Storm⚡️Watch by GreyNoise Intelligence
In this episode of Storm⚡️Watch, we cover a variety of cybersecurity topics, opening with a poignant tribute to Ross J. Anderson. Anderson's legacy is vast, with contributions spanning machine learning, cryptographic protocols, and digital rights advocacy. His seminal textbook, "Security Engineering," has been a cornerstone in the education of many in the field. His passing is a significant loss to the academic and security communities, leaving behind a legacy that will continue to influence for years to come.
This week we are also joined by special guest Zach Hanley of Horizon3AI. Hanley shares his journey into cybersecurity and the founding of Horizon3AI, as well as insights into the innovative NodeZero platform. This platform aids organizations in focusing on safety and resilience, a crucial aspect in today's digital landscape. Hanley also discusses the three key challenges outlined in Horizon3AI's 2023 report, "Proactive Cybersecurity Unleashed," providing listeners with a glimpse into the ongoing struggles organizations face in cybersecurity.
In the segment "Cyberside Chat: Big (Tech) Trouble In Little China," we cover recent sanctions by the United States Treasury Department on individuals linked to the Chinese hacking group APT31, known for targeting critical U.S. infrastructure. Additionally, we discuss the formation of a Water Sector Cybersecurity Task Force in response to threats from the Chinese hacking group Volt Typhoon, and the implications of China's revised state secrets law for U.S. tech firms operating in China.
For those interested in the technical side of cybersecurity, we introduce "vulnerability lookup," a tool for fast vulnerability lookup correlation from different sources. This tool is a rewrite of cve-search and supports independent vulnerability ID management and coordinated vulnerability disclosure (CVD).
As usual we wrap up with a roundup of recent tags and active campaigns and discuss the Known Exploited Vulnerabilities (KEV) catalog from CISA.