Resource Center
Welcome to our cybersecurity resource center where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.
LATEST VULNERABILITIES
WEBINAR REPLAY
SEARCH
CATEGORIES
TAGS
FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
October 13, 2022
Fortinet recently patched a critical authentication bypass vulnerability in their FortiOS, FortiProxy, and FortiProxySwitchManager projects (CVE-2022-40684). This vulnerability gives an attacker the ability to login as an administrator on the effected system. To demonstrate the vulnerability in this writeup, we will be using FortiOS version 7.2.1
Putting Your Security to the Test with NodeZero
Putting Your Security to the Test with NodeZero with Anthony Pillitiere and Clayton Dillard / CEO Legion Cyberworks.
What is Zero Trust – and How NodeZero Can Help
October 13, 2022
Zero Trust. Everyone’s talking about it, but what does it truly mean, and how can you prove that your organization is using a Zero Trust model effectively?
FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass IOCs (CVE-2022-40684)
October 11, 2022
Introduction The recent FortiOS / FortiProxy / FortiSwitchManager CVE has been reportedly exploited in the wild. We would like to provide additional insight into the vulnerability so users can begin to determine if they have been compromised. In this post we discuss enabling logging and IOCs for FortiOS 7.2.1. These steps will likely work on…
Vulnerable ≠ Exploitable: A lesson on prioritization
September 13, 2022
Pen testers, vulnerability scanners, and installed agents alert on potential vulnerabilities and breaches. You receive a list, or a notification, and you respond. Ever wonder how much of your time and effort is being wasted fixing things that don’t actually matter?
Patched ≠ Remediated: Healthcare Faces an Aggressive Threat Landscape
September 12, 2022
One of our clients, a leading U.S. hospital and healthcare system, consistently earns high marks for clinical excellence and is among the top 10 percent in the nation for patient safety. Recognizing the growing cybersecurity threats to healthcare organizations and importance of importance of maintaining compliance with regulatory standards like HIPAA, PCI, and other privacy…
Are Your Kubernetes Clusters Configured Properly?
August 31, 2022
Researchers recently discovered some 900,000 Kubernetes clusters that were potentially exposed to malicious scans and data theft during a threat-hunting exercise.
Healthcare Staffing Organization Puts Cybersecurity Best Practices in Place with NodeZero
August 31, 2022
The director of security engineering at a national healthcare staffing organization found that NodeZero’s a perfect fit for keeping his organization safe.
Tech Talk: The Attackers Journey Pt. 6
Noah King, one of Horizon3's front-end developers, is inviting you into his experience as he learns to be an expert at ethical hacking and get his OSCP cert!
Go Hack Yourself: 5 Crazy Ways NodeZero Became Domain Admin
Attackers don't have to "hack in" using zero-day vulnerabilities. Often, attackers log in by chaining together misconfigurations, dangerous product defaults, and exploitable vulnerabilities to harvest and reuse credentials. This session will discuss five real-world attacks that enabled Horizon3.ai to become domain administrator, gain access to sensitive data, take over cloud VPCs, and compromise critical business…
