Blogs

SEARCH

CATEGORIES

TAGS

    Blogs

    Horizon3.ai Expands NodeZero to Include External Autonomous Pentesting

    June 1, 2022
    NodeZero is the first autonomous penetration testing platform to offer both internal and external pentesting in one self-service platform.
    Read More →
    External Penetration Testing with NodeZero
    Blogs

    Roundup: VMware Vulnerability Deep Dive and More

    May 27, 2022
    The Horizon3.ai Attack Team released their VMware Authentication Vulnerability (CVE-2022-22972) Technical Deep Dive.
    Read More →
    Man using a computer and laptop to code
    Blogs

    XorDDos sees significant spike in activity

    May 24, 2022
    XorDdos Is continuing to hunt servers with weak passwords. According to a recent post from Microsoft, there’s been a 254% increase in activity from XorDdos – an eight-year-old network of infected Linux machines used for DDoS attacks.
    Read More →
    Trojan Horse with letters numbers and symbols raining down
    Blogs

    Roundup: Awards, Education and M&A Cybersecurity

    May 20, 2022
    Horizon3.ai news, including an award nomination, plus cybersecurity updates for education and M&A.
    Read More →
    Learning Cybersecurity
    Blogs

    Log4Shell RCE Vulnerability in Apache Log4j: The Gift No One Wished For

    May 16, 2022
    The Log4Shell RCE vulnerability in Apache Log4j, CVE-2021-44228, dates to 2013 when Log4j 2.0-beta9 was released. An analysis of our pentesting data using NodeZero identified and provided proof of exploit for over 105 unique instances of the CVE within our customers’ environments.
    Read More →
    Woman unhappy with Log4shell Vulnerability
    Blogs

    Horizon3.ai Researchers Able to Create Exploit for Critical F5 BIG-IP Flaw

    May 10, 2022
    It took just two days for a pair of researchers from Horizon3.ai to discover exploits for the new F5 BIG-IP vulnerability, and have called for devices to be immediately updated to protect against bad actors.
    Read More →
    F5 Big-IP Vulnerability - F5 Logo inside of a electric orb
    Blogs

    World Password Day: Credentialed attacks by the numbers

    May 5, 2022
    It’s World Password Day, but it’s never a bad time to think about credential security and usage. Credentialed attacks are the most popular means of entry into any digital infrastructure, and remain the easiest method of reconnaissance and privilege escalation for bad actors. With some of the most sophisticated open-source attack tools to date, it’s…
    Read More →
    Wall of Keys - World Password Day
    Blogs

    “And Then, My EDR Just Watched It Happen”

    April 18, 2022
    Learn how NodeZero empowers customers to run continuous penetration tests to find vulnerabilities from an attacker’s perspective, to verify fixes after remediation, and hold the EDR and the rest of the security stack accountable for delivering on their capabilities as designed.
    Read More →
    Security guard on his phone
    Blogs

    The Industry Standard Model is the Vulnerability

    February 11, 2022
    Which is more valuable to you; the ability to identify a problem, or the ability to solve the problem? There is a plethora of vulnerability scanning tools that do a decent job identifying vulnerabilities. Unfortunately, those tools rarely discern the possible from the exploitable.
    Read More →
    Proven successful security model vs old industry standard
    Blogs

    Credential Misconfigurations

    October 25, 2021
    Are your credential policies implemented right? Are your enterprise accounts configured correctly? How do you know? Most phishing, ransomware, and credential attacks start by gaining access to a host and compromising a domain user (Credential Attacks – Horizon3.ai). With a credential in hand, an attacker can persist and pervade, appearing like a legitimate user and…
    Read More →
    Credential Misconfigurations - Abstract cubes that don't fit together properly.