Patched ≠ Remediated: Healthcare Faces an Aggressive Threat Landscape Sep 12, 2022One of our clients, a leading U.S. hospital and healthcare system, consistently earns high marks for clinical excellence and is among the top 10 percent in the nation for patient safety. Recognizing the growing cybersecurity threats to healthcare organizations and importance of importance of maintaining compliance with regulatory standards like HIPAA, PCI, and other privacy rules, the organization’s IT staff worked hard to ensure a strong security posture.
Healthcare Staffing Organization Puts Cybersecurity Best Practices in Place with NodeZero Aug 31, 2022The director of security engineering at a national healthcare staffing organization found that NodeZero’s a perfect fit for keeping his organization safe.
CVE-2024-23897: Check Critical Jenkins Arbitrary File Leak Vulnerability Now! Jan 30, 2024On 24 January 2024, the Jenkins team issued a security advisory disclosing a critical vulnerability that affects the Jenkins CI/CD tool. Jenkins is a Java-based open-source automation server run by over 1 million users that helps developers build, test and deploy...
CVE-2024-0204: Check Critical Fortra GoAnywhere MFT Authentication Bypass with NodeZero™️ Now! Jan 24, 2024On 22 January, Fortra issued an advisory stating that versions of its GoAnywhere Managed File Transfer (MFT) product suffer from an authentication bypass vulnerability.
NodeZero Updated With Attack Content for Critical Confluence RCE Jan 23, 2024On 16 January, Atlassian released a security advisory concerning CVE-2023-22527 that affects vulnerable out-of-date versions of Confluence Data Center and Server.
CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Deep Dive Mar 21, 2024Introduction In a recent PSIRT, Fortinet acknowledged CVE-2023-48788 - a SQL injection in FortiClient EMS that can lead to remote code execution. FortiClient EMS is an endpoint management solution for enterprises that provides a central location for administering...
Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty” Mar 14, 2024Early in 2023, soon after reproducing a remote code execution vulnerability for the Fortinet FortiNAC, I was on the hunt for a set of new research targets. Fortinet seemed like a decent place to start given the variety of lesser-known security appliances I had noticed...
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive In early 2023, given some early success in auditing Fortinet appliances, I continued the effort and landed upon the Fortinet FortiSIEM. Several issues were discovered during this audit that ultimately lead to unauthenticated remote code execution in the context of the...
Horizon3.ai Recognized as a Fastest-Growing Cybersecurity Company on the Fortune Cyber 60 List Dec 18, 2023Business Wire 12/18/2023 Horizon3.ai, a leading provider of autonomous security solutions, today announced that it has been named to the Fortune Cyber 60 2023 list. The Fortune Cyber 60 is a new listing of the most important venture-backed startups that offer...
Horizon3.ai NodeZero™ Autonomous Pentesting Users Saved $325K+/Year in Improved SecOps Productivity, and Third-party Pentesting and Vulnerability Scanner Costs, Independent Study Shows Oct 26, 2023Business Wire 10/26/2023 Horizon3.ai, a leading provider of autonomous security solutions, today announced the findings from a commissioned study, “The Total Economic ImpactTM of the NodeZero Platform, October 2023,” performed by Forrester Consulting...... Read the...
NodeZero From Horizon3.ai Wins “Pentesting Solution of The Year” in 2023 CyberSecurity Breakthrough Awards Program, Security Today’s “Platinum New Products of the Year-Pentesting” Awards Oct 5, 2023Business Wire 10/05/2023 Horizon3.ai, a leading provider of autonomous security solutions, today announced that its NodeZero™ autonomous pentesting solution has been named winner of the CyberSecurity Breakthrough Award and Security Today’s New Products of the Year...
21 November Information Security ForumInformation Security Forum7:30 amOmni Boston Hotel at the Seaport
12 December Uncover Kubernetes Security Weaknesses with NodeZero™Uncover Kubernetes Security Weaknesses with NodeZero™1:00 pmZoom Webinar
Patched ≠ Remediated: Healthcare Faces an Aggressive Threat Landscape Sep 12, 2022One of our clients, a leading U.S. hospital and healthcare system, consistently earns high marks for clinical excellence and is among the top 10 percent in the nation for patient safety. Recognizing the growing cybersecurity threats to healthcare organizations and importance of importance of maintaining compliance with regulatory standards like HIPAA, PCI, and other privacy rules, the organization’s IT staff worked hard to ensure a strong security posture.
Healthcare Staffing Organization Puts Cybersecurity Best Practices in Place with NodeZero Aug 31, 2022The director of security engineering at a national healthcare staffing organization found that NodeZero’s a perfect fit for keeping his organization safe.
CVE-2024-23897: Check Critical Jenkins Arbitrary File Leak Vulnerability Now! Jan 30, 2024On 24 January 2024, the Jenkins team issued a security advisory disclosing a critical vulnerability that affects the Jenkins CI/CD tool. Jenkins is a Java-based open-source automation server run by over 1 million users that helps developers build, test and deploy...
CVE-2024-0204: Check Critical Fortra GoAnywhere MFT Authentication Bypass with NodeZero™️ Now! Jan 24, 2024On 22 January, Fortra issued an advisory stating that versions of its GoAnywhere Managed File Transfer (MFT) product suffer from an authentication bypass vulnerability.
NodeZero Updated With Attack Content for Critical Confluence RCE Jan 23, 2024On 16 January, Atlassian released a security advisory concerning CVE-2023-22527 that affects vulnerable out-of-date versions of Confluence Data Center and Server.
CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Deep Dive Mar 21, 2024Introduction In a recent PSIRT, Fortinet acknowledged CVE-2023-48788 - a SQL injection in FortiClient EMS that can lead to remote code execution. FortiClient EMS is an endpoint management solution for enterprises that provides a central location for administering...
Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty” Mar 14, 2024Early in 2023, soon after reproducing a remote code execution vulnerability for the Fortinet FortiNAC, I was on the hunt for a set of new research targets. Fortinet seemed like a decent place to start given the variety of lesser-known security appliances I had noticed...
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive In early 2023, given some early success in auditing Fortinet appliances, I continued the effort and landed upon the Fortinet FortiSIEM. Several issues were discovered during this audit that ultimately lead to unauthenticated remote code execution in the context of the...
Horizon3.ai Recognized as a Fastest-Growing Cybersecurity Company on the Fortune Cyber 60 List Dec 18, 2023Business Wire 12/18/2023 Horizon3.ai, a leading provider of autonomous security solutions, today announced that it has been named to the Fortune Cyber 60 2023 list. The Fortune Cyber 60 is a new listing of the most important venture-backed startups that offer...
Horizon3.ai NodeZero™ Autonomous Pentesting Users Saved $325K+/Year in Improved SecOps Productivity, and Third-party Pentesting and Vulnerability Scanner Costs, Independent Study Shows Oct 26, 2023Business Wire 10/26/2023 Horizon3.ai, a leading provider of autonomous security solutions, today announced the findings from a commissioned study, “The Total Economic ImpactTM of the NodeZero Platform, October 2023,” performed by Forrester Consulting...... Read the...
NodeZero From Horizon3.ai Wins “Pentesting Solution of The Year” in 2023 CyberSecurity Breakthrough Awards Program, Security Today’s “Platinum New Products of the Year-Pentesting” Awards Oct 5, 2023Business Wire 10/05/2023 Horizon3.ai, a leading provider of autonomous security solutions, today announced that its NodeZero™ autonomous pentesting solution has been named winner of the CyberSecurity Breakthrough Award and Security Today’s New Products of the Year...
21 November Information Security ForumInformation Security Forum7:30 amOmni Boston Hotel at the Seaport
12 December Uncover Kubernetes Security Weaknesses with NodeZero™Uncover Kubernetes Security Weaknesses with NodeZero™1:00 pmZoom Webinar
