Horizon3.ai
Horizon3.ai

Attack Research

Filters

Tags
Reset

Showing 19–24 of 76 results

Rust Won’t Save Us: An Analysis of 2023’s Known Exploited Vulnerabilities

February 6, 2024 |

Introduction Memory safety issues have plagued the software industry for decades. The Cybersecurity & Infrastructure Security Agency (CISA) has been leading a charge for secure-by-design and encouraging developers and vendors to utilize memory safe languages like Rust to eradicate this vulnerability class.  Google Chromium, the engine used by the majority of browsers around the world, reports that approximately 70% of...
Read More

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive

January 23, 2024 |

On January 22, 2024 Fortra posted a security advisory for their GoAnywhere MFT product. This advisory details an authentication bypass vulnerability, CVE-2024-0204, that allows an unauthenticated attacker to create an administrative user for the application. Customers were made aware of the issue by an internal security advisory post and patch made available on December 4, 2023, in which researchers malcolm0x...
Read More

Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability

January 12, 2024 | ,

Introduction Back in Aug. 2023 we released an advisory for CVE-2023-39143, a critical vulnerability that affects Windows installs of the PaperCut NG/MF print management software. Attackers can exploit this vulnerability to download and delete arbitrary files, and in certain common configurations upload files, leading to remote code execution. This vulnerability was patched in PaperCut version 22.1.3 in July 2023. This...
Read More

The Elephant In the Room – NTLM Coercion and Understanding Its Impact

January 9, 2024 |

Since introducing NTLM coercion techniques such as PetitPotam into the NodeZero platform, we frequently have security practitioners request help understanding these techniques and what impact they have to their enterprise. There is a lack of concise resources to inform Blue Teams on how these techniques work, and clearly distinguishing them from other misconfigurations/vulnerabilities in the attack chain – particularly the...
Read More

How can NodeZero help you?

Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.

Schedule a Demo