Category: Attack Research | Page 3

January 29, 2024 | Attack Blogs

CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability.

January 23, 2024 | Attack Blogs

On January 22, 2024 Fortra posted a security advisory for their GoAnywhere MFT product. This advisory details an authentication bypass…

January 12, 2024 | Attack Blogs, Disclosures

Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to…

January 12, 2024 | Attack Blogs, Disclosures

Introduction Back in Aug. 2023 we released an advisory for CVE-2023-39143, a critical vulnerability that affects Windows installs of the…

January 9, 2024 | Attack Paths

Since introducing NTLM coercion techniques such as PetitPotam into the NodeZero platform, we frequently have security practitioners request help understanding…

December 8, 2023 | Attack Paths

Misconfigured AWS Role Enables Cloud Initial Access

December 1, 2023 | Attack Paths

Pervasive CISA Known Exploited Vulnerability Enables Initial Access

October 30, 2023 | Attack Blogs

Introduction This post is a follow up to https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-theory-crafting/. Previously, we explored the patch for CVE-2023-20273 and CVE-2023-20198 affecting Cisco…

Cisco IOS XE CVE-2023-20198 and CVE-2023-20273 WebUI Internals, Patch Diffs, and Theory Crafting

October 25, 2023 | Attack Blogs

Introduction There has been a lot of news around the recent Cisco IOS XE vulnerabilities CVE-2023-20198 and CVE-2023-2073. Information about…

October 25, 2023 | Attack Blogs, Disclosures

Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to…

Attack Research

Filter Content: