Storm⚡️Watch by GreyNoise Intelligence
In this episode of Storm⚡️Watch, we kick off with our usual intros and roundtable discussion between co-hosts Kimber Duke, Emily Austin, Glenn Thorpe, and boB Rudis. The show continues with a celebration of the FBI's confirmation that ALPHV has, indeed, been taken down. Moving on, a significant development this week is the effective implementation date of new SEC cyber reporting rules. These rules mandate that companies report "material cybersecurity incidents" to their investors. The rules went into effect this week, and VF Corporation was one of the first to report under these new guidelines. VF Corporation suffered a significant cyberattack on December 13, 2023, which has had a major impact on its operations, particularly its ability to fulfill orders during the holiday rush. We also discuss the hot-off-the-presses Xfinity breach announcement. Looking ahead, we delve into our predictions for the cybersecurity landscape in 2024 (make sure to check out our companion blog post, "Weathering 2024: Storm Watch Predictions for the Year Ahead"). In Tool Time, we also discuss ZOOM's Vulnerability Impact Scoring System (VISS), a resource that helps organizations assess their vulnerability to cyber threats. In the realm of recent vulnerabilities, we review Censys's blog post about the JetBrains TeamCity Remote Code Execution (RCE) vulnerability (CVE-2023-42793). We also showcase a deep dive into the Apache Struts2 RCE vulnerability (CVE-2023-50164) in our blog post, "A Day in the Life of a GreyNoise Researcher." In another deep dive, Ron Bowes of GreyNoise Labs digs deep into F5 BIG-IP systems, where he explored how threat actors are baiting these systems. You can read all about those findings in our blog post, "Mining the Undiscovered Country with GreyNoise EAP Sensors: F5 BIG-IP Edition."
We note three new tags, including a WordPress Backup Migration RCE (CVE-2023-6553), the 3CX CRM SQL Injection (CVE-2023-49954), and the WuzhiCMS SQL Injection (CVE-2018-11528). Finally, we wrap up with a discussion on the CISA's recent advisories. The first is a design alert urging manufacturers to eliminate default passwords, aptly titled "NO KEV!" The second is a joint advisory on Play Ransomware, providing crucial information to help organizations protect themselves against this threat.