Tag: Security Practitioner | Page 15

Attackers don’t need to hack in – they log in. This is why we believe Credentials are the new RCE.

Over the past year, Horizon3.ai pentests revealed cybersecurity vulnerability trends across multiple industry sectors around the globe.

Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability, CVE-2023-43208. If you’re a user of Mirth Connect, you’ll want to upgrade to the latest patch release, 4.4.1, as of this writing.

Introduction This report is a follow up to https://www.horizon3.ai/vmware-vrealize-log-insight-vmsa-2023-0001-technical-deep-dive/. Earlier this year we reported the technical details for VMSA-2023-0001 affecting VMware Aria Operations for Logs (formerly VMware...

Apache Superset is an open source data visualization and exploration tool. It has over 50K stars on GitHub, and there are more than 3000 instances of it exposed to the Internet. In our research, we found that a substantial portion of these servers - at least 2000...

Attackers don’t need to hack in – they log in. This is why we believe Credentials are the new RCE.

Over the past year, Horizon3.ai pentests revealed cybersecurity vulnerability trends across multiple industry sectors around the globe.

Understanding Log4Shell: the Apache log4j2 Remote Code Execution Vulnerability (CVE-2021-44228)

This Red vs. Blue approach to cybersecurity is unsustainable, and often does more harm than good. The goal should be Red AND Blue, working together.

During our assessment of the ResourceSpace code base, we found three new vulnerabilities that could be exploited by an unauthenticated attacker. The most critical is CVE-2021-41765, a pre-auth SQL injection that an attacker can abuse to gain remote code execution (RCE) privileges on the ResourceSpace server.

We wanted to do something a little bit different with this post. Our vulnerability disclosures, exploit proof-of-concepts, and attack analysis blog posts have been awesome, but they have been catering to an offensive security audience.

While so many are focused on vulnerabilities and malware on endpoints, understanding the attack paths an attacker would exploit to hold your business and brand at risk is key.

Overview A common attack path that Horizon3 has identified across many of its customers is abusing access to the VMware vCenter Identity Provider (IdP) certificate. Security Assertion Markup Language (SAML) has proved to be a hotbed of vulnerabilities within the last year, as well as a target of many cybercrime syndicates and APTs. In the SolarWinds attack, the attackers also...

Security Strategies

Industry Insights

Attack Research

No Results Found

Attack Content

No Results Found

No Results Found

Security Strategies

Industry Insights

Attack Research

No Results Found

Attack Content

No Results Found

No Results Found

Security Practitioner

Filters

How can NodeZero help you?