Resource Center

Teaching hospital insisted on false positive when NodeZero exploited a critical but year-old vulnerability in under one day, but…

It isn’t enough to have to have the security solution. A medical clinic with over 120 providers used best-in-class endpoint detection and response
(EDR) software. Nevertheless, NodeZero quickly identified a device’s Local Security Authority Subsystem Service Process (LSASS), dump and
cracked user credentials, moved laterally, and gained Windows Domain Administrator privileges. The result: full domain rights.

Amidst the hustle and bustle of holiday preparations and last-minute shopping, cybercriminals often take advantage of the increased online activity and spending complacency of individuals and businesses…

Stephen Gates, Principal Security SME at Horizon3.ai and Calvin Engen, Chief Technology Officer, and Managing Partner of F12.net discuss:

– Why there is a such growing demand for managed cybersecurity services.
– What’s helping F12 clients meet and exceed cybersecurity standards and best practices.
– Where Calvin thinks the security industry is headed and what technologies stand out.
– How F12 is currently using the Horizon3.ai NodeZero platform in their service offerings.

Low-Level Vulnerability Leads to Domain Compromise

Introduction Memory safety issues have plagued the software industry for decades. The Cybersecurity & Infrastructure Security Agency (CISA) has been leading a charge for secure-by-design and encouraging developers and vendors to utilize memory safe languages like...

CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability.

Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability, CVE-2023-43208. If you’re a user of Mirth Connect, you’ll want to upgrade to the latest patch release, 4.4.1, as of this writing.

Businesswire: 12/01/2022 Horizon3.ai, a leading cybersecurity firm focused on autonomous penetration testing, announced its vendor profile is now available to Amazon Web Services (AWS) customers to automate and simplify the software risk assessment process. Read the...

Businesswire: 10/20/22 NodeZero was named a winner for its ability to continuously assess an enterprise's internal and external attack surface, and how it reveals the many ways in which an attacker could leverage harvested credentials, misconfigurations, dangerous...

Businesswire: 10/13/22 The SDC Awards recognize and reward products and services that are the foundation for digital transformation. NodeZero has been named a ‘Cloud Security Innovation of the Year’ finalist. NodeZero was selected for its impact on the market and...

Teaching hospital insisted on false positive when NodeZero exploited a critical but year-old vulnerability in under one day, but…

Stephen Gates, Principal Security SME at Horizon3.ai and Calvin Engen, Chief Technology Officer, and Managing Partner of F12.net discuss:

Low-Level Vulnerability Leads to Domain Compromise

CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability.

VSA Cybersecurity Award 2024

In early 2023, given some early success in auditing Fortinet appliances, I continued the effort and landed upon the Fortinet FortiSIEM. Several issues were discovered during this audit that ultimately lead to unauthenticated remote code execution in the context of the root user. The vulnerabilities were assigned CVE-2023-34992 with a CVSS3.0 score of 10.0 given that the access allowed reading...

In this webinar. Horizon3.ai cybersecurity expert Brad Hong covers our new Rapid Response service.

In an increasingly interconnected world, where digital technologies infiltrate every aspect of society, vulnerabilities in these systems can be exploited by malicious actors to disrupt emergency services, compromise sensitive information, or even endanger lives.

2024 Cloud Security Awards

2024 Cybersecurity Excellence Awards

Security Strategies

Industry Insights

Attack Research

Attack Content

Security Strategies

Industry Insights

Attack Research

Attack Content

Resource Center

Filters