Resource Center

In early 2023, CISA launched their Ransomware Vulnerability Awareness Pilot (RVWP). It’s designed to warn critical infrastructure (CI) entities that their systems have exposed vulnerabilities that may be exploited by ransomware threat actors. The plan is to identify affected systems that may be prevalent in CI networks, then notify operators about potential risk of exploitation.…

Hear directly from Zach Hanley, one of Horizon3.ai's founding engineers as he walks you through a recent critical vulnerability case study. He is joined on this session by Scott Friedman, one of our Sales Engineers.

Hear directly from two of Horizon3.ai's founding engineers - Naveen Sunkavally, Chief Architect, and Rob Alderman, Data Architect - as they walk you through an exclusive tour of NodeZero's latest product refresh.

Apache Superset is an open source data visualization and exploration tool. It has over 50K stars on GitHub, and there are more than 3000 instances of it exposed to the Internet. In our research, we found that a substantial portion of these servers - at least 2000 (two-thirds of all servers) - are running with…

Overview On 8 March 2023, PaperCut released new versions for their enterprise print management software, which included patches for two vulnerabilities: CVE-2023-27350 and CVE-2023-27351. The PaperCut security advisory details CVE-2023-27350 as a vulnerability that may allow an attacker to achieve remote code execution to compromise the PaperCut application server. PaperCut also details in this advisory…

One of our customers, a public university in Victoria, British Columbia, is constantly looking for ways to improve their overall cybersecurity posture – and has started using NodeZero’s autonomous pentesting capabilities to keep their students, faculty, and data safe.

Introduction Veeam has recently released an advisory for CVE-2023-27532 for Veeam Backup and Replication which allows an unauthenticated user with access to the Veeam backup service (TCP 9401 by default) to request cleartext credentials. Others, including Huntress, Y4er, and CODE WHITE , have provided insight into this vulnerability. In this post, we hope to offer…

On 10 March, Silicon Valley Bank (SVB) – a popular institution for the venture capital community in the Bay area – failed when venture capitalists (VCs) quickly started to pull money out of the 40-year-old bank, causing federal regulators to step in and shut its doors before more damage could be done. These are the…

"Trust but verify" is a well-known proverb, but in today's cybersecurity world, we recommend just verifying. That concept is the underlying theme for our latest episode featuring . Alex is the Customer Success Lead at . He has extensive experience in intelligence roles with the US Military and Government. Horizon3.ai's mission is to help you…

On September 13, 2022, a new Kerberos vulnerability was published on the Microsoft Security Response Center's security site.  It's labeled as a Windows Kerberos Elevation of Privilege vulnerability and given the CVE ID CVE-2022-33679.  The MSRC page acknowledges James Forshaw of Google Project Zero for the disclosure and James published a detailed technical write-up of…