How NodeZero Enhances Cybersecurity

One of our customers, a public university in Victoria, British Columbia, is constantly looking for ways to improve their overall cybersecurity posture – and has started using NodeZero’s autonomous pentesting capabilities to keep their students, faculty, and data safe.

“…using toolsets like NodeZero, we determined where we have leakage and interaction between networks,” says Manager of Technology at Regina International Airport.

How Horizon3.ai's Rapid Response Identified and Mitigated a Critical Mirth Connect Vulnerability A key consideration in cybersecurity is determining whether a known software vulnerability is actually exploitable. This often depends on how and where the at-risk...

Traditional vulnerability scanning tools are enhanced with NodeZero’s autonomous penetration testing, revolutionizing Vulnerability Management by providing comprehensive risk assessment, exploitability analysis, and cross-host vulnerability chaining, empowering organizations to prioritize and mitigate security weaknesses strategically.

In this webinar. Horizon3.ai cybersecurity expert Brad Hong covers our new Rapid Response service.

Misconfigured AWS Role Enables Cloud Initial Access

Introduction Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that allows for centralized management of devices within an organization. On May 24, 2024, ZDI and Ivanti released an advisory describing a SQL injection resulting in remote code...

Introduction Our last blog post on the FortiClient EMS SQL injection vulnerability, CVE-2023-48788, as it turns out only worked on 7.0.x versions. This article will discuss the differences in exploitation between FortiClient EMS's two mainline versions: 7.0.x and...

This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.

Business Wire 05/21/2024 Horizon3.ai, a leader in autonomous security solutions, is pleased to announce the appointments of Erick Dean as Vice President of Product Management and Drew Mullen as Vice President of Revenue Operations. These key executive hires underscore...

Business Wire 05/02/2024 Horizon3.ai, a leading provider of autonomous security solutions, today announced the appointment of Matt Hartley as Chief Revenue Officer (CRO), effective immediately.Hartley brings over 20 years of sales and operations excellence with a...

Business Wire 03/25/2024 Horizon3.ai, a pioneer in autonomous security solutions, today announced the launch of its Rapid Response service, now part of the NodeZero™ platform. This one-of-a-kind capability marks a significant advancement in autonomous penetration...

“…using toolsets like NodeZero, we determined where we have leakage and interaction between networks,” says Manager of Technology at Regina International Airport.

In this webinar. Horizon3.ai cybersecurity expert Brad Hong covers our new Rapid Response service.

Misconfigured AWS Role Enables Cloud Initial Access

This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.

In early 2023, given some early success in auditing Fortinet appliances, I continued the effort and landed upon the Fortinet FortiSIEM. Several issues were discovered during this audit that ultimately lead to unauthenticated remote code execution in the context of the root user. The vulnerabilities were assigned CVE-2023-34992 with a CVSS3.0 score of 10.0 given that the access allowed reading...

In this webinar. Horizon3.ai cybersecurity expert Brad Hong covers our new Rapid Response service.

On April 12 (and then updated again on April 20), Palo Alto Networks released an advisory about a vulnerability in the PAN-OS® software that runs Palo Alto Networks® Next-Generation Firewalls (NGFWs).

Horizon3.ai Principal Security SME Stephen Gates and JTI Cybersecurity Principal Consultant Jon Isaacson discuss: - What JTI does to validate things like access control, data loss prevention, ransomware protection, and intrusion detection approaches. - How #pentesting and red team exercises allow orgs to validate the effectiveness of their security controls. - Why offensive operations work best to discover and mitigate...

Demand for #pentesting expertise is at an all-time high, and many orgs are struggling to meet their annual requirements for the PCI DSS v4.0. This webinar explains how our services fulfill your pentesting requirements and help you streamline your remediation efforts.

Introduction In a recent PSIRT, Fortinet acknowledged CVE-2023-48788 – a SQL injection in FortiClient EMS that can lead to remote code execution. FortiClient EMS is an endpoint management solution for enterprises that provides a central location for administering enrolled endpoints. This SQL injection vulnerability is caused by user controlled strings that are passed directly into database queries. In this post...

Security Strategies

Industry Insights

Attack Research

Attack Content

Security Strategies

Industry Insights

Attack Research

Attack Content

Research Blog

Filters