GreyNoise Intelligence

🚨 New GreyNoise Research: Attacker Activity Often Comes Before the CVE. Full report: https://lnkd.in/e8CvNH9i What if the next vulnerability was already on your radar, weeks before disclosure? In 80 percent of cases we studied, attackers spiked exploitation activity against edge technologies within six weeks of a new CVE being published. That gives defenders a critical window to prepare. This new report breaks it down: Which vendors showed the clearest signals. Why spikes often reflect real exploits...not just scanning.  How to use this intel for early blocking, prioritization, and planning. #GreyNoise #Research #Data #ThreatIntel #Cybersecurity 

We’re honored that GreyNoise Intelligence was acknowledged in the latest joint cyber advisory from the NSA Cybersecurity Collaboration Center and partner agencies. The advisory recognizes contributions from a small group of organizations, including GreyNoise, AWS Security, Cisco, CrowdStrike, Google Mandiant, Microsoft, PwC, and others. Being included alongside these leaders is a meaningful milestone for our team. 📄 Read the full advisory here:  https://lnkd.in/dmwF8Ncx 📸 The acknowledgement section is highlighted in the attached image. #GreyNoise #Cybersecurity #ThreatIntelligence

Attackers Tip Their Hand Before New CVEs...Are You Paying Attention? Join boB Rudis, VP of Data Science + Noah Stone, Head of Content, on September 9 at 12pm ET as they unpack insights from our new report: Early Warning Signals: When Attacker Activity Precedes New Vulnerabilities. Research shows that in 80% of cases, attackers hit edge tech weeks before a CVE is announced. That gives defenders a six-week head start...if they know what to look for. 👀 Spot the signals. ⚡ Act before disclosure. 🛡️ Reduce risk while everyone else scrambles. Register today! https://lnkd.in/gSASztXi

30,000+ IPs hit Microsoft Remote Desktop on Aug 24 ➡️ Full analysis: https://lnkd.in/eRWivN9b On Aug 25, we published a blog on an earlier surge from Aug 21: nearly 2,000 unique IPs probing both Microsoft RD Web Access and RDP Web Client in lockstep (baseline is ~3-5/day). We confirmed 100% overlap between the two tags and the same client signature across sources. 🚨 New: We’ve since identified a much larger wave on Aug 24 — 30,000+ unique IPs hit both tags simultaneously, largely the same client signature scaled across LATAM consumer ISPs (Brazil-heavy) and targeting U.S. endpoints only. Uniform behavior at the HTTP and TCP layers is consistent with a centrally controlled scanner module mapping RDP authentication surfaces for account discovery (enumeration). Why it matters: enumeration data (what’s exposed, which usernames likely exist) fuels credential stuffing, password spraying, and future exploitation. #ThreatIntel #RDP #Cybersecurity #IncidentResponse #GreyNoise #SOC #VulnerabilityManagement #MicrosoftRDP

On August 21, GreyNoise observed nearly 2,000 malicious IPs probing Microsoft Remote Desktop (RDP) services in a single day — a sharp deviation from baseline activity. We break down what this spike means, the top source and target countries involved, and why defenders should pay attention. Read the full analysis on the GreyNoise blog: https://lnkd.in/eYkVYsb7 #ThreatIntel #RDP #Cybersecurity #GreyNoise #Analysis #RemoteDesktop

Over the weekend, one of our fave podcasters, boB Rudis, VP of Data Science, joined Dave Bittner on the N2K | CyberWire's Research Saturday podcast to talk about our latest report, Early Warning Signals: When Attacker Behavior Precedes New Vulnerabilities. 🔎 In 80% of cases, attackers start probing enterprise edge technologies like VPNs and firewalls weeks before related CVEs are disclosed. ➡️ Tune in to hear Bob break down how teams can get ahead of attackers and use early signals to strengthen defenses. 🎧 https://lnkd.in/exiYPwfR

Spikes in malicious activity can signal what’s coming next. 📈 Our latest research shows that in 80% of cases, a major jump in attacker scanning or exploitation was followed by a new CVE disclosure within six weeks. 📄 Download the report to see the full data and analysis → https://lnkd.in/gWyuZczP By detecting these spikes early, defenders can block malicious IPs, prioritize patching, and get ahead of new CVEs. #Cybersecurity #ThreatIntel #VulnerabilityManagement #GreyNoise #Blocklist #IPBlocking #Reconnaissance #CVE #Vulnerabilities #NetworkSecurity

On August 3, we observed the largest single-day spike in brute-force activity against Fortinet SSL VPNs in recent months — 782 unique IPs in one day. Further analysis revealed that a separate wave of activity, starting August 5, was tied to the same campaign and expanded to target additional Fortinet services. Read the full breakdown of what we saw, how we traced it, and why it matters for defenders: https://lnkd.in/eqDNGksw #Fortinet #Cybersecurity #ThreatIntel #BruteForce #GreyNoise #SSL #VPN

A big thank you to GreyNoise Intelligence for sponsoring #SuriCon2025 as a Community Partner! GreyNoise empowers defenders to work on the most urgent and critical threats without being overwhelmed by noisy, low-priority alerts. Thank you for supporting this year’s SuriCon! We can’t wait to see you in Montreal, Canada! Learn more about GreyNoise here! https://www.greynoise.io/

This month's NoiseLetter will make the perfect light reading for a trip to say...Vegas? Make sure to check it out (even if you're not headed to BlackHat/DEF CON there is something in it for you). 🤘