In this episode of Storm Watch, the hosts discuss the recent Moveit vulnerability and its impact on various organizations. Kimber, a GreyNoise product manager, shares her background and role at the company. She started on the research team, now known as GreyNoise Labs, and transitioned to product management, where she focuses on packaging GreyNoise data to help users in their environments.
The Moveit vulnerability, which allows for unauthorized access to the database, was first reported in an advisory from Progress, the software vendor. The Grey Noise community quickly raised awareness of the issue, and the company published a blog post with their findings. They discovered scanning activity related to the vulnerability dating back to March, suggesting that organizations should review their systems for signs of compromise since then. Some victims, such as British Airways and Boots, have already disclosed their involvement.
The hosts also discuss the collaboration and information sharing among the cybersecurity community in response to the Moveit vulnerability. They highlight the importance of sharing remediation information and the quick response from various groups, including state governments. The GreyNoise community and other information sharing groups have played a crucial role in disseminating information and helping organizations stay safe.
Finally, Kimber teases an upcoming feature for GreyNoise users: the Labs Beta API platform. This platform will allow users to query the GreyNoise Labs dataset, including command and control (C2) IP addresses, popular IP address queries, and HTTP requests. While the dataset provided will be less than 10% of the full data, it still offers a significant amount of information for users to explore. The feature is expected to be released within the next two weeks.