How NodeZero Enhances Cybersecurity

When the director of technology for a higher education organization went looking for a better way to identify and prioritize security weaknesses on the school’s servers and networks, his first interaction with Horizon3.ai and NodeZero started off with an impressive bang. “I wanted to see proof of concept, and Horizon3.ai solved one of our biggest security holes because of that PoC,”

Pen testers, vulnerability scanners, and installed agents alert on potential vulnerabilities and breaches. You receive a list, or a notification, and you respond. Ever wonder how much of your time and effort is being wasted fixing things that don’t actually matter?

Horizon3.ai Principal Security SME Stephen Gates and Intuitus Chief Technology Officer Brian Beckwith discuss:

– The greatest cyber threats to PSAP/911 services in municipalities across the US .
– Where attackers are focusing their efforts that could result in ransom-based demands.
– How Intuitus is taking a proactive approach to discover critical issues for their customers.

You can now fully assess the impact of phished credentials on your organization. Tune into this webinar to watch the NodeZero platform evaluating the blast radius of every phished credential as it comes in using the Phishing Impact test.

Horizon3.ai Principal Security SME Stephen Gates and Moravian University Director of Information Security James Beers discuss:

– How James measures cyber risk within their constantly changing educational environment
– What kinds of attacker TTPs are the most worrisome to organizations in higher education
– Why an offensive approach to discover and mitigate exploitable vulnerabilities works best

A NodeZero autonomous attack that leveraged two weaknesses to achieve domain compromise in 33 minutes, 9 seconds.

As enterprises continue to transition on-premises infrastructure and information systems to the cloud, hybrid cloud systems have emerged as a vital solution, balancing the benefits of both environments to optimize performance, scalability, and ease of change on users...

In early 2023, given some early success in auditing Fortinet appliances, I continued the effort and landed upon the Fortinet FortiSIEM. Several issues were discovered during this audit that ultimately lead to unauthenticated remote code execution in the context of the...

In November of 2023, preparing for a call for papers, I attempted to investigate the FortiSIEM patch for CVE-2023-34992. I kindly inquired with the PSIRT if I could have access to the most recent versions to some of their appliances to validate the patches, to which...

Business Wire 02/07/2024 Horizon3.ai, a pioneer in autonomous security solutions, today announced the launch of its first-to-market Phishing Impact test capability within NodeZero™. This new capability marks a significant... Read the entire article here

Business Wire 01/08/2024 Horizon3.ai, a leading provider of autonomous security solutions, today announced that Torie Runzel has joined as Vice President of People, effective immediately... Read the entire article here

Business Wire 12/21/2023 Horizon3.ai, a leading provider of autonomous security solutions, celebrated 2023, a break-out year in which the company was honored with numerous recognitions and prestigious honors... Read the entire article here

Horizon3.ai Principal Security SME Stephen Gates and Intuitus Chief Technology Officer Brian Beckwith discuss:

Horizon3.ai Principal Security SME Stephen Gates and Moravian University Director of Information Security James Beers discuss:

A NodeZero autonomous attack that leveraged two weaknesses to achieve domain compromise in 33 minutes, 9 seconds.

On February 27, 2024, Progress released a security advisory for OpenEdge, their application development and deployment platform suite. The advisory details that there exists an authentication bypass vulnerability which effects certain components of the OpenEdge platform. Our proof of concept can be found here. When the OpenEdge Authentication Gateway (OEAG) is configured with an OpenEdge Domain that uses the OS...

Introduction On February 19, 2023, ConnectWise published a security advisory for their ScreenConnect remote management tool. In the advisory, they describe two vulnerabilities, an authentication bypass with CVSS 10.0 and a path traversal with CVSS 8.4 (both currently without assigned CVE IDs). In this post we will dive into the technical details of the authentication bypass. You can view our POC...

Horizon3.ai Principal Security SME Stephen Gates and Moravian University Director of Information Security James Beers discuss: - How James measures cyber risk within their constantly changing educational environment - What kinds of attacker TTPs are the most worrisome to organizations in higher education - Why an offensive approach to discover and mitigate exploitable vulnerabilities works best

Introduction Memory safety issues have plagued the software industry for decades. The Cybersecurity & Infrastructure Security Agency (CISA) has been leading a charge for secure-by-design and encouraging developers and vendors to utilize memory safe languages like Rust to eradicate this vulnerability class. Google Chromium, the engine used by the majority of browsers around the world, reports that approximately 70% of...

On 22 January, Ivanti published an advisory stating that they discovered two new, high-severity vulnerabilities (CVE-2024-21888 and CVE-2024-21893) after researching previously reported vulnerabilities affecting Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways. Ivanti provides enterprise solutions, including patch management and IT security solutions to over 40,000 customers worldwide. While there is no evidence of any customers being impacted by...

Security Strategies

Industry Insights

Attack Research

Attack Content

Security Strategies

Industry Insights

Attack Research

Attack Content

Research Blog

Filters