety of talks, and friendly atmosphere. The hosts then discussed a recent Sophos report on cybersecurity trends, highlighting the report's engaging writing style and informative...
2023-08-2842 min
Hacker And The FedDemystifying Internet Honeypots and Getting into Cyber Security with Andrew Morris, Founder and CEO of GreyNoiseThis week on Hacker And The Fed we have Andrew Morris, CEO and founder of GreyNoise on the show. GreyNoise is a cybersecurity company that collects and analyzes mass internet data to remove pointless security alerts, find compromised devices, or identify emerging threats. We talk internet honeypots, how to get into the cyber security industry and much more.Links from the episode:Andrew Morris, CEO & Founder of GreyNoisehttps://www.greynoise.io/https://twitter.com/Andrew___Morrishttps://twitter.com/GreyNoiseIO Support our sponsor:
2023-08-2450 min
Storm Watch by GreyNoise IntelligenceStorm⚡️Watch - 8/21/23In this episode of Storm Watch, the hosts discuss their experiences at Hacker Summer Camp and their excitement about new sensors they've been working with. They consider the possibility of doing a demo in the next episode and mention some sneak peeks available on Andrew's Twitter account. The conversation then shifts to the extreme weather conditions they've been experiencing, including heat domes and "her quakes." The hosts express their disappointment with the lack of progress made by federal departments and agencies in response to the Biden-Harris administration's executive order on cybersecurity. They emphasize the importance of faster...
2023-08-2142 minStorm Watch by GreyNoise IntelligenceStorm⚡️Watch - 8/14/23In this Storm Watch episode the hosts discuss various topics related to cybersecurity, vulnerabilities, and attacker activity. The episode features Kimber, a product manager at GreyNoise, and Glenn Thorpe, the director of security research and detective engineering at Grey Noise. The team shares their experiences and takeaways from attending Black Hat DEF CON, a cybersecurity conference held in Las Vegas. During the conference, the hosts noticed an increased focus on API and supply chain security, particularly among startups. They also observed a growing interest in healthcare security, with discussions centered around protecting hospitals from ransomware attacks and...
2023-08-1432 minStorm Watch by GreyNoise IntelligenceStorm⚡️Watch - 8/7/23In this episode of Storm Watch, the hosts discuss a variety of topics, including their upcoming trip to Vegas for a cybersecurity event and the challenges they face in staying up-to-date with the latest vulnerabilities and threats. One of the main topics of discussion is the issue of companies hiding vulnerability information behind paywalls or requiring NDAs to access advisories. The hosts argue that this practice is counterproductive, as it slows down awareness and remediation efforts while creating anxiety and anger towards the affected company. The hosts also touch on the upcoming Noise Fest CTF (Capture the...
2023-08-0745 minStorm Watch by GreyNoise IntelligenceStorm⚡️Watch - 7/31/23In this episode of Storm Watch, the hosts discuss the recent MOVEit data breach and its impact on various organizations. They mention that around 550 organizations have been affected so far, but this number is likely to increase significantly. One of the victims, National Students Clearinghouse, partners with about 3,600 US post-secondary schools, and it is unclear how many of these institutions have been affected. The hosts also discuss the costs associated with incident response, with one company estimating its recovery and remediation costs at $15 million. Brett Callow from Emsisoft joins the conversation to provide more insight into the...
2023-07-3147 minStorm Watch by GreyNoise IntelligenceStorm⚡️Watch - 7/24/23In the Storm Watch episode the hosts were joined by Matthew Remacle, aka Remy, a detection engineer at GreyNoise. They discussed the recent surge in zero-day vulnerabilities, which they dubbed "zero-day summer," and how it seems to occur every year before the Blackhat conference. Remy shared his role at GreyNoise, where he analyzes network traffic to write tags or signatures for malicious, benign, and unknown network traffic to identify behaviors on the internet. The hosts also talked about recent vulnerabilities in ColdFusion and Citrix ADC servers, emphasizing the importance of patching these systems. They mentioned Mandiant's report...
2023-07-2439 minStorm Watch by GreyNoise IntelligenceStorm⚡️Watch - 7/17/23In this episode of the Storm Watch podcast, the hosts discuss their recent vacations and the mandatory two-week shutdown at GreyNoise. The conversation then shifts to the MOVEit software and its increasing number of CVEs. Kimber suggests that the surge in CVEs might be due to researchers taking a closer look at MOVEIt for the first time, as it is a critical software used in government entities. The hosts also discuss the possibility that similar software might become a focus for attackers in the coming months. Next, the hosts talk about the lack of new t...
2023-07-1741 minStorm Watch by GreyNoise IntelligenceStorm⚡️Watch - 6/26/23In this episode of Storm Watch, the hosts discuss a variety of cybersecurity topics, starting with the discovery of an Android mobile botnet. They note that mobile traffic has been trending upward since the end of March, with a significant increase in April. The botnet is attributed to a banking Trojan, and the hosts emphasize the importance of keeping mobile devices updated and being cautious with app installations and link clicks. The conversation then shifts to recent cyber incidents, including the VMware ARIA vulnerability and the Fortinet and Zyxel pre-auth injection vulnerabilities. The hosts stress the importance...
2023-06-2627 minStorm Watch by GreyNoise IntelligenceStorm⚡️Watch - 6/20/23In this episode of Storm Watch, the hosts discuss various cybersecurity topics, including a Fortinet vulnerability, a DDoS attack on Microsoft Outlook, the ongoing issues with Log4j, and the "MOVEit" vulnerability. The hosts first talk about a new Fortinet vulnerability, expressing their snarky comments about the company's security issues. They then move on to discuss a recent DDoS attack on Microsoft Outlook, which caused significant downtime for users. The attack was attributed to Anonymous Sudan, a hacktivist group that uses open proxy services to launch their attacks. The hosts mention that with the current political climate...
2023-06-2046 min
Storm Watch by GreyNoise IntelligenceStorm⚡️Watch - 6/12/23In this episode of Storm Watch, the hosts discuss a variety of cybersecurity topics, including a new CDE (202327997) related to a Fortinet RCE vulnerability in SSL VPNs. The vulnerability was discovered by a French research group and is currently being tracked. Fortinet has already issued patches, so the hosts advise upgrading Fortinet devices as soon as possible. The hosts also discuss the recent issues with Barracuda appliances, advising users to consider replacing them due to security concerns. They mention that Barracuda devices may be falling out of fashion in favor of alternatives like Proofpoint. Reddit's...
2023-06-1228 min
Storm Watch by GreyNoise IntelligenceStorm⚡️Watch - 6/5/23In this episode of Storm Watch, the hosts discuss the recent Moveit vulnerability and its impact on various organizations. Kimber, a GreyNoise product manager, shares her background and role at the company. She started on the research team, now known as GreyNoise Labs, and transitioned to product management, where she focuses on packaging GreyNoise data to help users in their environments. The Moveit vulnerability, which allows for unauthorized access to the database, was first reported in an advisory from Progress, the software vendor. The Grey Noise community quickly raised awareness of the issue, and the company published...
2023-06-0518 min
Storm Watch by GreyNoise IntelligenceStorm⚡️Watch - 5/30/23In this episode of Storm Watch, hosts Bob and Glenn discuss recent cybersecurity events and the ongoing activity of the Mirai botnet. They mention a significant spike in Mirai botnet activity starting around May 10th, which continued to increase throughout the following weeks. The hosts note that Mirai is one of the primary botnets on the internet, with thousands of IP addresses attempting to find new members daily. The hosts also discuss the geographical distribution of Mirai-infected devices, which are spread across the globe, mostly in residential networks. They highlight that Amazon's network has compromised servers that...
2023-05-3018 min
Storm Watch by GreyNoise IntelligenceStorm⚡️Watch - 5/22/23In our 1st episode of Storm Watch, the hosts discuss GreyNoise, a cybersecurity company that operates a large honeypot network to collect data on unsolicited internet traffic. By analyzing this data, GreyNoise can identify attackers, network scanners, and other malicious activities, helping users prioritize and make actionable decisions based on the findings. The hosts also talk about CISA KEV, a known exploited vulnerabilities list that helps organizations prioritize remediation and mitigation efforts. CISA KEV updates are not on a scheduled basis but are added as new information becomes available. GreyNoise partners with SysiCav to provide valuable data...
2023-05-2218 min
Enterprise Security Weekly (Video)Dragons & Unicorns, Phishing Training, GreyNoise, & Becoming Domain Admin - ESW #255In the Enterprise Security News for this week, ZeroFox has a $1.4 billion dollar blank check, Corellium raises a $25m series A, GreyNoise makes its data free to help out Log4j sufferers, AWS suffers its third outage in a month (coincidentally hindering GreyNoise’s efforts), Ditching Unicorns for Dragons, Yet another easy way to become domain admin, thanks Microsoft, New report finds that current phishing training isn’t effective and is even potentially harmful, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw255
2021-12-2444 min
Small Efforts - with Sean Sun and Andrew AskinsDropping out of high school with Andrew Morris, CEO of GreyNoise(0:27) Andrew, Sean, and another Andrew(7:24) Getting ahold of the people you want and don't want to get to(11:30) Crossing the chasm: Getting rid of collection bias and positioning yourself better(16:15) Leading people who work for the people who work for you (20:15) The Difference Between Therapists and Executive Coaches: One tells you to shut up and suck it up(23:09) Values vs principles(32:02) Andrew Morris's goal used to be to sell for $30M. Given that GreyNoise is valued at more than $30M today what are his goals now?
2021-11-221h 29
Security SandboxReducing Alert Fatigue with GreyNoise's Andrew MorrisThe background noise of the Internet is a loud hum and rumble. Everyday, automated scanners bombard servers with traffic. Sometimes they're benign, other times malicious; when you're an analyst, it takes time to tell the difference. For the past year, Andrew Morris (@Andrew___Morris) has been helping companies filter pointless alerts and reduce false positives. He's built GreyNoise Intelligence, a platform that helps companies and analysts understand what NOT to worry about. Through collecting and analyzing widespread internet scans and attack activity, GreyNoise gives SIEMs the ability to tune out the background noise of the Internet.
---
Send...
2019-03-0448 min
Security ConversationsAndrew Morris, Founder and CEO, GreyNoise IntelligenceFounder and CEO of GreyNoise Intelligence Andrew Morris (andrew___morris) talks about his “anti threat-intelligence” company, the ways SOCs are using it to filter through scanning noise and the trials and tribulations of bootstrapping a start-up. https://securityconversations.com/wp-content/uploads/2018/05/andrew_morris.mp3 This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit ryanaraine.substack.com
2018-06-0137 min
Three Buddy ProblemAndrew Morris, Founder and CEO, GreyNoise IntelligenceFounder and CEO of GreyNoise Intelligence Andrew Morris (andrew___morris) talks about his “anti threat-intelligence” company, the ways SOCs are using it to filter through scanning noise and the trials and tribulations of bootstrapping a start-up.
https://securityconversations.com/wp-content/uploads/2018/05/andrew_morris.mp3Links:What is GreyNoise?
2018-06-0137 min