Horizon3.ai
Horizon3.ai

Research Blog

Welcome to our cybersecurity research blog where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.

Here you’ll find extensive research and insight from the well-known Horizon3.ai attack team, intuitive perspectives on everything security, and real-world attack path short stories that come directly from discoveries made by NodeZero.

Filters

Categories
Tags

Showing 73–78 of 161 results

CVE-2023-27524: Insecure Default Configuration in Apache Superset Leads to Remote Code Execution

Apache Superset is an open source data visualization and exploration tool. It has over 50K stars on GitHub, and there are more than 3000 instances of it exposed to the Internet. In our research, we found that a substantial portion of these servers – at least 2000 (two-thirds of all servers) – are running with a dangerous default configuration. As...
Read More

PaperCut CVE-2023-27350 Deep Dive and Indicators of Compromise

Overview On 8 March 2023, PaperCut released new versions for their enterprise print management software, which included patches for two vulnerabilities: CVE-2023-27350 and CVE-2023-27351. The PaperCut security advisory details CVE-2023-27350 as a vulnerability that may allow an attacker to achieve remote code execution to compromise the PaperCut application server. PaperCut also details in this advisory that they became aware of...
Read More

Veeam Backup and Replication CVE-2023-27532 Deep Dive

Introduction Veeam has recently released an advisory for CVE-2023-27532 for Veeam Backup and Replication which allows an unauthenticated user with access to the Veeam backup service (TCP 9401 by default) to request cleartext credentials. Others, including Huntress, Y4er, and CODE WHITE , have provided insight into this vulnerability. In this post, we hope to offer additional insights and release our...
Read More