Blogs

SEARCH

CATEGORIES

TAGS

    Ensuring Cybersecurity: Horizon3.ai’s Rapid Response Service in Action

    July 10, 2024
    How Horizon3.ai's Rapid Response Identified and Mitigated a Critical Mirth Connect Vulnerability A key consideration in cybersecurity is determining whether a known software vulnerability is actually exploitable. This often depends on how and where the at-risk software is deployed in your environment. To address the need to find what’s exploitable, Horizon3.ai developed and recently unveiled…

    Enhancing Vulnerability Management: Integrating Autonomous Penetration Testing

    June 17, 2024
    Traditional vulnerability scanning tools are enhanced with NodeZero's autonomous penetration testing, revolutionizing Vulnerability Management by providing comprehensive risk assessment, exploitability analysis, and cross-host vulnerability chaining, empowering organizations to prioritize and mitigate security weaknesses strategically.

    NodeZero: Testing for Exploitability of Palo Alto Networks CVE-2024-3400

    April 25, 2024
    On April 12 (and then updated again on April 20), Palo Alto Networks released an advisory about a vulnerability in the PAN-OS® software that runs Palo Alto Networks® Next-Generation Firewalls (NGFWs).

    CVE-2024-21893: Another Ivanti Vulnerability Exploited in the Wild. Verify with NodeZero Today!

    February 5, 2024
    On 22 January, Ivanti published an advisory stating that they discovered two new, high-severity vulnerabilities (CVE-2024-21888 and CVE-2024-21893) after researching previously reported vulnerabilities affecting Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways. Ivanti provides enterprise solutions, including patch management and IT security solutions to over 40,000 customers worldwide. While there is no evidence of…

    Gone Phishing: How an Intern’s Credentials can be a Gateway to Your Crown Jewels

    February 5, 2024
    “Who cares that the intern was phished during our phishing campaign? It’s an intern, they don't have access to anything important."

    CVE-2024-23897: Check Critical Jenkins Arbitrary File Leak Vulnerability Now!

    January 30, 2024
    On 24 January 2024, the Jenkins team issued a security advisory disclosing a critical vulnerability that affects the Jenkins CI/CD tool. Jenkins is a Java-based open-source automation server run by over 1 million users that helps developers build, test and deploy applications, enabling continuous integration and continuous delivery. The critical vulnerability is tracked as CVE-2024-23897…

    CVE-2024-0204: Check Critical Fortra GoAnywhere MFT Authentication Bypass with NodeZero™️ Now!

    January 24, 2024
    On 22 January, Fortra issued an advisory stating that versions of its GoAnywhere Managed File Transfer (MFT) product suffer from an authentication bypass vulnerability.

    NodeZero Updated With Attack Content for Critical Confluence RCE

    January 23, 2024
    On 16 January, Atlassian released a security advisory concerning CVE-2023-22527 that affects vulnerable out-of-date versions of Confluence Data Center and Server.

    Understanding the Actively-Exploited Ivanti CVE’s

    January 22, 2024
    Two recent Ivanti CVEs are being actively exploited by suspected nation-state threat actors.

    Insight – Holiday Threat Awareness 2023

    December 1, 2023
    Amidst the hustle and bustle of holiday preparations and last-minute shopping, cybercriminals often take advantage of the increased online activity and spending complacency of individuals and businesses...