Skip to content

2024.12

Features/Enhancements

New Features

NodeZero Insights

Horizon3's new Insights product provides a comprehensive data analytics and management dashboard, empowering CIOs and CISOs with essential tools to launch and monitor organization-wide security enhancement initiatives and compliance checklists.

Other Improvements to NodeZero

  • Improved Workload Type Identification for K8s Penetration Testing
    Enhancements to Kubernetes workload identification improve accuracy during penetration testing assessments, making it easier to assess Kubernetes environments with greater precision.

Feature Updates

New Attack Content and Capabilities

  • PAN-OS (CVE-2024-0012 / CVE-2024-9474)
    These vulnerabilities exploit an implant flow that bypasses authentication and achieves Remote Code Execution (RCE) under root permissions. This enhancement improves NodeZero's ability to detect attempts to exploit these critical vulnerabilities in PAN-OS systems.

  • CyberPanel RCE (CVE-2024-51378) | CISA KEV
    This Remote Code Execution (RCE) vulnerability affects CyberPanel, enabling attackers to gain unauthorized access through the web interface. It is also a CISA Known Exploited Vulnerability (KEV), making it a high-priority detection target.

  • ProjectSend (CVE-2024-11680)
    This vulnerability allows an attacker to enable self-registration, modify ProjectSend settings, and potentially execute remote code via a webshell. The platform now detects these exploit attempts, increasing visibility into attacks targeting ProjectSend installations.

  • Cleo Harmony (CVE-2024-50623)
    This vulnerability affects Cleo Harmony, VLTrader, and LexiCom, allowing attackers to perform unrestricted file uploads and downloads, potentially leading to the download of arbitrary files from the host filesystem and Remote Code Execution (RCE). Detection has been added for this exploit, which can significantly impact sensitive systems.

  • CVE-2024-12356
    Added detection for command injection vulnerability in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) across all versions. This vulnerability can be exploited through a malicious client request, allowing an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user.

Fixed Bugs

  • Fixed Excessive Log-Ins During Attack Sequences
    Resolved an issue where excessive log-ins were triggered during attack sequences, reducing noise and improving accuracy.

  • Expanded Proof for H3-2021-0008
    The proof for H3-2021-0008 has been expanded to improve detection coverage, ensuring more effective identification of exploitation attempts.

  • Corrected BloodHound Timeouts
    Fixed issues related to BloodHound timeouts, ensuring more reliable Active Directory assessments during penetration testing.

  • Fixed Deployment Module Issues
    Addressed issues within the Deployment Module, improving consistency and functionality during the deployment process.