Resource Center

Welcome to our cybersecurity resource center where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.

LATEST VULNERABILITIES

WEBINAR REPLAY

SEARCH

CATEGORIES

TAGS

    Attack Paths

    Low-Level Credentials Can Get Big Gains

    July 26, 2023
    Combining Compromised Credentials Enables Domain Takeover
    Read More →
    Attack Paths

    Veeam CVE Leads to Full Compromise

    July 26, 2023
    Low-Level Vulnerability Leads to Domain Compromise
    Read More →
    Attack Paths

    You Can’t Manage Risk if You Lack Context

    June 29, 2023
    Low-Level Vulnerability Leads to Domain Compromise
    Read More →
    Video

    War Stories from 15K Pentests: With Log4shell, Vulnerable ≠ Exploitable

    In Horizon3.ai's three years of operation, we have conducted more than 15,000 pentests yielding results for our clients and data for our engineers. Join our CEO, Snehal Antani, for stories from the trenches. This month we'll take a look at the Log4shell example, and learn about how the distinction between being vulnerable and being exploitable…
    Watch Now →
    Blogs

    INSIGHT – MOVEit Zero-Day Reminds Us Yet Again to Be Diligent in Monitoring Our IT Infrastructure

    June 15, 2023
    Over the last week, the widely reported critical security flaw in the Progress MOVEit Transfer application (CVE-2023-34362) reminded us yet again to remain vigilant in securing our IT infrastructure from potential cyber threat actors.
    Read More →
    Attack Blogs

    MOVEit Transfer CVE-2023-34362 Deep Dive and Indicators of Compromise

    June 9, 2023
    On May 31, 2023, Progress released a security advisory for their MOVEit Transfer application which detailed a SQL injection leading to remote code execution and urged customers to update to the latest version. The vulnerability, CVE-2023-34362, at the time of release was believed to have been exploited in-the-wild as a 0-day dating back at least…
    Read More →
    Blogs

    Clients Want Assessments to Prove Service Efficacy

    June 5, 2023
    Gartner® recently published a report called, Emerging Tech: Grow Your Security Service Revenue with Cybersecurity Validations. We believe the report provides research from a buyer’s perspective on security services they purchase while offering guidance to MSPs and MSSPs on how to improve retention and upsell rates of the critical services they provide. So, what has…
    Read More →
    Blogs

    CISA’s Ransomware Vulnerability Awareness Pilot: But Is It Enough?

    May 31, 2023
    In early 2023, CISA launched their Ransomware Vulnerability Awareness Pilot (RVWP). It’s designed to warn critical infrastructure (CI) entities that their systems have exposed vulnerabilities that may be exploited by ransomware threat actors. The plan is to identify affected systems that may be prevalent in CI networks, then notify operators about potential risk of exploitation.…
    Read More →
    Video

    How an Attack Team Hunts New Exploits

    Hear directly from Zach Hanley, one of Horizon3.ai's founding engineers as he walks you through a recent critical vulnerability case study. He is joined on this session by Scott Friedman, one of our Sales Engineers.
    Watch Now →
    Video

    Introducing the New Face of NodeZero

    Hear directly from two of Horizon3.ai's founding engineers - Naveen Sunkavally, Chief Architect, and Rob Alderman, Data Architect - as they walk you through an exclusive tour of NodeZero's latest product refresh.
    Watch Now →
    New NodeZero Webinar