Resource Center

Hear directly from two of Horizon3.ai’s founding engineers – Naveen Sunkavally, Chief Architect, and Rob Alderman, Data Architect – as they walk you through an exclusive tour of NodeZero’s latest product refresh.

On 10 March, Silicon Valley Bank (SVB) – a popular institution for the venture capital community in the Bay area – failed when venture capitalists (VCs) quickly started to pull money out of the 40-year-old bank, causing federal regulators to step in and shut its doors before more damage could be done. These are the perfect conditions for threat actors to steal several million dollars (and perhaps much more!).

My friends tell me it’s in vogue these days for pentesters to write up walk-throughs of challenge boxes from Hack The Box. So I decided to get into the game, starting with a machine called Blue. I hear it’s one of the easiest boxes on the platform. Nonetheless, I hope...

Introduction This post is a follow up to https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-theory-crafting/. Previously, we explored the patch for CVE-2023-20273 and CVE-2023-20198 affecting Cisco IOS XE and identified some likely vectors an attacker might have used...

Introduction There has been a lot of news around the recent Cisco IOS XE vulnerabilities CVE-2023-20198 and CVE-2023-2073. Information about this vulnerability was first published by Cisco on October 16th, 2023, and since then we have seen evidence of mass...

Summary CVE-2023-39143 is a critical vulnerability we disclosed to PaperCut that affects the widely used PaperCut NG/MF print management software. It affects PaperCut NG/MF running on Windows, prior to version 22.1.3. If you are a user of PaperCut on Windows, and have...

Introduction In a recent PSIRT, Fortinet acknowledged CVE-2023-48788 – a SQL injection in FortiClient EMS that can lead to remote code execution. FortiClient EMS is an endpoint management solution for enterprises that provides a central location for administering enrolled endpoints. This SQL injection vulnerability is caused by user controlled strings that are passed directly into database queries. In this post...

Early in 2023, soon after reproducing a remote code execution vulnerability for the Fortinet FortiNAC, I was on the hunt for a set of new research targets. Fortinet seemed like a decent place to start given the variety of lesser-known security appliances I had noticed while searching for the FortiNAC firmware. The first target I landed on was the Fortinet...

Horizon3.ai Principal Security SME Stephen Gates and Intuitus Chief Technology Officer Brian Beckwith discuss: - The greatest cyber threats to PSAP/911 services in municipalities across the US . - Where attackers are focusing their efforts that could result in ransom-based demands. - How Intuitus is taking a proactive approach to discover critical issues for their customers.

NextChat a.k.a ChatGPT-Next-Web, a popular Gen AI ChatBot, is vulnerable to a critical server-side request forgery (SSRF) vulnerability.

You can now fully assess the impact of phished credentials on your organization. Tune into this webinar to watch the NodeZero platform evaluating the blast radius of every phished credential as it comes in using the Phishing Impact test.

On February 27, 2024, Progress released a security advisory for OpenEdge, their application development and deployment platform suite. The advisory details that there exists an authentication bypass vulnerability which effects certain components of the OpenEdge platform. Our proof of concept can be found here. When the OpenEdge Authentication Gateway (OEAG) is configured with an OpenEdge Domain that uses the OS...

Security Strategies

Industry Insights

Attack Research

No Results Found

Attack Content

No Results Found

Security Strategies

Industry Insights

Attack Research

No Results Found

Attack Content

No Results Found

Resource Center

Filters