How NodeZero Enhances Cybersecurity

NodeZero identified those critical few vulnerabilities that are actually exploitable, allowing us to maximize increased security with minimum effort.

As the Information Technology Security Officer for the City of St. Petersburg, FL, Brian Campbell is always on the lookout for ways to elevate the city’s security posture. A cold phone call from Horizon3.ai led to a test run of NodeZero, with its capacity to save time and effort assessing and addressing potential weaknesses.

The NodeZero™ platform helps organizations improve SecOps productivity and save on third-party pentest & vulnerability scanner costs. Learn how in the commissioned Forrester Consulting Total Economic Impact™ study. Download the Study

Join this dynamic conversation with Guest Forrester Consultant Luca Son and Horizon3.ai CEO and Co-Founder Snehal Antani. Our featured speakers will explore the findings of the new The Total Economic Impact™ (TEI) of the NodeZero Platform, a study Horizon3.ai commissioned from Forrester Consulting.

You’ll learn about:
The challenges these security teams hoped faced with costly, limited manual pentesting and false positives from vulnerability scanners

The transformation of their cybersecurity programs with NodeZero, including 30% operations time savings, 95% reduction of third-party pentesting costs, and 65% reduction of vulnerability scanning costs

How the Forrester methodology was used to quantify $809K in benefits and a return of $1.63 in value for every dollar spent on NodeZero

Stephen Gates, Principal Security SME at Horizon3.ai and Art Ocain, CISO and Strategic Alliances Management at Airiam discuss:

– Why there is a growing demand for Managed Resiliency Services in todays’ enterprises.
– What Airiam does to help clients improve their business resiliency against cyberattacks.
– How NodeZero™ reduces vulnerabilities by ~50% across Airiam’s entire client base.

Low-Level Vulnerability Leads to Domain Compromise

Introduction On February 19, 2023, ConnectWise published a security advisory for their ScreenConnect remote management tool. In the advisory, they describe two vulnerabilities, an authentication bypass with CVSS 10.0 and a path traversal with CVSS 8.4 (both currently...

NodeZero APT: Azure Password Spray to Business Email Compromise

NextChat a.k.a ChatGPT-Next-Web, a popular Gen AI ChatBot, is vulnerable to a critical server-side request forgery (SSRF) vulnerability.

Businesswire 03/14/2023 Horizon3.ai, a leading cybersecurity firm specializing in autonomous penetration testing, today launched a major product refresh, doubling down on its commitment to help organizations continuously verify their security posture. Read the entire...

Businesswire 02/07/2023 Proactive Risk, a leading provider of technology risk management solutions, is excited to announce that it has joined the Horizon3.ai Partner Program as an Authorized Service Provider. Read the entire article here

Businesswire 02/02/2023 Horizon3.ai, a leading cybersecurity firm focused on autonomous penetration testing, today issued, “Year in Review 2022: Through the Eyes of the Attacker,” its inaugural edition of the cybersecurity threatscape. Read the entire article...

NodeZero identified those critical few vulnerabilities that are actually exploitable, allowing us to maximize increased security with minimum effort.

You’ll learn about:
The challenges these security teams hoped faced with costly, limited manual pentesting and false positives from vulnerability scanners

How the Forrester methodology was used to quantify $809K in benefits and a return of $1.63 in value for every dollar spent on NodeZero

Stephen Gates, Principal Security SME at Horizon3.ai and Art Ocain, CISO and Strategic Alliances Management at Airiam discuss:

Low-Level Vulnerability Leads to Domain Compromise

NodeZero APT: Azure Password Spray to Business Email Compromise

NextChat a.k.a ChatGPT-Next-Web, a popular Gen AI ChatBot, is vulnerable to a critical server-side request forgery (SSRF) vulnerability.

Amidst the hustle and bustle of holiday preparations and last-minute shopping, cybercriminals often take advantage of the increased online activity and spending complacency of individuals and businesses...

Stephen Gates, Principal Security SME at Horizon3.ai and Calvin Engen, Chief Technology Officer, and Managing Partner of F12.net discuss: - Why there is a such growing demand for managed cybersecurity services. - What’s helping F12 clients meet and exceed cybersecurity standards and best practices. - Where Calvin thinks the security industry is headed and what technologies stand out. - How...

Introduction This post is a follow up to https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-theory-crafting/. Previously, we explored the patch for CVE-2023-20273 and CVE-2023-20198 affecting Cisco IOS XE and identified some likely vectors an attacker might have used to exploit these vulnerabilities. Now, thanks to SECUINFRA FALCON TEAM’s honeypot, we have further insight into these vulnerabilities. POC See below for an example request that bypasses authentication...

Introduction There has been a lot of news around the recent Cisco IOS XE vulnerabilities CVE-2023-20198 and CVE-2023-2073. Information about this vulnerability was first published by Cisco on October 16th, 2023, and since then we have seen evidence of mass exploitation and implantation. In this post we share our technical insights so far into these vulnerabilities. Cisco IOS XE Architecture...

Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability, CVE-2023-43208. If you’re a user of Mirth Connect, you’ll want to upgrade to the latest patch release, 4.4.1, as of this writing.

Introduction This report is a follow up to https://www.horizon3.ai/vmware-vrealize-log-insight-vmsa-2023-0001-technical-deep-dive/. Earlier this year we reported the technical details for VMSA-2023-0001 affecting VMware Aria Operations for Logs (formerly VMware vRealize Log Insight). In that report, we showed how an attacker could use three different CVEs to achieve remote code execution. During the course of that investigation, we noticed the fix provided by...

Security Strategies

Industry Insights

Attack Research

Attack Content

Security Strategies

Industry Insights

Attack Research

Attack Content

Research Blog

Filters