Blogs
SEARCH
CATEGORIES
TAGS
CVE-2024-0204: Check Critical Fortra GoAnywhere MFT Authentication Bypass with NodeZero™️ Now!
January 24, 2024
On 22 January, Fortra issued an advisory stating that versions of its GoAnywhere Managed File Transfer (MFT) product suffer from an authentication bypass vulnerability.
NodeZero Updated With Attack Content for Critical Confluence RCE
January 23, 2024
On 16 January, Atlassian released a security advisory concerning CVE-2023-22527 that affects vulnerable out-of-date versions of Confluence Data Center and Server.
Understanding the Actively-Exploited Ivanti CVE’s
January 22, 2024
Two recent Ivanti CVEs are being actively exploited by suspected nation-state threat actors.
Insight – Holiday Threat Awareness 2023
December 1, 2023
Amidst the hustle and bustle of holiday preparations and last-minute shopping, cybercriminals often take advantage of the increased online activity and spending complacency of individuals and businesses...
INSIGHT – MOVEit Zero-Day Reminds Us Yet Again to Be Diligent in Monitoring Our IT Infrastructure
June 15, 2023
Over the last week, the widely reported critical security flaw in the Progress MOVEit Transfer application (CVE-2023-34362) reminded us yet again to remain vigilant in securing our IT infrastructure from potential cyber threat actors.
Clients Want Assessments to Prove Service Efficacy
June 5, 2023
Gartner® recently published a report called, Emerging Tech: Grow Your Security Service Revenue with Cybersecurity Validations. We believe the report provides research from a buyer’s perspective on security services they purchase while offering guidance to MSPs and MSSPs on how to improve retention and upsell rates of the critical services they provide. So, what has…
CISA’s Ransomware Vulnerability Awareness Pilot: But Is It Enough?
May 31, 2023
In early 2023, CISA launched their Ransomware Vulnerability Awareness Pilot (RVWP). It’s designed to warn critical infrastructure (CI) entities that their systems have exposed vulnerabilities that may be exploited by ransomware threat actors. The plan is to identify affected systems that may be prevalent in CI networks, then notify operators about potential risk of exploitation.…
Silicon Valley Bank (SVB) Failure Could Signal a Rise in Business E-mail Compromise (BEC)
March 15, 2023
On 10 March, Silicon Valley Bank (SVB) – a popular institution for the venture capital community in the Bay area – failed when venture capitalists (VCs) quickly started to pull money out of the 40-year-old bank, causing federal regulators to step in and shut its doors before more damage could be done. These are the…
Journey to Secure
February 13, 2023
A series following Horizon3.ai teammate Brian Marr's “journey to secure” - detailing the logic and items that he uses to understand the business, current security state, and leadership visions for building an internal security program.
Chaining and Reusing Credentials
February 2, 2023
Attackers don’t need to hack in – they log in. This is why we believe Credentials are the new RCE.