Resource Center
Welcome to our cybersecurity resource center where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.
Filters
Showing 463–468 of 473 results
CISA Orders Action Against Exchange Vulnerabilities
Security Boulevard: 04/02/2021 There will be “a significant increase in serious cyberattacks throughout 2021 using ubiquitous software like Exchange and SolarWinds as the attack vector,” warned Anthony Pillitiere, co-founder and CTO at Horizon3. Pillitiere stressed that “organizations that lack a strong cybersecurity foundation will suffer, but organizations that have invested in the right talent, tools, processes and partners will weather...
Read More Agency Issues 2nd Alert for Instant Quote Website Schemes
Data Breach Today: 04/02/2021 Anthony Pillitiere, co-founder and CTO of security firm Horizon3.AI, notes that instant quote websites for financial services companies and auto insurers fail to offer basic security for information that can easily be gleaned by fraudsters with rudimentary skills. “People already give up enough information on their own through social media and the rest of their digital...
Read More FBI: APTs Actively Exploiting Fortinet VPN Security Holes
Threat Post: 04/02/2021 “Attackers are increasingly targeting critical external applications – VPNs have been targeted even more this last year,” said Zach Hanley, senior red team engineer at Horizon3.AI, via email. “These three vulnerabilities targeting the Fortinet VPN allow an attacker to obtain valid credentials, bypass multifactor authentication (MFA), and man-in-the-middle (MITM) authentication traffic to intercept credentials.” Hanley added, “The...
Read More 
Tech Talk: Compliance in Security
In the world of network security, compliance is the bare minimum. Compliance is locking your door, but what about your windows?
Read More CVE-2021-27927: CSRF to RCE Chain in Zabbix
Zabbix is an enterprise IT network and application monitoring solution. In a routine review of its source code, we discovered a CSRF (cross-site request forgery) vulnerability in the authentication component of the Zabbix UI. Using this vulnerability, an unauthenticated attacker can take over the Zabbix administrator's account if the attacker can persuade the Zabbix administrator to follow a malicious link....
Read More 
POC CVE-2021-21972
Write the file supplied in the --file argument to the location specified in the --path argument. The file will be written in the context of the vsphere-ui user. If the target is vulnerable, but the exploit fails, it is likely that the vsphere-ui user does not have permissions to write to the specified path.
Read More