In the Storm Watch episode the hosts were joined by Matthew Remacle, aka Remy, a detection engineer at GreyNoise. They discussed the recent surge in zero-day vulnerabilities, which they dubbed "zero-day summer," and how it seems to occur every year before the Blackhat conference. Remy shared his role at GreyNoise, where he analyzes network traffic to write tags or signatures for malicious, benign, and unknown network traffic to identify behaviors on the internet.
The hosts also talked about recent vulnerabilities in ColdFusion and Citrix ADC servers, emphasizing the importance of patching these systems. They mentioned Mandiant's report on North Korean threat actors leveraging JumpCloud in supply chain compromises and the potential unauthenticated API access in Avanti, a mobile device management platform.
Additionally, they discussed GreyNoise's new threat hunting guide, which provides a comprehensive overview of the history, key components, and future of threat hunting. Kimber mentioned the increasing popularity of the term "threat hunting" and how it has evolved into a legitimate job role. The hosts also touched on the use of AI in threat hunting, with Bob mentioning a recently released AI threat hunting platform.
The hosts concluded by discussing the steady increase in known exploited vulnerabilities cataloged by CISA, emphasizing the importance of addressing these vulnerabilities and patching systems.