NodeZero is the first autonomous penetration testing platform to offer both internal and external pentesting in one self-service platform.
Roundup: VMware Vulnerability Deep Dive and More
The Horizon3.ai Attack Team released their VMware Authentication Vulnerability (CVE-2022-22972) Technical Deep Dive.
VMware Authentication Bypass Vulnerability (CVE-2022-22972) Technical Deep Dive
VMware recently patched a critical authentication bypass vulnerability in their VMware Workspace ONE Access, Identity Manager and vRealize Automation products (CVE-2022-22972). This vulnerability allows an attacker to login as any known local user.
XorDDos sees significant spike in activity
XorDdos Is continuing to hunt servers with weak passwords. According to a recent post from Microsoft, there’s been a 254% increase in activity from XorDdos – an eight-year-old network of infected Linux machines used for DDoS attacks.
Roundup: Awards, Education and M&A Cybersecurity
Horizon3.ai news, including an award nomination, plus cybersecurity updates for education and M&A.
Log4Shell RCE Vulnerability in Apache Log4j: The Gift No One Wished For
The Log4Shell RCE vulnerability in Apache Log4j, CVE-2021-44228, dates to 2013 when Log4j 2.0-beta9 was released. An analysis of our pentesting data using NodeZero identified and provided proof of exploit for over 105 unique instances of the CVE within our customers’ environments.
Horizon3.ai Researchers Able to Create Exploit for Critical F5 BIG-IP Flaw
It took just two days for a pair of researchers from Horizon3.ai to discover exploits for the new F5 BIG-IP vulnerability, and have called for devices to be immediately updated to protect against bad actors.
F5 iControl REST Endpoint Authentication Bypass Technical Deep Dive
F5 recently patched a critical vulnerability in their BIG-IP iControl REST endpoint CVE-2022-1388. This vulnerability particularly worrisome for users because it is simple to exploit and provides an attacker with a method to execute arbitrary system commands.
World Password Day: Credentialed attacks by the numbers
It’s World Password Day, but it’s never a bad time to think about credential security and usage. Credentialed attacks are the most popular means of entry into any digital infrastructure, and remain the easiest method of reconnaissance and privilege escalation for bad actors. With some of the most sophisticated open-source attack tools to date, it’s important for organizations to fight machine speeds with machine speeds, and humans by exception.
“And Then, My EDR Just Watched It Happen”
Learn how NodeZero empowers customers to run continuous penetration tests to find vulnerabilities from an attacker’s perspective, to verify fixes after remediation, and hold the EDR and the rest of the security stack accountable for delivering on their capabilities as designed.
How can NodeZero help you?
Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.
