Industry Intelligence

On April 12 (and then updated again on April 20), Palo Alto Networks released an advisory about a vulnerability in the PAN-OS® software that runs Palo Alto Networks® Next-Generation Firewalls (NGFWs).

Horizon3.ai Principal Security SME Stephen Gates and JTI Cybersecurity Principal Consultant Jon Isaacson discuss: - What JTI does to validate things like access control, data loss prevention, ransomware protection, and intrusion detection approaches. - How #pentesting and red team exercises allow orgs to validate the effectiveness of their security controls. - Why offensive operations work…

Demand for #pentesting expertise is at an all-time high, and many orgs are struggling to meet their annual requirements for the PCI DSS v4.0. This webinar explains how our services fulfill your pentesting requirements and help you streamline your remediation efforts.

Horizon3.ai Principal Security SME Stephen Gates and Intuitus Chief Technology Officer Brian Beckwith discuss: - The greatest cyber threats to PSAP/911 services in municipalities across the US . - Where attackers are focusing their efforts that could result in ransom-based demands. - How Intuitus is taking a proactive approach to discover critical issues for their…

You can now fully assess the impact of phished credentials on your organization. Tune into this webinar to watch the NodeZero platform evaluating the blast radius of every phished credential as it comes in using the Phishing Impact test.

Horizon3.ai Principal Security SME Stephen Gates and Moravian University Director of Information Security James Beers discuss: - How James measures cyber risk within their constantly changing educational environment - What kinds of attacker TTPs are the most worrisome to organizations in higher education - Why an offensive approach to discover and mitigate exploitable vulnerabilities works…

On 22 January, Ivanti published an advisory stating that they discovered two new, high-severity vulnerabilities (CVE-2024-21888 and CVE-2024-21893) after researching previously reported vulnerabilities affecting Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways. Ivanti provides enterprise solutions, including patch management and IT security solutions to over 40,000 customers worldwide. While there is no evidence of…

“Who cares that the intern was phished during our phishing campaign? It’s an intern, they don't have access to anything important."

On 24 January 2024, the Jenkins team issued a security advisory disclosing a critical vulnerability that affects the Jenkins CI/CD tool. Jenkins is a Java-based open-source automation server run by over 1 million users that helps developers build, test and deploy applications, enabling continuous integration and continuous delivery. The critical vulnerability is tracked as CVE-2024-23897…

On 22 January, Fortra issued an advisory stating that versions of its GoAnywhere Managed File Transfer (MFT) product suffer from an authentication bypass vulnerability.