Resource Center

Welcome to our cybersecurity resource center where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.

LATEST VULNERABILITIES

WEBINAR REPLAY

SEARCH

CATEGORIES

TAGS

    Blogs

    XorDDos sees significant spike in activity

    May 24, 2022
    XorDdos Is continuing to hunt servers with weak passwords. According to a recent post from Microsoft, there’s been a 254% increase in activity from XorDdos – an eight-year-old network of infected Linux machines used for DDoS attacks.
    Read More →
    Trojan Horse with letters numbers and symbols raining down
    Blogs

    Roundup: Awards, Education and M&A Cybersecurity

    May 20, 2022
    Horizon3.ai news, including an award nomination, plus cybersecurity updates for education and M&A.
    Read More →
    Learning Cybersecurity
    Blogs

    Log4Shell RCE Vulnerability in Apache Log4j: The Gift No One Wished For

    May 16, 2022
    The Log4Shell RCE vulnerability in Apache Log4j, CVE-2021-44228, dates to 2013 when Log4j 2.0-beta9 was released. An analysis of our pentesting data using NodeZero identified and provided proof of exploit for over 105 unique instances of the CVE within our customers’ environments.
    Read More →
    Woman unhappy with Log4shell Vulnerability
    Video

    Tech Talk: The Attackers Journey Pt. 3

    Noah King, Brad Hong, and Jake Murphy were back at it again with this third installment of 'The Attackers Journey'. This series has focused on Noah King on his journey to become an ethical hacker. Pt. 3 was no different, with a focus on Server-Side Request Forgery!
    Watch Now →
    Tech Talk: The Attackers Journey Part 3
    Blogs

    Horizon3.ai Researchers Able to Create Exploit for Critical F5 BIG-IP Flaw

    May 10, 2022
    It took just two days for a pair of researchers from Horizon3.ai to discover exploits for the new F5 BIG-IP vulnerability, and have called for devices to be immediately updated to protect against bad actors.
    Read More →
    F5 Big-IP Vulnerability - F5 Logo inside of a electric orb
    Attack Blogs

    F5 iControl REST Endpoint Authentication Bypass Technical Deep Dive

    May 9, 2022
    F5 recently patched a critical vulnerability in their BIG-IP iControl REST endpoint CVE-2022-1388. This vulnerability particularly worrisome for users because it is simple to exploit and provides an attacker with a method to execute arbitrary system commands.
    Read More →
    F5 CVE-2022-1388
    Blogs

    World Password Day: Credentialed attacks by the numbers

    May 5, 2022
    It’s World Password Day, but it’s never a bad time to think about credential security and usage. Credentialed attacks are the most popular means of entry into any digital infrastructure, and remain the easiest method of reconnaissance and privilege escalation for bad actors. With some of the most sophisticated open-source attack tools to date, it’s…
    Read More →
    Wall of Keys - World Password Day
    Blogs

    “And Then, My EDR Just Watched It Happen”

    April 18, 2022
    Learn how NodeZero empowers customers to run continuous penetration tests to find vulnerabilities from an attacker’s perspective, to verify fixes after remediation, and hold the EDR and the rest of the security stack accountable for delivering on their capabilities as designed.
    Read More →
    Security guard on his phone
    Whitepapers

    2022 SANS Analyst Report

    April 17, 2022
    SANS First Look: New technologies are emerging to help provide more consistent, repeatable pen tests that mimic real-world attack techniques.
    Read More →
    Customer Stories

    Misreporting Tools Leave Servers Vulnerable for 18 Months

    April 6, 2022
    Teaching hospital insisted on false positive when NodeZero exploited a critical but year-old vulnerability in under one day, but...
    Read More →
    Misreporting Tools Leave Servers Vulnerable for 18 Months