Blogs
SEARCH
CATEGORIES
TAGS
Roundup: VMware Vulnerability Deep Dive and More
May 27, 2022
The Horizon3.ai Attack Team released their VMware Authentication Vulnerability (CVE-2022-22972) Technical Deep Dive.
XorDDos sees significant spike in activity
May 24, 2022
XorDdos Is continuing to hunt servers with weak passwords. According to a recent post from Microsoft, there’s been a 254% increase in activity from XorDdos – an eight-year-old network of infected Linux machines used for DDoS attacks.
Roundup: Awards, Education and M&A Cybersecurity
May 20, 2022
Horizon3.ai news, including an award nomination, plus cybersecurity updates for education and M&A.
Log4Shell RCE Vulnerability in Apache Log4j: The Gift No One Wished For
May 16, 2022
The Log4Shell RCE vulnerability in Apache Log4j, CVE-2021-44228, dates to 2013 when Log4j 2.0-beta9 was released. An analysis of our pentesting data using NodeZero identified and provided proof of exploit for over 105 unique instances of the CVE within our customers’ environments.
Horizon3.ai Researchers Able to Create Exploit for Critical F5 BIG-IP Flaw
May 10, 2022
It took just two days for a pair of researchers from Horizon3.ai to discover exploits for the new F5 BIG-IP vulnerability, and have called for devices to be immediately updated to protect against bad actors.
World Password Day: Credentialed attacks by the numbers
May 5, 2022
It’s World Password Day, but it’s never a bad time to think about credential security and usage. Credentialed attacks are the most popular means of entry into any digital infrastructure, and remain the easiest method of reconnaissance and privilege escalation for bad actors. With some of the most sophisticated open-source attack tools to date, it’s…
“And Then, My EDR Just Watched It Happen”
April 18, 2022
Learn how NodeZero empowers customers to run continuous penetration tests to find vulnerabilities from an attacker’s perspective, to verify fixes after remediation, and hold the EDR and the rest of the security stack accountable for delivering on their capabilities as designed.
The Industry Standard Model is the Vulnerability
February 11, 2022
Which is more valuable to you; the ability to identify a problem, or the ability to solve the problem? There is a plethora of vulnerability scanning tools that do a decent job identifying vulnerabilities. Unfortunately, those tools rarely discern the possible from the exploitable.
Credential Misconfigurations
October 25, 2021
Are your credential policies implemented right? Are your enterprise accounts configured correctly? How do you know? Most phishing, ransomware, and credential attacks start by gaining access to a host and compromising a domain user (Credential Attacks – Horizon3.ai). With a credential in hand, an attacker can persist and pervade, appearing like a legitimate user and…
Be Open to Be Wow’d
July 29, 2021
Being a #learnitall, Lesson 1: Be Open to Be Wow’d Most of the startup advice out there is pretty clear: get feedback early and often. Customer input is invaluable to delivering iter0, your MVP, feature releases that matter, bug fixes, utility and simplicity. In Customer Success, a lot of the job is review and advise so…