Silicon Valley Bank (SVB) Failure Could Signal a Rise in Business E-mail Compromise (BEC) Mar 15, 2023On 10 March, Silicon Valley Bank (SVB) – a popular institution for the venture capital community in the Bay area – failed when venture capitalists (VCs) quickly started to pull money out of the 40-year-old bank, causing federal regulators to step in and shut its doors before more damage could be done. These are the perfect conditions for threat actors to steal several million dollars (and perhaps much more!).
Journey to Secure Feb 13, 2023A series following Horizon3.ai teammate Brian Marr’s “journey to secure” – detailing the logic and items that he uses to understand the business, current security state, and leadership visions for building an internal security program.
Hack the Box: Blue My friends tell me it’s in vogue these days for pentesters to write up walk-throughs of challenge boxes from Hack The Box. So I decided to get into the game, starting with a machine called Blue. I hear it’s one of the easiest boxes on the platform. Nonetheless, I hope...
Cisco IOS XE CVE-2023-20198: Deep Dive and POC Oct 30, 2023Introduction This post is a follow up to https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-theory-crafting/. Previously, we explored the patch for CVE-2023-20273 and CVE-2023-20198 affecting Cisco IOS XE and identified some likely vectors an attacker might have used...
Cisco IOS XE CVE-2023-20198 and CVE-2023-20273: WebUI Internals, Patch Diffs, and Theory Crafting Oct 25, 2023Introduction There has been a lot of news around the recent Cisco IOS XE vulnerabilities CVE-2023-20198 and CVE-2023-2073. Information about this vulnerability was first published by Cisco on October 16th, 2023, and since then we have seen evidence of mass...
CVE-2023-39143: PaperCut Path Traversal/File Upload RCE Vulnerability Summary CVE-2023-39143 is a critical vulnerability we disclosed to PaperCut that affects the widely used PaperCut NG/MF print management software. It affects PaperCut NG/MF running on Windows, prior to version 22.1.3. If you are a user of PaperCut on Windows, and have...
21 November Information Security ForumInformation Security Forum7:30 amOmni Boston Hotel at the Seaport
21 November Are You Secure? Discover Actionable Security Insights with NodeZeroAre You Secure? Discover Actionable Security Insights with NodeZero9:40 amAMA Executive Conference Center
12 December Uncover Kubernetes Security Weaknesses with NodeZero™Uncover Kubernetes Security Weaknesses with NodeZero™1:00 pmZoom Webinar
Silicon Valley Bank (SVB) Failure Could Signal a Rise in Business E-mail Compromise (BEC) Mar 15, 2023On 10 March, Silicon Valley Bank (SVB) – a popular institution for the venture capital community in the Bay area – failed when venture capitalists (VCs) quickly started to pull money out of the 40-year-old bank, causing federal regulators to step in and shut its doors before more damage could be done. These are the perfect conditions for threat actors to steal several million dollars (and perhaps much more!).
Journey to Secure Feb 13, 2023A series following Horizon3.ai teammate Brian Marr’s “journey to secure” – detailing the logic and items that he uses to understand the business, current security state, and leadership visions for building an internal security program.
Hack the Box: Blue My friends tell me it’s in vogue these days for pentesters to write up walk-throughs of challenge boxes from Hack The Box. So I decided to get into the game, starting with a machine called Blue. I hear it’s one of the easiest boxes on the platform. Nonetheless, I hope...
Cisco IOS XE CVE-2023-20198: Deep Dive and POC Oct 30, 2023Introduction This post is a follow up to https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-theory-crafting/. Previously, we explored the patch for CVE-2023-20273 and CVE-2023-20198 affecting Cisco IOS XE and identified some likely vectors an attacker might have used...
Cisco IOS XE CVE-2023-20198 and CVE-2023-20273: WebUI Internals, Patch Diffs, and Theory Crafting Oct 25, 2023Introduction There has been a lot of news around the recent Cisco IOS XE vulnerabilities CVE-2023-20198 and CVE-2023-2073. Information about this vulnerability was first published by Cisco on October 16th, 2023, and since then we have seen evidence of mass...
CVE-2023-39143: PaperCut Path Traversal/File Upload RCE Vulnerability Summary CVE-2023-39143 is a critical vulnerability we disclosed to PaperCut that affects the widely used PaperCut NG/MF print management software. It affects PaperCut NG/MF running on Windows, prior to version 22.1.3. If you are a user of PaperCut on Windows, and have...
21 November Information Security ForumInformation Security Forum7:30 amOmni Boston Hotel at the Seaport
21 November Are You Secure? Discover Actionable Security Insights with NodeZeroAre You Secure? Discover Actionable Security Insights with NodeZero9:40 amAMA Executive Conference Center
12 December Uncover Kubernetes Security Weaknesses with NodeZero™Uncover Kubernetes Security Weaknesses with NodeZero™1:00 pmZoom Webinar
