Storm⚡️Watch by GreyNoise Intelligence

Forecast = Expect a 90% chance of phishing 🐠 attacks, with a high probability of ransomware showers. Don't forget your two-factor authentication ☔ umbrella! In this episode, we tackle the controversial Microsoft Recall feature. This new AI-enabled tool for Windows 11 Copilot+ PCs has sparked significant privacy concerns. Recall takes screenshots every few seconds, potentially capturing sensitive information like passwords and private messages. Despite Microsoft's assurances of local storage and encryption, the feature's default activation and the exclusion of Windows Home users from encryption protections have raised alarms among privacy advocates and cybersecurity experts. We explore the implications of this feature and discuss ways users can protect their data. Next we turn our attention to the sorry state of ISP router safety. A mysterious attack last year disabled over 600,000 internet routers in the U.S., primarily affecting rural and underserved communities. The attack, dubbed "Pumpkin Eclipse," involved malicious firmware updates that rendered the routers inoperable. The incident highlights the vulnerabilities in our critical infrastructure and the need for robust cybersecurity measures. We also take a look at the curious case of Cox Communications routers, documented by Sam Curry in a recent blog post. During "Tool Time," we introduce CyberSecTools, a useful resource for cybersecurity professionals to survey tools and resources they might find useful when defending their organizations. We also take a moment for some "Shameless Self-Promotion," discussing Censys' recent findings on a critical vulnerability in Check Point VPN Gateways (CVE-2024-24919).  Our "Tag Roundup" segment offers updates on recent and active cybersecurity campaigns, including the resurgence of the Dridex and Trickbot malware families. We also highlight ongoing attempts to exploit and survey the Check Point Quantum Gateway vulnerability. Finally, in "We Need to Talk About KEV," we provide a roundup of known exploited vulnerabilities, emphasizing the importance of staying informed and proactive in cybersecurity defense. Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast = Expect continued turbulence in the healthcare sector with a high chance of regulatory scrutiny and potential for scattered patient data leaks. ‍ On this episode of the Storm⚡️Watch we re-visits the Change Healthcare cyberattack which continues to have major impacts across the U.S. healthcare system. The attack, discovered in February 2024, was carried out by the ALPHV/BlackCat ransomware group and has disrupted healthcare operations nationwide. The breach potentially compromised sensitive data for up to one-third of the U.S. population, including personal information, health records, and financial data. Change Healthcare and UnitedHealth Group have faced criticism for their handling of the incident, including a delayed public disclosure. The attack has highlighted vulnerabilities in centralized healthcare data systems and the need for stronger cybersecurity measures industry-wide. In the Tool Time segment, the hosts will discuss OpenSSF Siren, a new resource to help keep open source projects safe. We close out the episode covering recent cybersecurity trends and active campaigns in the Tag Roundup section, as well as provide an update on known exploited vulnerabilities (KEVs) that organizations should be aware of. Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast = Melting data centers and liquified cables causing massive internet outages across the northeast will cause a much-needed reduction in cybercrime. ‍ In this episode of Storm⚡️Watch, we cover the latest updates from the cyber world, starting with the intriguing news that Microsoft has decided to recall its controversial Windows Recall feature. Initially set to launch with Copilot+ PCs, the feature faced significant backlash due to privacy concerns, leading Microsoft to delay its release indefinitely. Next, we explore the fascinating realm of artificial intelligence in our Cyberside Chat segment. We discuss Apple's ambitious AI initiatives, including their custom-built AI servers and the Private Cloud Compute system designed to enhance AI processing while maintaining user privacy. Tim Cook's recent interviews shed light on Apple's commitment to privacy and the challenges of preventing AI hallucinations, a topic that has garnered much attention. Our Cyber Spotlight segment takes a deep dive into CVE-2024-4577, a critical remote code execution vulnerability in PHP. We analyze the implications of this vulnerability and provide insights into how organizations can protect themselves. In Tool Time, we introduce FingerProxy, a new Golang library and HTTPS reverse proxy that creates JA3 + JA4 + Akamai HTTP2 fingerprints, and forwards to backend via HTTP request headers. We also cover the latest trends in cyber threats and active campaigns in our Tag Roundup, providing a comprehensive overview of the current threat landscape. This includes recent backdoor attempts on various devices, highlighting the importance of staying vigilant and proactive in cybersecurity. Finally, we wrap up the episode with our KEV Roundup, discussing the latest known exploited vulnerabilities cataloged by CISA and their impact on the cybersecurity community. Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast = Expect a scorcher 🔥 out there with a high risk of data exposure and authentication vulnerabilities. In this episode of Storm⚡️Watch, we dive into the main topics of the day, starting with how Microsoft is enhancing privacy and security with its Windows Recall feature and Windows Hello biometric authentication. We'll also cover the recent Snowflake breach, which has impacted several major companies due to stolen credentials, and discuss Microsoft's plans to phase out the NTLM authentication protocol in favor of the more secure Kerberos protocol. But first: Patrick Garrity! ‍Patrick joins us to discuss the latest trends in May and then pivot to an engaging conversation about the National Vulnerability Database (NVD) and vulnrichment, highlighting the relevant GitHub project (https://github.com/cisagov/vulnrichment). Recall Recall - We Did It! ‍Microsoft has made the Windows Recall feature opt-in and secured it with Windows Hello authentication, addressing privacy concerns. Recall captures snapshots of user activity for productivity assistance and will now only decrypt data when the user authenticates with Windows Hello, adding an extra layer of security. The updated feature with enhanced privacy and security is set to release on June 18. (https://www.bleepingcomputer.com/news/microsoft/microsoft-makes-windows-recall-opt-in-secures-data-with-windows-hello/) Snowflake Breach - Largest Ever? ‍Snowflake, the cloud data analytics platform, faces a significant security incident involving unauthorized access to customer accounts using stolen credentials. Hackers targeted accounts without multi-factor authentication (MFA) enabled, affecting companies like Ticketmaster, Santander, Advance Auto Parts, and LendingTree's subsidiary QuoteWizard. Despite claims on BreachForums about selling stolen data, Snowflake asserts no breach in its own systems and attributes the incident to compromised customer credentials. The company has been criticized for its lack of transparency and is planning to roll out MFA by default for all customer accounts, though no specific timeline has been provided. (https://www.wired.com/story/snowflake-breach-advanced-auto-parts-lendingtree/) Microsoft to Disable NTLM, Transition to Kerberos Authentication ‍Microsoft is moving away from the NTLM authentication protocol, advising developers to use Negotiate calls that select the most secure protocol, typically Kerberos. The next major Windows and Windows Server release will be the last where NTLM is active by default. NTLM will remain available as a fallback during the transition period, but once its usage drops to an acceptably low level, Microsoft will disable NTLM by default in a future Windows 11 release. No specific timeframe has been provided, but this transition is expected to take several more years after the next major release. (https://cybersecuritynews.com/microsoft-to-disable-ntlm/) Storm Watch Homepage >> Learn more about GreyNoise >>  

In this episode Storm⚡️Watch, we dive into the turbulent world of cybersecurity, focusing on the latest threats and vulnerabilities shaking the digital landscape. Expect rogue VM squalls and intermittent atmospheric DNS instability as we dissect the complexities of these cyber phenomena. We kick off with our usual intros and a roundtable discussion, posing the thought-provoking question: "What's a belief you held as a child that you had to unlearn as you grew older?" This sets the stage for a reflective and engaging conversation among our hosts. Our first deep dive is into the mysterious C root-server outage, exploring the persistent issue that "It's Always DNS." Despite the fix, the cause remains unclear, leaving the internet's stability in a precarious state. We reference detailed analyses from Ars Technica and root-servers.org to unpack this enigma. Next, we shine a spotlight on the alarming rise of rogue virtual machines (VMs) in cyber intrusions, particularly focusing on MITRE's recent experiences. We discuss how threat actors have been abusing VMware environments to infiltrate defenses, as detailed in several insightful articles from MITRE Engenuity and other sources. This segment underscores the critical need for robust VM management and security practices. In our Tool Time segment, we introduce the MITRE Threat Report ATT&CK Mapper (TRAM), a powerful tool designed to enhance threat detection and response capabilities. We guide listeners through its features and practical applications, emphasizing its role in fortifying cybersecurity defenses. We take a moment for some shameless self-promotion, highlighting Censys's NextGen Mirth Connect and GreyNoise's upcoming webinar on AI for cybersecurity. These initiatives showcase the cutting-edge work being done to advance cyber defense technologies. Our tag roundup segment provides a snapshot of recent trends and active campaigns in the cybersecurity landscape, using GreyNoise's visualization tools to offer a clear and concise overview of the current threat environment. We wrap up with a KEV roundup, summarizing the latest updates from the Known Exploited Vulnerabilities catalog by CISA. This segment ensures our listeners are well-informed about the most pressing vulnerabilities and the necessary steps to mitigate them. Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast = Intermittent internet-wide scanner probes with a 20% chance of DDoS. Believe it or not, it has been one year since we started Storm Watch. While we still don't understand it, we are so grateful to everyone who keeps coming back week after week to hear us discuss all things cybersecurity. In this episode, the team takes a look back at how we got here and looks forward at what's to come for our little podcast. We are also honored to talk with security expert and runZero Co-founder & CEO, HD Moore. Storm Watch Homepage >> Learn more about GreyNoise >>    

Forecast = Expect a stormy week ahead in the cyber world, with high chances of CWE showers. In this episode of Storm⚡️Watch, we're diving deep into the cyber world with a lineup of intriguing topics and expert insights. The spotlight of this episode shines on the 2024 Verizon Data Breach Investigations Report, a comprehensive analysis that sheds light on the evolving landscape of cyber threats and vulnerabilities. We'll quiz Glenn on the key findings of the report, discussing the significant increase in vulnerability exploitation as an initial access point, which nearly tripled in 2023. This segment will delve into the implications of these findings for organizations and the importance of robust cybersecurity measures. Our Cyber Spotlight segment will explore the impact of a recent solar storm on precision farming, highlighting how geomagnetic disturbances knocked out tractor GPS systems during a critical planting season. We'll discuss the broader implications of solar storms on GPS-dependent technologies and the steps industries can take to mitigate these risks. Additionally, we'll touch on the threats to precision agriculture in the U.S., including the warning about using Chinese-made drones in farming operations. In Tool Time, we introduce CISA's Vulnrichment, a tool designed to enrich vulnerability management processes. This segment will provide insights into how Vulnrichment can aid organizations in identifying and mitigating vulnerabilities more effectively. Our Shameless Self-Promotion segment will feature exciting updates from Censys & GreyNoise, including an upcoming report and webcast on AI for cybersecurity, and a recap of the NetNoiseCon event. We'll also drop a link to the "Year of the Vuln" as highlighted in the 2024 Verizon DBIR, a post which offers our take on surviving this challenging period. To wrap up, we'll discuss the latest trends in cyber threats and active campaigns, providing listeners and viewers with a comprehensive overview of the current cyber threat landscape. Storm Watch Homepage >> Learn more about GreyNoise >>  

Half of the Storm⚡Watch crew is DoS’d at RSA this week, so we’re taking a bit of a break! But, the cyber news never stops, so, we’ve put together an async edition of the show to ensure our amazing live contributors, video-on-demand viewers, and podcast listeners have something to fill the dire gap that will exist in your lives. Rest assured, we’ll be back next Tuesday with the full crew and plenty to dig into. Read the accompanying blog/show notes here. Storm Watch Homepage >> Learn more about GreyNoise >>    

Forecast = Great weather for phishing, with a chance of scattered ransomware showers throughout the week. This week's episode features a detailed discussion on the use of anonymous proxies in cybersecurity. This segment will explore various facets of anonymous proxies, including their role in masking user identity and the challenges they pose to cybersecurity efforts. The discussion will be enriched with insights from several sources, including Okta, Orange Cyber Defense, Talos Intelligence, and DataDome, providing a comprehensive overview of how these proxies are used and detected in the cyber landscape. Another highlight of the episode is the "Cyber Spotlight" segment, which will delve into the intriguing world of vulnerability markets. This discussion will be informed by research from arXiv, offering listeners a deep dive into the complexities and ethical considerations surrounding the trade and exploitation of software vulnerabilities. Listeners will also be introduced to Arkime, an open-source tool designed for network traffic analysis, in the "Tool Time" segment. This tool is crucial for professionals looking to gain deeper insights into their network traffic and enhance their security posture. The episode will not shy away from promoting its own advancements and contributions to the cybersecurity field. Under "Shameless Self-Promotion," the podcast will discuss Censys and its recent findings on CVE-2024-4040, as well as GreyNoise's insights into Fortinet's FortiOS and their user-centric approach to cybersecurity. The "Tag Roundup" segment will provide updates on recent and active cybersecurity campaigns, offering listeners a snapshot of the current threat landscape, while the "We Need to Talk About KEV" segment will focus on a roundup of known exploited vulnerabilities, providing crucial information for cybersecurity defense. Storm Watch Homepage >> Learn more about GreyNoise >>  

In this episode of Storm⚡️Watch, we discuss a wide range of intriguing cybersecurity topics. A significant highlight of this episode is our discussion on the recent vulnerabilities discovered in CrushFTP. This popular file transfer software was found to have a critical remote code execution vulnerability, which has been actively exploited. The vulnerability, identified as CVE-2023-43177, allows unauthenticated attackers to execute arbitrary code and access sensitive data. Despite patches being released, the software remains a target for opportunistic attacks, emphasizing the need for users to update and secure their systems promptly. We also explore the cutting-edge realm of LLM (Large Language Model) agents with the capability to autonomously exploit and hack websites. Recent studies have shown that these agents can autonomously perform complex tasks like SQL injections and database schema extractions without prior knowledge of the vulnerabilities. This development poses new challenges and opportunities in cybersecurity, highlighting the dual-use nature of AI technologies in cyber offense and defense. Our "Tool Time" segment introduces listeners to the CPE Guesser tools, which aid in predicting Common Platform Enumeration names, helping cybersecurity professionals streamline their vulnerability management processes. In a lighter segment, "Shameless Self-Promotion," we celebrate GreyNoise's achievement of reaching '1337' status with their tagging system. We also provide updates on the latest cybersecurity trends with our "Tag Roundup," discussing recent and active campaigns, and conclude with a "KEV Roundup" where we discuss the Known Exploited Vulnerabilities catalog by CISA, providing listeners with crucial information on vulnerabilities that require immediate attention. As we wrap up the episode, we reflect on the discussions and insights shared, encouraging our listeners to stay proactive in managing cybersecurity risks. Forecast = The KEV drought continues well-into its second week, but a vulnerable frontal system could bring some much needed exploit rain. Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast = Scattered AI showers with a chance of phishing breezes. ‍ In this episode of Storm⚡Watch, listeners delve into the latest AI technology and its impact on cybersecurity. Featuring Erick Galinkin, an esteemed AI expert, the discussion covers various topics, from Erick's AI security work at NVIDIA to recent AI-assisted threats affecting LastPass and healthcare facilities. Additionally, insights from Check Point's President on AI's evolving role in cybersecurity, as discussed in a December 2023 Fortune article, are shared. In the cyber spotlight, the team examines a XZ-style attack attempt on OpenJS, signaling a concerning development for the JavaScript community. The episode also includes a tool time segment featuring Malpedia, an extensive library of malware profiles, and a captivating data visualization project mapping out malware relationships. As usual, the show embraces a touch of self-promotion, providing updates on Censys' research into vulnerabilities affecting D-Link and Sisense. GreyNoise shares highlights from the recent NetNoiseCon event and discusses a command injection vulnerability in Palo Alto Networks' PAN-OS. We close it out with a tag roundup, spotlighting recent tags and active campaigns from GreyNoise's visualization tools. In addition, the episode offers a KEV roundup, summarizing the Known Exploited Vulnerabilities catalog from CISA, ensuring listeners are well-informed on current cybersecurity challenges. Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast = Hazy, with a 60% chance of KEV squals towards the end of the week. In this episode of Storm⚡Watch, we start by discussing Ivanti's CEO Jeff Abbott's pledge for a comprehensive security overhaul following a series of breaches linked to vulnerabilities, including CVE-2024-21894. We also explore Andres Freund's accidental heroism in uncovering a backdoor in Linux software, and delve into the vulnerability of D-Link NAS devices to remote code execution. Cybersecurity Frontlines: Ivanti's Pledge and Vulnerabilities Ivanti CEO Jeff Abbott has publicly committed to a comprehensive security overhaul following
a series of breaches linked to vulnerabilities in Ivanti's products. This episode will explore the
implications of Ivanti's new security initiatives and the recent discovery of critical
vulnerabilities, including CVE-2024-21894, a heap overflow vulnerability in Ivanti Connect Secure and Policy Secure. We'll discuss the company's promise to adopt a Secure-By-
Design ethos and the potential impact on the cybersecurity community. Andres Freund: The Accidental Hero
 Our Cyber Spotlight shines on Andres Freund, a software engineer whose routine
maintenance work led to the inadvertent discovery of a backdoor in a piece of Linux software
(XZ). This discovery potentially thwarted a major cyberattack, earning Freund accolades from
the tech community and a feature in The New York Times. We'll discuss the critical role of
open-source software maintainers in cybersecurity and the importance of vigilance in the
industry.
 D-Link NAS Devices Under Siege
 A significant threat looms over users of D-Link NAS devices as CVE-2024-3273, a remote
code execution vulnerability, is actively being exploited in the wild. With, perhaps, 92,000
devices at risk, we'll dissect the nature of the vulnerability, the hardcoded backdoor account,
and the command injection flaw that leaves these devices open to attack. We'll also cover the
steps D-Link has taken to address the issue and the importance of securing legacy devices.
 Shameless Self-Promotion: GreyNoise and Censys
 Don't miss our segment on GreyNoise and Censys, where we'll highlight their contributions to the cybersecurity field. GreyNoise's analysis of the D-Link NAS vulnerability and their
upcoming NetNoiseCon event are on the agenda, as well as Censys' Threat Hunting
Workshop in Philadelphia.
 Tag Round-Up: Vulnerability Alerts
 We'll wrap up with a rapid-fire rundown of recent vulnerability alerts, including a variety of
CVEs that have been identified and tagged for tracking. This segment will provide listeners
with a concise overview of the threats they should be aware of and the actions they can take
to protect their systems. Storm Watch Homepage >> Learn more about GreyNoise >>  

In this episode of Storm⚡️Watch, we cover a variety of cybersecurity topics, opening with a poignant tribute to Ross J. Anderson. Anderson's legacy is vast, with contributions spanning machine learning, cryptographic protocols, and digital rights advocacy. His seminal textbook, "Security Engineering," has been a cornerstone in the education of many in the field. His passing is a significant loss to the academic and security communities, leaving behind a legacy that will continue to influence for years to come. This week we are also joined by special guest Zach Hanley of Horizon3AI. Hanley shares his journey into cybersecurity and the founding of Horizon3AI, as well as insights into the innovative NodeZero platform. This platform aids organizations in focusing on safety and resilience, a crucial aspect in today's digital landscape. Hanley also discusses the three key challenges outlined in Horizon3AI's 2023 report, "Proactive Cybersecurity Unleashed," providing listeners with a glimpse into the ongoing struggles organizations face in cybersecurity. In the segment "Cyberside Chat: Big (Tech) Trouble In Little China," we cover recent sanctions by the United States Treasury Department on individuals linked to the Chinese hacking group APT31, known for targeting critical U.S. infrastructure. Additionally, we discuss the formation of a Water Sector Cybersecurity Task Force in response to threats from the Chinese hacking group Volt Typhoon, and the implications of China's revised state secrets law for U.S. tech firms operating in China. For those interested in the technical side of cybersecurity, we introduce "vulnerability lookup," a tool for fast vulnerability lookup correlation from different sources. This tool is a rewrite of cve-search and supports independent vulnerability ID management and coordinated vulnerability disclosure (CVD). As usual we wrap up with a roundup of recent tags and active campaigns and discuss the Known Exploited Vulnerabilities (KEV) catalog from CISA. Episode Slides >> Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast = Expect a whirlwind of patches with a strong chance of phishing fronts moving in. In this episode of Storm⚡️Watch, we're exploring a plethora of cybersecurity topics that are as turbulent as the weather itself. First is a lively discussion with Nate Warfield from Eclypsium, where we dive into the intricacies of supply chain and firmware safety. Eclypsium's research is pivotal in highlighting critical areas listeners should be aware of, especially concerning supply chain vulnerabilities and firmware-level threats. We're also taking a deep dive into their approach to analyzing CISA's KEV data to understand the dangers lurking within. This week's Cyberside Chat is equally stormy as we pull out the popcorn and preview the Big (Tech) Trouble In Little China, discussing the recent sanctions on APT31 hackers, and the implications of China's newly expanded "Work Secrets" Law. We're also touching upon China's attacks on British MPs and the ongoing U.S. vs. TikTok saga and its broader cybersecurity implications. Tool Time features a look at VulnCheck KEV & Community Extended KEV + NVD APIs, providing listeners with valuable resources for vulnerability management. And in a segment of Shameless Self-Promotion, we're highlighting GreyNoise's innovative approach to the future of honeypots. Our Tag Roundup offers insights into recent tags, active campaigns, and a sneak peek at IP Intention Analysis, ensuring you're up-to-date with the latest cybersecurity trends. The KEV Roundup discusses the latest entries in CISA's Known Exploited Vulnerabilities Catalog, a crucial resource for cybersecurity professionals. Closing the episode, we ponder the possibilities of other dimensions, asking our guests and listeners what they hope to see on the other side. Episode Slides >> Storm Watch Homepage >> Learn more about GreyNoise >>  

In this episode of Storm⚡️Watch we're bracing for a tempest of cybersecurity insights. The Cyberside Chat segment takes a deep dive into the Department of Justice's recent announcement regarding AI in crimes, signaling harsher sentences akin to weapon-enhanced offenses. We explore the implications of AI's double-edged sword in criminal justice, the DOJ's Justice AI initiative, and the broader Artificial Intelligence Strategy. We also discuss federal actions to regulate AI, including the Algorithmic Accountability Act of 2022, and the Executive Order on Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government. A study on AI-modified content in peer reviews at AI conferences is examined, highlighting the challenges of distinguishing AI-generated text from human-written content. In the Cyber Spotlight, we shine a light on the National Vulnerability Database (NVD) and its recent slowdown in updates. We discuss the implications for vulnerability management and the cybersecurity community's response, including NIST's efforts to form a consortium to address these issues. Tool Time introduces the Sunlight Certificate Transparency Log, a project aimed at enhancing the scalability and reliability of Certificate Transparency logs. We delve into the new tile-based architecture and its benefits for various stakeholders, including Certificate Authorities, CT monitors and auditors, web browsers, and security researchers. We also engage in some Shameless Self-Promotion, highlighting key insights from the 2024 State of Threat Hunting Report by Censys and tracking the aftermath of Atlassian's Confluence CVE-2023-22527 with GreyNoise. Our Tag Roundup covers recent tags and active campaigns, providing a snapshot of the current threat landscape. Finally, we wrap up the episode with our KEV Roundup, discussing the latest entries in CISA's Known Exploited Vulnerabilities Catalog, and close with a fun question about our dream fictional vehicles. Forecast = Expect a downpour of DDoS with a chance of ransomware gusts, and keep an umbrella handy for data breach drizzles. Episode Slides >> Storm Watch Homepage >> Learn more about GreyNoise >>  

In the latest episode of GreyNoise Labs Storm⚡️Watch, we delve into a meta-discussion that stems from an escalating feud between cybersecurity firm Rapid7 and software development company JetBrains over the disclosure of two critical vulnerabilities in JetBrains' TeamCity CI/CD platform.   The contention stems from differing approaches to vulnerability disclosure, leading to public disagreements and a series of attacks exploiting these vulnerabilities, identified as CVE-2024-27198 and CVE-2024-27199. On February 20, 2024, Rapid7 disclosed these vulnerabilities to JetBrains, highlighting the severity of CVE-2024-27198, which allows for a complete authentication bypass, potentially enabling attackers to perform administrative actions on the server and its host environment.   JetBrains criticized Rapid7 for what it perceived as an uncoordinated disclosure, arguing that Rapid7's immediate release of exploit examples enabled attackers of any skill level to quickly exploit the vulnerabilities. This dispute has led to a "land-rush like assault" from threat groups, with ransomware attacks exploiting these flaws for initial access. Despite the contention, JetBrains remains committed to its Coordinated Disclosure Policy, emphasizing the importance of collaboration and ethical responsibility in addressing vulnerabilities. Meanwhile, Rapid7 insists on following its disclosure policy, emphasizing the importance of public disclosure to prevent silent patching and ensure that patches are thoroughly vetted.   Joining us for a cyberside chat is GreyNoise's own Matthew Remacle, who shifts the focus from the feud to discuss silent patching, patch diffing, coordinated disclosure, and offers advice for budding cybersecurity professionals. For a comprehensive understanding of this issue, we reference discussions and analyses from various sources, including The Register, TechTarget, JetBrains' official blog, and Rapid7's blog, which provide insights into the vulnerabilities, the dispute, and the broader implications for cybersecurity practices and policies. Citations: https://www.techtarget.com/searchsecurity/news/366572432/Critical-JetBrains-TeamCity-vulnerabilities-under-attack https://blog.jetbrains.com/teamcity/2024/03/preventing-exploits-jetbrains-ethical-approach-to-vulnerability-disclosure/ https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/ https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/ https://news.ycombinator.com/item?id=39603074 https://www.splunk.com/en_us/blog/security/security-insights-jetbrains-teamcity-cve-2024-27198-and-cve-2024-27199.html https://therecord.media/jet-brains-advisory-teamcity-vulnerabilities https://forums.theregister.com/forum/all/2024/03/12/jetbrains_is_still_mad_at/ https://www.tenable.com/blog/cve-2024-27198-cve-2024-27199-two-authentication-bypass-vulnerabilities-in-jetbrains-teamcity https://www.theregister.com/2024/03/05/rapid7_jetbrains_vuln_disclosure_dispute/ https://thecyberexpress.com/jetbrains-vs-rapid7-vulnerability-disclosure/amp/ https://arcticwolf.com/resources/blog/2024-27198-and-cve-2024-27199/ https://securityaffairs.com/159995/security/jetbrains-teamcity-flaws.html https://securityboulevard.com/2024/03/jetbrains-says-rapid7s-fast-release-of-flaw-details-harmed-users/ https://socprime.com/blog/cve-2024-27198-and-cve-2024-27199-detection-critical-vulnerabilities-in-jetbrains-teamcity-pose-escalating-risks-with-exploits-underway/ https://www.cybersecuritydive.com/news/jetbrains-teamcity-vulnerabilities/709329/ https://www.cybersecuritydive.com/news/jetbrains-teamcity-exploited-disclosure/710017/ https://www.bankinfosecurity.com/jetbrains-teamcity-bugs-could-lead-to-server-takeover-a-24520 https://vulnera.com/newswire/critical-vulnerabilities-in-teamcity-pose-threat-to-software-supply-chain/

Forecast = Areal Cyber Flood Warning In this episode of Storm⚡️Watch we delve into a variety of cybersecurity topics that are essential for professionals in the field. The episode kicks off with a roundtable discussion, setting the stage for a deep dive into recent critical vulnerabilities in VMware's ESXi, as reported by SecurityWeek. We explore the history of VMware vulnerabilities, including the infamous log4j, and speculate on the company's future trajectory. The spotlight then shifts to Microsoft and the implications of Russia's breach of their systems, as well as the impact of the SEC's disclosure policies on Microsoft's transparency. This discussion is informed by reports from The Record and the SEC's official documentation. Our tool segment introduces listeners to aiocrioc, a project available on GitHub, and the work of James Brine, which can be found on his personal website. This tool represents the cutting edge of cybersecurity technology and is a must-know for industry professionals. We also touch on the resurgence of USB hacks by nation-states, a trend highlighted by Dark Reading, and discuss the implications of such low-tech yet effective attack vectors. In our self-promotion segment, we discuss Censys' insights on ConnectWise exposure and GreyNoise's own research on hunting for Fortinet's CVE-2024-21762. These resources are invaluable for cybersecurity practitioners looking to enhance their defensive strategies. The episode wraps up with a roundup of recent and active campaigns, as seen on GreyNoise's visualization trends, and a discussion on the Known Exploited Vulnerabilities (KEV) catalog from CISA, including the new KEV submission form available on the Federal Register. Episode Slides >> Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast = Partly Sunny With A Chance Of Catastrophic Haboobs In this episode of Storm⚡️Watch, we open with a critical discussion on the NSA's recent tracking of Chinese groups targeting Ivanti kit within the defense sector, as reported by TechCrunch. We also feature an in-depth analysis of JFrog's investigation into malicious AI/ML models on Huggingface, highlighting the silent backdoors that pose a threat to data scientists. We delve into the White House's "Back to the Building Blocks" technical report, shedding light on the administration's approach to cybersecurity. The conversation then shifts to the startling revelations of MQTT-based 3D printer hacks, specifically targeting Anycubic printers, as uncovered by Bitdefender. This segment underscores the importance of security in the rapidly growing field of 3D printing. We also explore the latest trends and active campaigns in cybersecurity, utilizing resources like GreyNoise's visualization tools and CISA's known exploited vulnerabilities catalog. Our episode concludes with a roundup of the most recent KEV updates and a discussion on the new submission form for actively exploited vulnerabilities, emphasizing the ongoing efforts to enhance cybersecurity response and reporting. Episode Slides >> Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast = Scattered Graupel Showers In this episode of Storm⚡️Watch, we delve into a series of critical cybersecurity events that have shaped the digital landscape recently. We kick off with by seeing which Disney Princess each co-host identifies with. This light-hearted opener transitions into a deep dive into the resurgence of the LockBit ransomware group, following significant arrests in Ukraine. The episode further explores the audacious claims and trolling by LockBitSupp, alongside a comprehensive summary by Brian Krebs and the response from Fulton County to the incident. The conversation then shifts to a massive Azure hack, dissecting the ongoing malicious campaign impacting Azure cloud environments. We scrutinize Senator Wyden's critical letter to CISA, DOJ, and FTC regarding Microsoft's handling of a breach in 2023, and Amit Yoran's scathing critique on LinkedIn, highlighting the severity of Microsoft's security practices. Additionally, we discuss Microsoft's decision to expand free logging capabilities post-breach, a move that has sparked widespread discussion within the cybersecurity community. UnitedHealth's recent hack, linked to the BlackCat ransomware, is another focal point, emphasizing the dire consequences for healthcare and the urgent calls for hospitals to disconnect from UnitedHealth's compromised pharmacy unit. This incident underscores the growing threats to the healthcare sector and the importance of robust cybersecurity measures. The episode also touches on the ominous implications of the I-SOON initiative, suggesting a bleak outlook for global cybersecurity. We wrap up with insights into the latest cybersecurity trends, active campaigns, and a roundup of known exploited vulnerabilities, courtesy of CISA.‍ Episode Slides >> Storm Watch Homepage >> Learn more about GreyNoise >>  

Forecast = Advanced Persistent Thunderstorms In this episode of Storm⚡️Watch, we dive deep into the evolving landscape of cybersecurity in 2024. The episode kicks off with a thought-provoking roundtable discussion, pondering the potential theme song of 2024, setting the tone for a year that's already shaping up to be full of significant cybersecurity developments. We then transition into a comprehensive analysis of recent cybersecurity events and trends that are shaping the digital world. First on the agenda is the international police operation that successfully disrupted the notorious Lockbit cybercrime gang, a significant victory in the ongoing battle against cybercrime. This is followed by an exploration of the Justice Department's court-authorized disruption of a botnet controlled by the Russian GRU, highlighting the global efforts to combat state-sponsored cyberthreats. The episode also delves into the discovery of new vulnerabilities within SolarWinds' software, some of which are unauthorized, underscoring the persistent challenges in securing widely used software platforms. The discussion then shifts to a series of high-profile hacks and leaks, including the Shanghai Anxun/I-SOON hack/leak and a significant state government leak and hack, illustrating the diverse nature of cyber threats facing organizations today. The episode emphasizes the critical need for security vendors to adopt Software Bill of Materials (SBOMs) and a resilient Software Development Life Cycle (SDLC), through the lens of Eclypsium's teardown of Ivanti. Additionally, the episode features Rezonate's guide to hardening Okta's security posture, offering practical advice for enhancing cybersecurity defenses. In company news, GreyNoise celebrates the appointment of a new CEO and shares insights from the Grimoire blog on CVE-2021-44529, further demonstrating the company's commitment to advancing cybersecurity knowledge. The episode concludes with a roundup of recent tags, active campaigns, and a discussion on the Known Exploited Vulnerabilities (KEV) catalog from CISA, providing listeners with a comprehensive overview of the current cybersecurity landscape and actionable insights for enhancing their security posture. Episode Slides >> Storm Watch Homepage >> Learn more about GreyNoise >>