Resources
>
NoiseLetter

NoiseLetter January 2025

February 3, 2025
Check it outRead the case studyListen to the podcastView the webinarWatch the video

Summary

Coming at ya from what feels like January 72nd, we're finally wrapping up January with a packed NoiseLetter. From a relentless wave of security updates (including a zero-day vuln breakdown) to the introduction of our new "Suspicious" category, we’ve had a busy start to the year. Plus, with major security events on the horizon, there's a lot to cover, so buckle up, buttercups!

A̶n̶d̶r̶e̶w̶ Bob Unfiltered

GreyNoise Founder Andrew Morris gives his thoughts, hot-takes, and whatever else he feels like, but this month, Bob Rudis, VP of Data Science + Research, takes over and gives his thoughts.

Featured

2025-01-29 Update: GreyNoise has confirmed that some Mirai variants now exploit CVE-2024-40891, a critical zero-day command injection vulnerability in Zyxel CPE devices. The flaw, currently unpatched and undisclosed, allows attackers to execute arbitrary commands, leading to full system compromise. Over 1,500 vulnerable devices are online. GreyNoise collaborated with VulnCheck to verify detection accuracy and has published a tag to track exploitation.

Read More >>

Product Announcements

Check out these sick updates to GreyNoise, from our product + engineering team!  

  • The enhanced GNQL Search adds CMD + K access, arrow-key navigation, dynamic filters, and bulk IP search for faster, more intuitive queries.
  • Alerts v2 enables recurring alerts (hourly, daily, or weekly) for IPs, CVEs, tags, and GNQL queries, with email and web hook delivery for faster monitoring and seamless integration.
  • The improved IP Timeline enhances readability and adds a slider for quick, precise analysis of IP activity trends.
  • We've introduced a new IP classification: "Suspicious", providing clearer insights into early-stage threats by identifying IPs with potentially harmful behavior that don’t meet the "Malicious" threshold. Expect sharper visibility, with about half of previously "Unknown" traffic now labeled as "Suspicious."

Where to find us

  • GreyNoise University LIVE (Virtual | Feb 27) GreyNoise 101, now known as GreyNoise Univeristy LIVE is BACK! We are stoked to bring back this once-a-month webinar.  
  • HIMSS 25 (In-Person | Mar 4-6) Come see us at the Carasoft Booth for a demo + some swag! 
  • FutureCon LA (In-Person | March 20) We are proud to sponsor FutureCon LA! Come to booth for a demo and to chat with our team! 
  • RSA (In-Person | Apr 28 - May 1) We are excited to sponsor RSA this year! Come to booth  N-5148 in the North Hall for a demo and some RSA exclusive swag! 

Fresh Content

Recent Tags and Vulnerabilities

GreyNoise Labs released 56 tags during the month of January:

Community

  • Request a New GreyNoise Tag - We've just published a new page to allow our amazing community to submit tag requests to the GreyNoise team. 
  • Try our Free Account - Quickly identify noisy scanners and trending attacks with our free plan.
  • Join our Community Slack and Discord- We share intel, give real time updates, and the occasional Dad joke. 

Meme of the Month

*Have a joke you want included in the next NoiseLetter? Submit Your Joke >>

Not subscribed to our NoiseLetter? Subscribe here.

Coming at ya from what feels like January 72nd, we're finally wrapping up January with a packed NoiseLetter. From a relentless wave of security updates (including a zero-day vuln breakdown) to the introduction of our new "Suspicious" category, we’ve had a busy start to the year. Plus, with major security events on the horizon, there's a lot to cover, so buckle up, buttercups!

A̶n̶d̶r̶e̶w̶ Bob Unfiltered

GreyNoise Founder Andrew Morris gives his thoughts, hot-takes, and whatever else he feels like, but this month, Bob Rudis, VP of Data Science + Research, takes over and gives his thoughts.

Featured

2025-01-29 Update: GreyNoise has confirmed that some Mirai variants now exploit CVE-2024-40891, a critical zero-day command injection vulnerability in Zyxel CPE devices. The flaw, currently unpatched and undisclosed, allows attackers to execute arbitrary commands, leading to full system compromise. Over 1,500 vulnerable devices are online. GreyNoise collaborated with VulnCheck to verify detection accuracy and has published a tag to track exploitation.

Read More >>

Product Announcements

Check out these sick updates to GreyNoise, from our product + engineering team!  

  • The enhanced GNQL Search adds CMD + K access, arrow-key navigation, dynamic filters, and bulk IP search for faster, more intuitive queries.
  • Alerts v2 enables recurring alerts (hourly, daily, or weekly) for IPs, CVEs, tags, and GNQL queries, with email and web hook delivery for faster monitoring and seamless integration.
  • The improved IP Timeline enhances readability and adds a slider for quick, precise analysis of IP activity trends.
  • We've introduced a new IP classification: "Suspicious", providing clearer insights into early-stage threats by identifying IPs with potentially harmful behavior that don’t meet the "Malicious" threshold. Expect sharper visibility, with about half of previously "Unknown" traffic now labeled as "Suspicious."

Where to find us

  • GreyNoise University LIVE (Virtual | Feb 27) GreyNoise 101, now known as GreyNoise Univeristy LIVE is BACK! We are stoked to bring back this once-a-month webinar.  
  • HIMSS 25 (In-Person | Mar 4-6) Come see us at the Carasoft Booth for a demo + some swag! 
  • FutureCon LA (In-Person | March 20) We are proud to sponsor FutureCon LA! Come to booth for a demo and to chat with our team! 
  • RSA (In-Person | Apr 28 - May 1) We are excited to sponsor RSA this year! Come to booth  N-5148 in the North Hall for a demo and some RSA exclusive swag! 

Fresh Content

Recent Tags and Vulnerabilities

GreyNoise Labs released 56 tags during the month of January:

Community

  • Request a New GreyNoise Tag - We've just published a new page to allow our amazing community to submit tag requests to the GreyNoise team. 
  • Try our Free Account - Quickly identify noisy scanners and trending attacks with our free plan.
  • Join our Community Slack and Discord- We share intel, give real time updates, and the occasional Dad joke. 

Meme of the Month

*Have a joke you want included in the next NoiseLetter? Submit Your Joke >>

Not subscribed to our NoiseLetter? Subscribe here.

Read the transcript
Products
Partners
Resources
Company
© 2025 GreyNoise, Inc. All rights reserved.
YouTube logoJoin us on Slack!Discord logoTikTok logo
Cookie Settings
We use cookies to ensure you get the best experience on our website. Learn more
Got it