Public University Uses NodeZero to Close Gaps, Prove Value of Cybersecurity Apr 11, 2023One of our customers, a public university in Victoria, British Columbia, is constantly looking for ways to improve their overall cybersecurity posture – and has started using NodeZero’s autonomous pentesting capabilities to keep their students, faculty, and data safe.
Regina International Airport Uses NodeZero to Close Gaps, Improve Efficiency Dec 15, 2022“…using toolsets like NodeZero, we determined where we have leakage and interaction between networks,” says Manager of Technology at Regina International Airport.
NodeZero: Testing for Exploitability of Palo Alto Networks CVE-2024-3400 Apr 25, 2024On April 12 (and then updated again on April 20), Palo Alto Networks released an advisory about a vulnerability in the PAN-OS® software that runs Palo Alto Networks® Next-Generation Firewalls (NGFWs).
Fireside Chat: Horizon3.ai and JTI Cybersecurity Apr 17, 2024Horizon3.ai Principal Security SME Stephen Gates and JTI Cybersecurity Principal Consultant Jon Isaacson discuss: – What JTI does to validate things like access control, data loss prevention, ransomware protection, and intrusion detection approaches. – How #pentesting and red team exercises allow orgs to validate the effectiveness of their security controls. – Why offensive operations work best to discover and mitigate exploitable vulnerabilities in their client’s infrastructures.
No waiting, no wondering: Streamline your PCI pentesting process with Horizon3.ai Apr 3, 2024Demand for #pentesting expertise is at an all-time high, and many orgs are struggling to meet their annual requirements for the PCI DSS v4.0. This webinar explains how our services fulfill your pentesting requirements and help you streamline your remediation efforts.
Apache ActiveMQ RCE Leads to Domain Compromise Pervasive CISA Known Exploited Vulnerability Enables Initial Access
CVE-2023-48788: Revisiting Fortinet FortiClient EMS to Exploit 7.2.X Jun 4, 2024Introduction Our last blog post on the FortiClient EMS SQL injection vulnerability, CVE-2023-48788, as it turns out only worked on 7.0.x versions. This article will discuss the differences in exploitation between FortiClient EMS's two mainline versions: 7.0.x and...
CVE-2024-23108: Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive May 28, 2024In November of 2023, preparing for a call for papers, I attempted to investigate the FortiSIEM patch for CVE-2023-34992. I kindly inquired with the PSIRT if I could have access to the most recent versions to some of their appliances to validate the patches, to which...
Exploiting File Read Vulnerabilities in Gradio to Steal Secrets from Hugging Face Spaces This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.
Horizon3.ai Unveils Rapid Response Service for Cyber Resilience Apr 30, 2024Business Wire 03/25/2024 Horizon3.ai, a pioneer in autonomous security solutions, today announced the launch of its Rapid Response service, now part of the NodeZero™ platform. This one-of-a-kind capability marks a significant advancement in autonomous penetration...
Horizon3.ai Garners Spot in 2024 CRN® Partner Program Guide Mar 25, 2024Business Wire 03/25/2024 Horizon3.ai, a pioneer in autonomous security solutions, has been honored by CRN®, a brand of The Channel Company, with inclusion in its 2024 Partner Program Guide. This annual guide provides essential information to solution providers...
Horizon3.ai Unveils Pentesting Services for Compliance Ahead of PCI DSS v4.0 Rollout Mar 5, 2024Business Wire 03/05/2024 Horizon3.ai, a pioneer in autonomous security solutions, today announced the availability of the Horizon3.ai Pentesting Services for Compliance. Horizon3.ai recognizes that demand for pentesting expertise is at an all-time high... Read the...
21 November Information Security ForumInformation Security Forum7:30 amOmni Boston Hotel at the Seaport
21 November Los Angeles Cybersecurity SummitLos Angeles Cybersecurity Summit8:00 amFairmont Century Plaza
21 November Are You Secure? Discover Actionable Security Insights with NodeZeroAre You Secure? Discover Actionable Security Insights with NodeZero9:40 amAMA Executive Conference Center
12 December Uncover Kubernetes Security Weaknesses with NodeZero™Uncover Kubernetes Security Weaknesses with NodeZero™1:00 pmZoom Webinar
Public University Uses NodeZero to Close Gaps, Prove Value of Cybersecurity Apr 11, 2023One of our customers, a public university in Victoria, British Columbia, is constantly looking for ways to improve their overall cybersecurity posture – and has started using NodeZero’s autonomous pentesting capabilities to keep their students, faculty, and data safe.
Regina International Airport Uses NodeZero to Close Gaps, Improve Efficiency Dec 15, 2022“…using toolsets like NodeZero, we determined where we have leakage and interaction between networks,” says Manager of Technology at Regina International Airport.
NodeZero: Testing for Exploitability of Palo Alto Networks CVE-2024-3400 Apr 25, 2024On April 12 (and then updated again on April 20), Palo Alto Networks released an advisory about a vulnerability in the PAN-OS® software that runs Palo Alto Networks® Next-Generation Firewalls (NGFWs).
Fireside Chat: Horizon3.ai and JTI Cybersecurity Apr 17, 2024Horizon3.ai Principal Security SME Stephen Gates and JTI Cybersecurity Principal Consultant Jon Isaacson discuss: – What JTI does to validate things like access control, data loss prevention, ransomware protection, and intrusion detection approaches. – How #pentesting and red team exercises allow orgs to validate the effectiveness of their security controls. – Why offensive operations work best to discover and mitigate exploitable vulnerabilities in their client’s infrastructures.
No waiting, no wondering: Streamline your PCI pentesting process with Horizon3.ai Apr 3, 2024Demand for #pentesting expertise is at an all-time high, and many orgs are struggling to meet their annual requirements for the PCI DSS v4.0. This webinar explains how our services fulfill your pentesting requirements and help you streamline your remediation efforts.
Apache ActiveMQ RCE Leads to Domain Compromise Pervasive CISA Known Exploited Vulnerability Enables Initial Access
CVE-2023-48788: Revisiting Fortinet FortiClient EMS to Exploit 7.2.X Jun 4, 2024Introduction Our last blog post on the FortiClient EMS SQL injection vulnerability, CVE-2023-48788, as it turns out only worked on 7.0.x versions. This article will discuss the differences in exploitation between FortiClient EMS's two mainline versions: 7.0.x and...
CVE-2024-23108: Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive May 28, 2024In November of 2023, preparing for a call for papers, I attempted to investigate the FortiSIEM patch for CVE-2023-34992. I kindly inquired with the PSIRT if I could have access to the most recent versions to some of their appliances to validate the patches, to which...
Exploiting File Read Vulnerabilities in Gradio to Steal Secrets from Hugging Face Spaces This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.
Horizon3.ai Unveils Rapid Response Service for Cyber Resilience Apr 30, 2024Business Wire 03/25/2024 Horizon3.ai, a pioneer in autonomous security solutions, today announced the launch of its Rapid Response service, now part of the NodeZero™ platform. This one-of-a-kind capability marks a significant advancement in autonomous penetration...
Horizon3.ai Garners Spot in 2024 CRN® Partner Program Guide Mar 25, 2024Business Wire 03/25/2024 Horizon3.ai, a pioneer in autonomous security solutions, has been honored by CRN®, a brand of The Channel Company, with inclusion in its 2024 Partner Program Guide. This annual guide provides essential information to solution providers...
Horizon3.ai Unveils Pentesting Services for Compliance Ahead of PCI DSS v4.0 Rollout Mar 5, 2024Business Wire 03/05/2024 Horizon3.ai, a pioneer in autonomous security solutions, today announced the availability of the Horizon3.ai Pentesting Services for Compliance. Horizon3.ai recognizes that demand for pentesting expertise is at an all-time high... Read the...
21 November Information Security ForumInformation Security Forum7:30 amOmni Boston Hotel at the Seaport
21 November Los Angeles Cybersecurity SummitLos Angeles Cybersecurity Summit8:00 amFairmont Century Plaza
21 November Are You Secure? Discover Actionable Security Insights with NodeZeroAre You Secure? Discover Actionable Security Insights with NodeZero9:40 amAMA Executive Conference Center
12 December Uncover Kubernetes Security Weaknesses with NodeZero™Uncover Kubernetes Security Weaknesses with NodeZero™1:00 pmZoom Webinar