Resource Center

Welcome to our cybersecurity resource center where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.

LATEST VULNERABILITIES

WEBINAR REPLAY

SEARCH

CATEGORIES

TAGS

    Blogs

    An International Look at Cybercrime

    August 29, 2022
    Authoritarian regimes have learned in recent years that cybercrime can be a profitable economic enterprise ­– so much so that they continue to invest substantial resources in large- and small-scale cybercrime.
    Read More →
    Blogs

    Beyond Password Issues: How NodeZero Found Access to an Organization’s Azure Cloud Environment  

    August 25, 2022
    NodeZero is a generational leap beyond a traditional pentest – organizations often see that for themselves from the moment they give our autonomous pentesting platform a shot. NodeZero surfaces risks and weaknesses that would never have come up during a general vulnerability scan as it chains together attack tactics and techniques to illuminate your most…
    Read More →
    Lines of code with password hashes highlighted
    Video

    The Attackers Perspective Through Splunk Data & Workflows

    As the industry accelerates toward a threat landscape of attack and defense by algorithm and machine, humans must run at machine speed to manage the stakes of tool misconfiguration, mishandling of logs, and missed patching opportunities. The NodeZero app for Splunk is a force multiplier—combining attacker insights into your unique environment with your existing Splunk…
    Watch Now →
    Customer Stories

    NodeZero: Filling a Unique Niche in Cybersecurity

    August 23, 2022
    IT and cybersecurity team from a U.S.-based management consulting organization improve their penetration testing with NodeZero by Horizon3.ai
    Read More →
    Customer Story - NodeZero: Filling a Unique Niche in Cybersecurity
    Whitepapers

    Healthcare IT – Far Beyond HIPAA Compliance

    August 19, 2022
    Take a deeper look at critical threats against the healthcare sector and how to overcome the industry’s specific challenges.
    Read More →
    Blogs

    One Weak Password Leads to Compromise

    August 17, 2022
    NodeZero, discovered a customer’s host that had not appeared in previous pentests due to a small change in their configuration.
    Read More →
    Chain with weak link with password text overlayed on top
    Customer Stories

    Higher Education Institution Finds a Real Look at Vulnerabilities and Exploits with NodeZero

    August 8, 2022
    When the Desert Research Institute (DRI) of Reno, NV, a higher education organization focusing on applied environmental research, needed a way to run penetration testing and vulnerability scanning at an affordable cost, they found NodeZero.
    Read More →
    Customer Story - Higher Education Institution Finds Easier, Better Scanning with NodeZero
    Whitepapers

    The Shortcomings of Traditional Penetration Tests

    July 29, 2022
    Companies tend to conduct pentests in flawed ways. Now a better, more automated, and faster approach to pentesting has arrived.
    Read More →
    The Shortcomings of Traditional Penetration Tests —and How Autonomous Pentesting Addresses Them
    Attack Blogs

    The Long Tail of Log4Shell Exploitation

    July 13, 2022
    It's been more than six months since the Log4Shell vulnerability (CVE-2021-44228) was disclosed, and a number of post-mortems have come out talking about lessons learned and ways to prevent the next Log4Shell-type event from happening.
    Read More →
    Disclosures

    CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus

    June 29, 2022
    CVE-2022-28219 is an unauthenticated remote code execution vulnerability affecting Zoho ManageEngine ADAudit Plus, a compliance tool used by enterprises to monitor changes to Active Directory. The vulnerability comprises several issues: untrusted Java deserialization, path traversal, and a blind XML External Entities (XXE) injection. This is a vulnerability that NodeZero, our autonomous pentesting product, has exploited…
    Read More →