SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs

Attackers may have leveraged vulnerabilities in the SimpleHelp remote monitoring and management solution to gain initial access to healthcare organizations. About the vulnerabilities On January 13, 2025, Horizon3.ai researchers revealed their discovery… Continue reading SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs

Critical SimpleHelp vulnerabilities fixed, update your server instances!

If you’re an organization using SimpleHelp for your remote IT support/access needs, you should update or patch your server installation without delay, to fix security vulnerabilities that may be exploited by remote attackers to execute code on th… Continue reading Critical SimpleHelp vulnerabilities fixed, update your server instances!

Infosec products of the month: December 2024

Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, Cato Networks, Datadog, Fortinet, GitGuardian, Horizon3.ai, Netwrix, Radiant Logic, RunSafe Security, SecureAuth, Stairwell, Stamus Networks, Sweet Se… Continue reading Infosec products of the month: December 2024

New infosec products of the week: December 13, 2024

Here’s a look at the most interesting products from the past week, featuring releases from Cato Networks, Horizon3.ai, SecureAuth, Stamus Networks, Trellix, and Versa Networks. Trellix Drive Encryption enhances security against insider attacks Trellix … Continue reading New infosec products of the week: December 13, 2024

Horizon3.ai NodeZero Insights enables executives to visualize changes in their security posture

Horizon3.ai launched NodeZero Insights, a platform designed for security leaders, CIOs, CISOs and practitioners. This new solution delivers real-time dashboards to measure, track and strengthen an organization’s security posture over time. NodeZero Ins… Continue reading Horizon3.ai NodeZero Insights enables executives to visualize changes in their security posture

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)

A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday. About CVE-2024-59… Continue reading Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by unauthenticated attackers to remotely read and modify all help desk ticket details, are… Continue reading PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)

CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the attacks are still unknown, but there may be more in the near future: Horizon3.ai researchers have publis… Continue reading PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM h… Continue reading PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

HHS pledges $50M for autonomous vulnerability management solution for hospitals

As organizations in the healthcare sector continue to be a prime target for ransomware gangs and CISA warns about a vulnerability (CVE-2023-43208) in a healthcare-specific platform being leveraged by attackers, the Advanced Research Projects Agency for… Continue reading HHS pledges $50M for autonomous vulnerability management solution for hospitals