❌

Normal view

There are new articles available, click to refresh the page.
Before yesterdayPentest/Red Team

Penetration tester Horizon3.ai identifies Fortinet exploit source, assists those checking for potential attacks

2 November 2022 at 19:30

SiliconANGLE: 11/02/22

“We want to be to have a tool that can be used to exploit our customer system safely to prove that they’re vulnerable, so then they can go and fix it,” said James Horseman (pictured, right), exploit developer at Horizon3.ai.

Read the entire article here

The post Penetration tester Horizon3.ai identifies Fortinet exploit source, assists those checking for potential attacks appeared first on Horizon3.ai.

Russia-Ukraine Conflict Heightens Wariness of Nation-State Attacks as 64% Of Businesses Believe They Have Been Targeted

21 October 2022 at 19:27

CPO Magazine: 10/21/22

Well over half of the respondents not only believe that they have already been targeted by nation-state attacks, but have made changes to their cybersecurity practices due to the Russia-Ukraine conflict.

Read the entire article here

The post Russia-Ukraine Conflict Heightens Wariness of Nation-State Attacks as 64% Of Businesses Believe They Have Been Targeted appeared first on Horizon3.ai.

What’s in store for the technology security landscape, and where does pentesting fit in?

18 October 2022 at 15:26

SiliconANGLE: 10/18/22

As much as companies are adjusting to new economic realities, one area in which they’re refusing to compromise is security. A major reason behind this is the constantly widening threat area, including multiple simultaneous clouds, managed solutions, and distributed workforces and infrastructures, according to Antani.

Read the entire article here

The post What’s in store for the technology security landscape, and where does pentesting fit in? appeared first on Horizon3.ai.

Horizon3 AI founder discusses MSP and reseller market dynamics in wake of partner program expansion

18 October 2022 at 15:23

SiliconANGLE: 10/18/22

“How do we build a product and a business model that enables those last-mile channel partners to make even more revenue using us to underpin their offerings and services and get them to take advantage of the trust that they’ve built over many hard years and use that trust to not only improve the posture of their customers, but have Horizon3 become a force enabler along the way?” asked Snehal Antani, co-founder and chief executive officer of Horizon3 AI.

Read the entire article here

The post Horizon3 AI founder discusses MSP and reseller market dynamics in wake of partner program expansion appeared first on Horizon3.ai.

Secure Your Fortinet Appliances Across On-Prem, Cloud, and Hybrid Networks at Scale

18 October 2022 at 14:28

Security Boulevard: 10/18/22

While unannounced zero-day vulnerabilities garner a fair bit of fear and attention, one of the greatest risks introduced to business operations are newly announced vulnerabilities, or N-days.

Read the entire article here

The post Secure Your Fortinet Appliances Across On-Prem, Cloud, and Hybrid Networks at Scale appeared first on Horizon3.ai.

Fortinet Admits Many Devices Still Unprotected Against Exploited Vulnerability

17 October 2022 at 14:26

Security Week: 10/17/22

Fortinet is concerned that many of its customers’ devices are still unprotected against attacks exploiting the recently disclosed zero-day vulnerability and the company has urged them to take action.

Read the entire article here

The post Fortinet Admits Many Devices Still Unprotected Against Exploited Vulnerability appeared first on Horizon3.ai.

Fortinet triple-whammy CVE gets PoC, deep dive explanation

17 October 2022 at 14:23

The Register: 10/17/22

A critical flaw in Fortinet’s FortiOS, FortiProxy and FortiSwitchManager has been patched, but for those of a curious nature security firm Horizon3.ai has released a proof of concept for the exploit, as well as explaining how it works.

Read the entire article here

The post Fortinet triple-whammy CVE gets PoC, deep dive explanation appeared first on Horizon3.ai.

Horizon3.ai’s NodeZero Takes Top Honors in the TMC 2022 Cloud Security Excellence Awards

20 October 2022 at 14:00

Businesswire: 10/20/22

NodeZero was named a winner for its ability to continuously assess an enterprise’s internal and external attack surface, and how it reveals the many ways in which an attacker could leverage harvested credentials, misconfigurations, dangerous product defaults and exploitable vulnerabilities to compromise systems and data.

Read the entire article here

The post Horizon3.ai’s NodeZero Takes Top Honors in the TMC 2022 Cloud Security Excellence Awards appeared first on Horizon3.ai.

Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows

14 October 2022 at 18:27

Dark Reading: 10/14/22

James Horseman, exploit developer at Horizon3.ai says public data from GreyNoise—which tracks Internet scanning activity hitting security tools—shows the number of unique IPs using the exploit has grown from the single digits a few days ago, to over forty as of Oct. 14.

Read the entire article here

The post Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows appeared first on Horizon3.ai.

Attackers Exploiting Critical Fortinet Authentication Bypass

14 October 2022 at 18:26

Decipher: 10/14/22

“An attacker can use this vulnerability to do just about anything they want to the vulnerable system. This includes changing network configurations, adding new users, and initiating packet captures. Note that this is not the only way to exploit this vulnerability and there may be other sets of conditions that work,” James Horseman of Horizon3.ai, an offensive security firm, said in an analysis of the flaw.

Read the entire article here

The post Attackers Exploiting Critical Fortinet Authentication Bypass appeared first on Horizon3.ai.

PoC Published for Fortinet Vulnerability as Mass Exploitation Attempts Begin

14 October 2022 at 18:24

Security Week: 10/14/22

Penetration testing company Horizon3.ai has made public a PoC exploit that allows an attacker to add an SSH key to the admin user, enabling the attacker to access the targeted system with administrator privileges. The firm has also released technical details, and others have created templates for vulnerability scanners.

Read the entire article here

The post PoC Published for Fortinet Vulnerability as Mass Exploitation Attempts Begin appeared first on Horizon3.ai.

PoC Exploit Released for Critical Fortinet Auth Bypass Bug Under Active Attacks

14 October 2022 at 18:24

The Hacker News: 10/14/22

“FortiOS exposes a management web portal that allows a user to configure the system,” Horizon3.ai researcher James Horseman said. “Additionally, a user can SSH into the system which exposes a locked down CLI interface.”

Read the entire article here

The post PoC Exploit Released for Critical Fortinet Auth Bypass Bug Under Active Attacks appeared first on Horizon3.ai.

Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount

14 October 2022 at 18:22

HelpNetSecurity: 10/14/22

Horizon3.ai researchers have released a PoC exploit for CVE-2022-40684, the authentication bypass vulnerability affecting Fortinet‘s firewalls and secure web gateways, and soon after exploitation attempts started rising.

Read the entire article here

The post Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount appeared first on Horizon3.ai.

New auth bypass bug targets FortiGate firewalls and FortiProxy web proxies

14 October 2022 at 18:21

IT World Canada 10/14/22

Security experts from Horizon3.ai provided a proof-of-concept (PoC) exploit and a technical analysis of the root cause of the vulnerability. This exploit can exploit the authentication bypass flaw to set an SSH key for the user, which is specified from the command line when the Python script is started.

Read the entire article here

The post New auth bypass bug targets FortiGate firewalls and FortiProxy web proxies appeared first on Horizon3.ai.

Exploit available for critical Fortinet auth bypass bug, patch now

13 October 2022 at 18:20

Bleeping Computer: 10/13/22

Horizon3.ai security researchers released a proof-of-concept (PoC) exploit and a technical root cause analysis for this vulnerability today, following an announcement that a CVE-2022-40684 PoC will be made available this week.

Read the entire article here

The post Exploit available for critical Fortinet auth bypass bug, patch now appeared first on Horizon3.ai.

Horizon3.ai Named Finalist for Cloud Security Innovation of the Year in 2022 SDC Awards

13 October 2022 at 16:33

Businesswire: 10/13/22

The SDC Awards recognize and reward products and services that are the foundation for digital transformation. NodeZero has been named a ‘Cloud Security Innovation of the Year’ finalist. NodeZero was selected for its impact on the market and value provided to customers and partners.

Read the entire article here

The post Horizon3.ai Named Finalist for Cloud Security Innovation of the Year in 2022 SDC Awards appeared first on Horizon3.ai.

BOD 23-01 – Fed Civilian Agencies Must Report Network Vulns To CISA – Expert Comments

5 October 2022 at 14:44

Information Security Buzz:10/05/22

CISA Director Jen Easterly announced a new Binding Operational Directive (BOD 23-01) on Monday requiring all Federal civilian agencies to report detailed data about vulnerabilities to CISA at timed intervals using automated tools. Snehal Antani commented, “Typically, attackers know more about your enterprise than you do. They gain initial access into your enterprise, discover all of your assets, and plan angles of attack to achieve their objectives. It’s critical for all organizations, including Federal agencies, to view their enterprises through the eyes of an attacker to ensure they don’t have rogue, misconfigured, or vulnerable assets on their network that could lead to a compromise.”

Read the entire article here

The post BOD 23-01 – Fed Civilian Agencies Must Report Network Vulns To CISA – Expert Comments appeared first on Horizon3.ai.

Three things you might have missed from the ‘Horizon3.ai Drives Global Partner-First Approach’ event

3 October 2022 at 14:46

SiliconANGLE:10/03/22

For enterprise cybersecurity initiatives to be effective today, they must be continuous and proactive. Organizations simply can’t risk a real breach to test their security mettle. But what does it take for cybersecurity strategies to be deemed proactive? Usually, it implies a balanced mix of observability and continuous verification.

Read the entire article here

The post Three things you might have missed from the ‘Horizon3.ai Drives Global Partner-First Approach’ event appeared first on Horizon3.ai.

81% of Companies Suffered A Cloud Security Incident Last Year – Horizon3.ai

30 September 2022 at 14:41

Information Security Buzz:09/30/22

Over the past year, studies show that companies with cloud-based security solutions have had at least one security incident in their cloud environment. In contrast, cloud-based security is likely more “up-to-date” than on-premises solutions as the cloud-based security company maintains its solution in compliance with industry standards

Read the entire article here

The post 81% of Companies Suffered A Cloud Security Incident Last Year – Horizon3.ai appeared first on Horizon3.ai.

Horizon3.ai Promotes Global Partner-First Approach with Expansion of Partner Program

28 September 2022 at 14:13

ITSecurityWire: 09/28/22

“The driving force behind creating our new partner program really aligns with our channel-first commitment and how we go-to-market,” said Snehal Antani, CEO and co-founder of Horizon3.ai. “Autonomous pentesting enables the next-generation of security assessments.

Read the entire article here

The post Horizon3.ai Promotes Global Partner-First Approach with Expansion of Partner Program appeared first on Horizon3.ai.

Horizon3.ai Drives Global Partner-First Approach with Expansion of Partner Program

27 September 2022 at 14:11

AITHORITY: 09/27/22

“Most MSSPs and VARs don’t have the talent for pentesting, and trying to staff this position can be incredibly difficult,” said Christopher Prewitt, CTO of Inversion6. “Partnering with Horizon3.ai has been a game changer for us, as it’s allowed us not only to perform new services for our customers, but also provide a product where customers can pentest their own network – both internally and externally.”

Read the entire article here

The post Horizon3.ai Drives Global Partner-First Approach with Expansion of Partner Program appeared first on Horizon3.ai.

Horizon3 positions Partner Program expansion as a value-add for MSPs, MSSPs and resellers

27 September 2022 at 14:09

SiliconANGLE: 09/27/22

“First of all, there is a raising demand in penetration testing,” said Rainer Richter. “And, internationally, we have a much higher percentage of SMBs and mid-market customers. So, for them, pentesting was just too expensive. With our offering together with our partners, we can provide different ways for customers to get autonomous pentesting done more than once a year with even lower costs than they had with traditional manual pentests.”

Read the entire article here

The post Horizon3 positions Partner Program expansion as a value-add for MSPs, MSSPs and resellers appeared first on Horizon3.ai.

Uber Systems Breached – Full Access Claimed

16 September 2022 at 14:29

VMBlog 09/16/22

This is really just testament to the fact that almost every multi-million dollar security program is worth nothing without employee awareness, clean data hygiene practices, and constant validation of security controls through testing. We’ve seen way too many examples of credentialed attacks still being the #1 utilized attack vector for attackers.

Read the entire article here

The post Uber Systems Breached – Full Access Claimed appeared first on Horizon3.ai.

Horizon3.ai Expands Global Partner Program, Taps Jennifer Lee to Lead

28 September 2022 at 13:53

Brilliance Security Magazine: 09/28/22

“The Horizon3.ai Partner Program enables partners to leverage the industry’s most advanced, comprehensive penetration testing available. By using NodeZero, partners can help their clients find and fix attack vectors before attackers can exploit them, then verify any issue is resolved,” said Lee.

Read the entire article here

The post Horizon3.ai Expands Global Partner Program, Taps Jennifer Lee to Lead appeared first on Horizon3.ai.

❌
❌