In early 2023, CISA launched their Ransomware Vulnerability Awareness Pilot (RVWP). It’s designed to warn critical infrastructure (CI) entities that their systems have exposed vulnerabilities that may be exploited by ransomware threat actors. The plan is to identify affected systems that may be prevalent in CI networks, then notify operators about potential risk of exploitation. The idea behind this is to enable timely mitigation measures before the damage is done in the context of ransomware attacks.
Silicon Valley Bank (SVB) Failure Could Signal a Rise in Business E-mail Compromise (BEC)
On 10 March, Silicon Valley Bank (SVB) – a popular institution for the venture capital community in the Bay area – failed when venture capitalists (VCs) quickly started to pull money out of the 40-year-old bank, causing federal regulators to step in and shut its doors before more damage could be done. These are the perfect conditions for threat actors to steal several million dollars (and perhaps much more!).
Journey to Secure
A series following Horizon3.ai teammate Brian Marr’s “journey to secure” – detailing the logic and items that he uses to understand the business, current security state, and leadership visions for building an internal security program.
Chaining and Reusing Credentials
Attackers don’t need to hack in – they log in. This is why we believe Credentials are the new RCE.
Insight – Horizon3.ai Annual Review Snapshot 2022
Over the past year, Horizon3.ai pentests revealed cybersecurity vulnerability trends across multiple industry sectors around the globe.
Get the Most From TrendMicro Apex One EDR with NodeZero
Learn how you can use NodeZero to get the Most From TrendMicro Apex One EDR, ensuring you stop, alert, log, and detect activity by bad actors.
Holiday Season Threat Awareness
As we approach the holiday season, it is important that our customers remain stay and continue a regular cadence of autonomous pentests. Although it’s the time of year for holiday cheer, we’ve seen cyber threat actors (CTAs) take advantage of lackadaisical company manning and low staff.
Verifying Credentialed Access to Your Hybrid Cloud Sprawl Matters More Than Ever
Verifying credentialed access to your hybrid cloud sprawl matters more than ever. See example attack paths to understand risks to AWS cloud.
The Undeniable Effectiveness of Password Spray
One of the most effective techniques NodeZero employs for initial access is password spray. It's a primitive technique, basically guessing passwords, and when it works it feels like magic. Yet we see it work time and time again in various pentests conducted by...
Secure Your Fortinet Appliances Across On-Prem, Cloud, and Hybrid Networks at Scale
Learn how to use NodeZero from Horizon3.ai to secure your Fortinet appliances across on-prem, cloud, and hybrid networks at scale.
How can NodeZero help you?
Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.