Resource Center

On September 10, 2024, Ivanti released a security advisory for a command injection vulnerability for it's Cloud Service Appliance (CSA) product. Initially, this CVE-2024-8190 seemed uninteresting to us given that Ivanti stated that it was an authenticated vulnerability. Shortly after on September 13, 2024, the vulnerability was added to CISA's Known Exploited Vulnerabilities (KEV). Given…

Update: 2024-09-16 We initially wrote this post in reference to CVE-2024-29847, however this post actually describes CVE-2023-28324. We had incorrectly assumed that the SU5 update was comprehensive which resulted in us mistaking CVE-2023-28324 for CVE-2024-29847. The content of this blog has been updated accordingly. Introduction Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution…

Explore how autonomous penetration testing with NodeZero helps organizations meet NIS 2 compliance by enhancing cybersecurity through scalable, efficient risk assessments.

In our groundbreaking 2023 Annual Review, Horizon3.ai delves into the transformative approach of autonomous pentesting with NodeZero. This pivotal document is your gateway to mastering proactive cybersecurity defense mechanisms.

This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.

This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.

Master cloud security with NodeZero™ Cloud Pentesting. Easily uncover vulnerabilities across AWS and Azure, prioritize identity risks, and secure your environment in just minutes. Stay ahead of threats.

In the evolving landscape of cloud and hybrid environments, robust security measures are more critical than ever. In this webinar Brad Hong, CISSP, explores autonomous pentesting methodologies and strategies that can help your organization take a more efficient and comprehensive approach to securing your entire digital infrastructure that embraces multiple cloud vendors.

NodeZero Cloud Pentesting offers autonomous, comprehensive pentests for cloud and hybrid environments, validating security policies and assessing risks from internal and external perspectives. It rigorously tests cloud security controls in AWS and Microsoft Azure Entra ID, identifying vulnerabilities, misconfigurations, and potential attack paths. This approach ensures thorough validation of security defenses and highlights connections between…

NodeZero Tripwires™ enhances threat detection and response by autonomously deploying decoys and monitoring for unauthorized access in high-risk areas. Integrated with NodeZero’s pentesting, it provides real-time alerts, minimizes false positives, and supports various tripwire types like AWS API keys and Windows Suspicious Process Monitors. Alerts are seamlessly integrated into existing security workflows, offering early detection…