Storm⚡️Watch by GreyNoise Intelligence
In this episode of Storm⚡️Watch by GreyNoise Intelligence, we discuss the rumored takedown of the ALPHV/BlackCat ransomware site, which has been offline for days, fueling speculation that law enforcement may have finally caught up with the prolific ransomware group. We then delve into the North Korea-linked Lazarus Group's exploitation of the Log4j vulnerability in a global campaign targeting companies in the manufacturing, agriculture, and physical security sectors. This deep-dive Breaking News segment will shed some light on why attackers are still going after this two-year old weakness, and also discuss how attackers are using modern programming languages to gain efficiencies and thwart detections. In our Tool Time segment, we explore the AWS Kill Switch, an open-source incident response tool for quickly locking down AWS accounts and IAM roles during a security incident. Our Shameless Self-Promotion segment drops details on upcoming GreyNoise webinars, Censys' new service tier, and a GreyNoise Labs blog on use of GreyNoise EAP sensors for novel exploitation discovery for CVE-2023-47246. Along with our CISA KEV roundup we provide a short readout on their Fourth Quarter Cybersecurity Advisory Committee Meeting and new CISA, jointly published guide on "The Case for Memory Safe Roadmaps".