Security Practitioner

Filters

Showing 61–66 of 99 results

FortiOS, FortiProxy, and FortiProxySwitchManager Authentication Bypass, CVE-2022-40684

FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass IOCs (CVE-2022-40684)

October 11, 2022 | Attack Blogs

Introduction The recent FortiOS / FortiProxy / FortiSwitchManager CVE has been reportedly exploited in the wild. We would like to provide additional insight into the vulnerability so users can begin to determine if they have been compromised. In this post we discuss enabling logging and IOCs for FortiOS 7.2.1. These steps will likely work on other vulnerable products, however we...

Customer Story: Vulnerable does not equal Exploitable

Vulnerable ≠ Exploitable: A lesson on prioritization

September 13, 2022 | Customer Stories

Pen testers, vulnerability scanners, and installed agents alert on potential vulnerabilities and breaches. You receive a list, or a notification, and you respond. Ever wonder how much of your time and effort is being wasted fixing things that don’t actually matter?

Pods retrieved using the /pods API endpoint.

Are Your Kubernetes Clusters Configured Properly?

August 31, 2022 | Blogs

Researchers recently discovered some 900,000 Kubernetes clusters that were potentially exposed to malicious scans and data theft during a threat-hunting exercise.

Tech Talk: The Attackers Journey Pt. 6

August 30, 2022 | Webinar Replays

Noah King, one of Horizon3's front-end developers, is inviting you into his experience as he learns to be an expert at ethical hacking and get his OSCP cert!

Go Hack Yourself: 5 Crazy Ways NodeZero Became Domain Admin

August 30, 2022 | Webinar Replays

Attackers don't have to "hack in" using zero-day vulnerabilities. Often, attackers log in by chaining together misconfigurations, dangerous product defaults, and exploitable vulnerabilities to harvest and reuse credentials. This session will discuss five real-world attacks that enabled Horizon3.ai to become domain administrator, gain access to sensitive data, take over cloud VPCs, and compromise critical business systems. In most instances no...

The Attackers Perspective Through Splunk Data & Workflows

August 25, 2022 | Webinar Replays

As the industry accelerates toward a threat landscape of attack and defense by algorithm and machine, humans must run at machine speed to manage the stakes of tool misconfiguration, mishandling of logs, and missed patching opportunities. The NodeZero app for Splunk is a force multiplier—combining attacker insights into your unique environment with your existing Splunk data and workflows to enable...

« Previous
1
…
9
10
11
12
13
…
17
Next »

How can NodeZero help you?

Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.

Schedule a Demo

Security Strategies

Industry Insights

Attack Research

No Results Found

Attack Content