CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Deep Dive Mar 21, 2024Introduction In a recent PSIRT, Fortinet acknowledged CVE-2023-48788 - a SQL injection in FortiClient EMS that can lead to remote code execution. FortiClient EMS is an endpoint management solution for enterprises that provides a central location for administering...
Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty” Mar 14, 2024Early in 2023, soon after reproducing a remote code execution vulnerability for the Fortinet FortiNAC, I was on the hunt for a set of new research targets. Fortinet seemed like a decent place to start given the variety of lesser-known security appliances I had noticed...
NodeZero: Testing for Exploitability of Palo Alto Networks CVE-2024-3400 Apr 25, 2024On April 12 (and then updated again on April 20), Palo Alto Networks released an advisory about a vulnerability in the PAN-OS® software that runs Palo Alto Networks® Next-Generation Firewalls (NGFWs).
Fireside Chat: Horizon3.ai and JTI Cybersecurity Apr 17, 2024Horizon3.ai Principal Security SME Stephen Gates and JTI Cybersecurity Principal Consultant Jon Isaacson discuss: – What JTI does to validate things like access control, data loss prevention, ransomware protection, and intrusion detection approaches. – How #pentesting and red team exercises allow orgs to validate the effectiveness of their security controls. – Why offensive operations work best to discover and mitigate exploitable vulnerabilities in their client’s infrastructures.
Empowering Educational Compliance: Navigating the Future with Autonomous Pentesting in Academia Mar 28, 2024How Autonomous Pentesting with NodeZero Transformed University Protection
Securing the Move: Cyber Resilience in the Transportation and Supply Chain Industry Jan 23, 2024Cyber protection is crucial for the transportation industry and the supply chain because it ensures the seamless flow of goods, prevents disruptions, and preserves the integrity of critical data essential for global commerce.
Horizon3.ai Appoints Matt Hartley as Chief Revenue Officer to Spearhead Growth Initiatives May 2, 2024Business Wire 03/25/2024 Horizon3.ai, a leading provider of autonomous security solutions, today announced the appointment of Matt Hartley as Chief Revenue Officer (CRO), effective immediately.Hartley brings over 20 years of sales and operations excellence with a...
Horizon3.ai Unveils Rapid Response Service for Cyber Resilience Apr 30, 2024Business Wire 03/25/2024 Horizon3.ai, a pioneer in autonomous security solutions, today announced the launch of its Rapid Response service, now part of the NodeZero™ platform. This one-of-a-kind capability marks a significant advancement in autonomous penetration...
Horizon3.ai Garners Spot in 2024 CRN® Partner Program Guide Mar 25, 2024Business Wire 03/25/2024 Horizon3.ai, a pioneer in autonomous security solutions, has been honored by CRN®, a brand of The Channel Company, with inclusion in its 2024 Partner Program Guide. This annual guide provides essential information to solution providers...
CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Deep Dive Mar 21, 2024Introduction In a recent PSIRT, Fortinet acknowledged CVE-2023-48788 - a SQL injection in FortiClient EMS that can lead to remote code execution. FortiClient EMS is an endpoint management solution for enterprises that provides a central location for administering...
Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty” Mar 14, 2024Early in 2023, soon after reproducing a remote code execution vulnerability for the Fortinet FortiNAC, I was on the hunt for a set of new research targets. Fortinet seemed like a decent place to start given the variety of lesser-known security appliances I had noticed...
NodeZero: Testing for Exploitability of Palo Alto Networks CVE-2024-3400 Apr 25, 2024On April 12 (and then updated again on April 20), Palo Alto Networks released an advisory about a vulnerability in the PAN-OS® software that runs Palo Alto Networks® Next-Generation Firewalls (NGFWs).
Fireside Chat: Horizon3.ai and JTI Cybersecurity Apr 17, 2024Horizon3.ai Principal Security SME Stephen Gates and JTI Cybersecurity Principal Consultant Jon Isaacson discuss: – What JTI does to validate things like access control, data loss prevention, ransomware protection, and intrusion detection approaches. – How #pentesting and red team exercises allow orgs to validate the effectiveness of their security controls. – Why offensive operations work best to discover and mitigate exploitable vulnerabilities in their client’s infrastructures.
Empowering Educational Compliance: Navigating the Future with Autonomous Pentesting in Academia Mar 28, 2024How Autonomous Pentesting with NodeZero Transformed University Protection
Securing the Move: Cyber Resilience in the Transportation and Supply Chain Industry Jan 23, 2024Cyber protection is crucial for the transportation industry and the supply chain because it ensures the seamless flow of goods, prevents disruptions, and preserves the integrity of critical data essential for global commerce.
Horizon3.ai Appoints Matt Hartley as Chief Revenue Officer to Spearhead Growth Initiatives May 2, 2024Business Wire 03/25/2024 Horizon3.ai, a leading provider of autonomous security solutions, today announced the appointment of Matt Hartley as Chief Revenue Officer (CRO), effective immediately.Hartley brings over 20 years of sales and operations excellence with a...
Horizon3.ai Unveils Rapid Response Service for Cyber Resilience Apr 30, 2024Business Wire 03/25/2024 Horizon3.ai, a pioneer in autonomous security solutions, today announced the launch of its Rapid Response service, now part of the NodeZero™ platform. This one-of-a-kind capability marks a significant advancement in autonomous penetration...
Horizon3.ai Garners Spot in 2024 CRN® Partner Program Guide Mar 25, 2024Business Wire 03/25/2024 Horizon3.ai, a pioneer in autonomous security solutions, has been honored by CRN®, a brand of The Channel Company, with inclusion in its 2024 Partner Program Guide. This annual guide provides essential information to solution providers...