Resource Center
Welcome to our cybersecurity resource center where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.
Filters
Showing 217–222 of 473 results
PoC Exploit Released for Critical Fortinet Auth Bypass Bug Under Active Attacks
The Hacker News: 10/14/22 “FortiOS exposes a management web portal that allows a user to configure the system,” Horizon3.ai researcher James Horseman said. “Additionally, a user can SSH into the system which exposes a locked down CLI interface.” Read the entire article here
Read More Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount
HelpNetSecurity: 10/14/22 Horizon3.ai researchers have released a PoC exploit for CVE-2022-40684, the authentication bypass vulnerability affecting Fortinet‘s firewalls and secure web gateways, and soon after exploitation attempts started rising. Read the entire article here
Read More New auth bypass bug targets FortiGate firewalls and FortiProxy web proxies
IT World Canada 10/14/22 Security experts from Horizon3.ai provided a proof-of-concept (PoC) exploit and a technical analysis of the root cause of the vulnerability. This exploit can exploit the authentication bypass flaw to set an SSH key for the user, which is specified from the command line when the Python script is started. Read the entire article here
Read More Exploit available for critical Fortinet auth bypass bug, patch now
Bleeping Computer: 10/13/22 Horizon3.ai security researchers released a proof-of-concept (PoC) exploit and a technical root cause analysis for this vulnerability today, following an announcement that a CVE-2022-40684 PoC will be made available this week. Read the entire article here
Read More 
FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
Fortinet recently patched a critical authentication bypass vulnerability in their FortiOS, FortiProxy, and FortiProxySwitchManager projects (CVE-2022-40684). This vulnerability gives an attacker the ability to login as an administrator on the effected system. To demonstrate the vulnerability in this writeup, we will be using FortiOS version 7.2.1
Read More Horizon3.ai Named Finalist for Cloud Security Innovation of the Year in 2022 SDC Awards
Businesswire: 10/13/22 The SDC Awards recognize and reward products and services that are the foundation for digital transformation. NodeZero has been named a ‘Cloud Security Innovation of the Year’ finalist. NodeZero was selected for its impact on the market and value provided to customers and partners. Read the entire article here
Read More