Blog
Horizon3.ai Adds NodeZero App for Splunk on Splunkbase
Horizon3.ai adds NodeZero app to Splunkbase to improve the effectiveness of your Splunk deployments and ensure you’re logging the right data.
Roundup: FBI Warns of Stolen Credentials in Higher Ed
The FBI has warned that cybercriminals were selling stolen credentials information from higher education organizations on Russian hacker forums.
How Healthcare Organizations Can Assess Their Security (Affordably)
Digital transformation of healthcare can lead to better treatments, improved outcomes, and reduced costs for healthcare organizations.
Roundup: Horizon3.ai Experts in the News
Horizon3.ai experts were in the news this week on topics ranging from the future of penetration testing, the Atlassian Confluence flaw, AI.
Healthcare Org Data Breach Impacts 2 Million Users
Shields Health Care Group, Inc. reported this week that it is investigating a data breach which may have impacted 56 healthcare facilities and the patients of those facilities.
Roundup: University Credentials on the Dark Web and More
University credentials being sold on the dark web and used against individuals or the institution itself in subsequent cyberattacks.
The CISOs Report Identifies Current Industry Challenges
The CISOs Report finds CISOs are prioritizing Zero Trust and partner risk management to mitigate critical security challenges.
Horizon3.ai Expands NodeZero to Include External Autonomous Pentesting
NodeZero is the first autonomous penetration testing platform to offer both internal and external pentesting in one self-service platform.
Roundup: VMware Vulnerability Deep Dive and More
The Horizon3.ai Attack Team released their VMware Authentication Vulnerability (CVE-2022-22972) Technical Deep Dive.
VMware Authentication Bypass Vulnerability (CVE-2022-22972) Technical Deep Dive
VMware recently patched a critical authentication bypass vulnerability in their VMware Workspace ONE Access, Identity Manager and vRealize Automation products (CVE-2022-22972). This vulnerability allows an attacker to login as any known local user.
XorDDos sees significant spike in activity
XorDdos Is continuing to hunt servers with weak passwords. According to a recent post from Microsoft, there’s been a 254% increase in activity from XorDdos – an eight-year-old network of infected Linux machines used for DDoS attacks.
Roundup: Awards, Education and M&A Cybersecurity
Horizon3.ai news, including an award nomination, plus cybersecurity updates for education and M&A.
Log4Shell RCE Vulnerability in Apache Log4j: The Gift No One Wished For
The Log4Shell RCE vulnerability in Apache Log4j, CVE-2021-44228, dates to 2013 when Log4j 2.0-beta9 was released. An analysis of our pentesting data using NodeZero identified and provided proof of exploit for over 105 unique instances of the CVE within our customers’ environments.
Horizon3.ai Researchers Able to Create Exploit for Critical F5 BIG-IP Flaw
It took just two days for a pair of researchers from Horizon3.ai to discover exploits for the new F5 BIG-IP vulnerability, and have called for devices to be immediately updated to protect against bad actors.
F5 iControl REST Endpoint Authentication Bypass Technical Deep Dive
F5 recently patched a critical vulnerability in their BIG-IP iControl REST endpoint CVE-2022-1388. This vulnerability particularly worrisome for users because it is simple to exploit and provides an attacker with a method to execute arbitrary system commands.
World Password Day: Credentialed attacks by the numbers
It’s World Password Day, but it’s never a bad time to think about credential security and usage. Credentialed attacks are the most popular means of entry into any digital infrastructure, and remain the easiest method of reconnaissance and privilege escalation for bad actors. With some of the most sophisticated open-source attack tools to date, it’s important for organizations to fight machine speeds with machine speeds, and humans by exception.
“And Then, My EDR Just Watched It Happen”
Learn how NodeZero empowers customers to run continuous penetration tests to find vulnerabilities from an attacker’s perspective, to verify fixes after remediation, and hold the EDR and the rest of the security stack accountable for delivering on their capabilities as designed.
The Industry Standard Model is the Vulnerability
Which is more valuable to you; the ability to identify a problem, or the ability to solve the problem? There is a plethora of vulnerability scanning tools that do a decent job identifying vulnerabilities. Unfortunately, those tools rarely discern the possible from the exploitable.
Using NodeZero to Find and Fix Log4Shell
Log4Shell is a “once-in-a-decade” type of vulnerability that will linger in environments for years to come. For a vulnerability with such a broad, lasting impact, it’s important to establish a principled and disciplined approach for discovering and remediating it. NodeZero both detects and exploits Log4Shell, surfacing a wealth of information that can be used to understand its real impact and prioritize its remediation.
Understanding Log4Shell: the Apache log4j2 Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046)
Understanding Log4Shell: the Apache log4j2 Remote Code Execution Vulnerability (CVE-2021-44228)
Hack The Box – Mirai
I exploited the Mirai machine from Hack The Box using the same technique used by the infamous Mirai malware.
Multiple Vulnerabilities in ResourceSpace
During our assessment of the ResourceSpace code base, we found three new vulnerabilities that could be exploited by an unauthenticated attacker. The most critical is CVE-2021-41765, a pre-auth SQL injection that an attacker can abuse to gain remote code execution (RCE) privileges on the ResourceSpace server.
Credential Misconfigurations
Are your credential policies implemented right? Are your enterprise accounts configured correctly? How do you know? Most phishing, ransomware, and credential attacks start by gaining access to a host and compromising a domain user (Credential Attacks – Horizon3.ai)....
Apache CVE-2021-41773, CVE-2021-42013
We wanted to do something a little bit different with this post. Our vulnerability disclosures, exploit proof-of-concepts, and attack analysis blog posts have been awesome, but they have been catering to an offensive security audience.
Compromising vCenter via SAML Certificates
Overview A common attack path that Horizon3 has identified across many of its customers is abusing access to the VMware vCenter Identity Provider (IdP) certificate. Security Assertion Markup Language (SAML) has proved to be a hotbed of vulnerabilities within the last...
OMIGOD – RCE Vulnerability in Multiple Azure Linux Deployments
Overview On September 14, multiple vulnerabilities were discovered by researchers at Wiz.io. The most critical of them being CVE-2021-38647, now dubbed OMIGOD, which effects the Open Management Infrastructure (OMI) agent in versions 1.6.8.0 and below. Azure customers...
Hack The Box – Jerry
The Jerry machine from the Hack The Box platform nicely illustrates the danger of weak and default credentials.
Confluence Server OGNL Injection: CVE-2021-26084
On August 25, 2021, Atlassian released a security advisory for CVE-2021-26084, an OGNL injection vulnerability found within a component of Confluence Server and Data Center. This critical vulnerability allows an unauthenticated attacker to execute arbitrary commands...
