GreyNoise Credits AI for Spotting Exploit Attempts on IoT Livestream Cams

November 1, 2024 at 09:30AM GreyNoise Intelligence reported that its internal AI tool identified attempts to exploit critical vulnerabilities in commercial livestream IoT cameras, enhancing security awareness in the IoT sector. This highlights the importance of AI in detecting potential threats. **Meeting Takeaways:** 1. **Internal AI Tool**: GreyNoise Intelligence has developed an internal AI tool … Read more

Unexplained ‘Noise Storms’ flood the Internet, puzzle experts

September 19, 2024 at 03:37PM GreyNoise, an internet intelligence firm, has been monitoring “Noise Storms” comprising spoofed internet traffic since January 2020, yet has been unable to determine their origin and purpose despite thorough analysis. Based on the meeting notes, it appears that the internet intelligence firm GreyNoise has been tracking large waves of “Noise … Read more

Mysterious “LOVE” packet storms flood the internet since 2020

September 19, 2024 at 10:02AM Internet intelligence firm GreyNoise has been tracking large waves of “Noise Storms” since January 2020, suspected to be covert communications, DDoS attack signals, or malware channels. These storms involve spoofed internet traffic and display peculiar characteristics, such as the presence of “LOVE” ASCII string in ICMP packets. GreyNoise seeks cybersecurity … Read more

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware

July 2, 2024 at 02:08AM Velvet Ant, a Chinese cyber espionage group, has exploited a zero-day flaw in Cisco NX-OS Software to deliver custom malware and gain control over compromised Cisco Nexus devices. This vulnerability, CVE-2024-20399, allows an attacker with administrator credentials to execute commands as root. The impacted devices include various Nexus switches. Additionally, … Read more

Hackers Target Vulnerability Found Recently in Long-Discontinued D-Link Routers

July 1, 2024 at 08:21AM Attackers are targeting a critical vulnerability (CVE-2024-0769) in discontinued D-Link DIR-859 WiFi routers, enabling remote exploitation without authentication and leaking sensitive information. A published exploit has already been observed in the wild, and mass exploitation is anticipated. D-Link urges owners to replace these devices, as they are no longer receiving … Read more

Recent SolarWinds Serv-U Vulnerability Exploited in the Wild

June 21, 2024 at 09:21AM Threat actors are exploiting a recently patched SolarWinds Serv-U vulnerability (CVE-2024-28995) using public proof-of-concept code, as reported by GreyNoise. The vulnerability allows unauthorized access to sensitive files on the host machine. Rapid7 published a technical writeup on successfully exploiting the issue, warning of its trivial exploitability. SolarWinds customers are urged … Read more

SolarWinds Serv-U Vulnerability Under Active Attack – Patch Immediately

June 21, 2024 at 05:24AM A high-severity flaw in SolarWinds Serv-U file transfer software (CVE-2024-28995, CVSS score: 8.6) allows attackers to read sensitive files. Security researcher Hussein Daher discovered the flaw, and a proof-of-concept exploit has been made available. Rapid7 described it as trivial to exploit. Users are urged to apply updates promptly to mitigate … Read more

SolarWinds Serv-U path-traversal flaw actively exploited in attacks

June 20, 2024 at 11:54AM Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability using publicly available proof-of-concept exploits. The CVE-2024-28995 flaw allows unauthenticated attackers to read arbitrary files from the filesystem. SolarWinds released a fix, but public exploits are available, making it crucial for administrators to apply the security updates promptly. Based on … Read more

Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars

April 12, 2024 at 07:36AM The recently disclosed D-Link NAS device vulnerabilities, assigned 2 identifiers, are being exploited, prompting D-Link to urge customers to replace affected devices. Exploitation attempts increased to 140 unique IPs, and Shadowserver Foundation reported seeing over 150 IPs attempting to exploit the vulnerabilities. GreyNoise reported roughly 5,500 impacted devices, while Shadowserver … Read more

Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks

April 9, 2024 at 02:15AM Security flaws in legacy D-Link NAS devices are being exploited by threat actors, impacting over 92,000 internet-exposed devices. The vulnerabilities allow arbitrary command execution, potentially leading to unauthorized access and denial-of-service conditions. No patches are expected, and users are advised to replace affected devices or firewall remote access. Attackers are … Read more