Skip to content

2024.08

Features/Enhancements

Rapid Response Access for Team Members

  • Enhanced Access Control: Org Admins can now grant other team members full access to Rapid Response alerts. This includes visibility into Rapid Response alerts and the ability to receive alert emails. For organizations with MSP licenses, Rapid Response alerts will continue to be managed at the parent organization level, and MSP Org Admins cannot toggle Rapid Response access for users.

To grant access to a team member:

  1. Navigate to Settings.
  2. Go to User Management.
  3. Find the team member and click Edit User.
  4. Toggle on Rapid Response under "Assign full permissions".

Co-Branding Sample Reports (for MSP/MSSP/C+ Licenses)

  • Co-Branding Feature: Users with ORG_ADMIN permissions in client accounts that have co-branding enabled can now co-brand sample operation reports. When viewing any Sample Op in the Horizon 3 Sample account, a new menu option allows for co-branding sample reports, which will be available for download after reports generation is complete.

New Attack Content

AWS Pentest Updates

  • New Cloud Connection Type: Introduced a new Cloud Connection using the ReadOnlyAccess AWS Managed Policy, allowing NodeZero to inspect cloud resources like S3 objects and Lambda functions for sensitive information.
  • Multiple Cloud Connection Options: Users can now choose between two types of Cloud Connections.
  • Expiration Settings: Optional expiration dates can be set for Cloud Connections to prevent temporary access from becoming a long-term security risk.

RAT Support for Rapid Response Tests

  • Enhanced Rapid Response Testing: Added configuration options for Rapid Response tests that support the NodeZero RAT. This enables deeper testing of Rapid Response vulnerabilities to understand the impact of exploitation, applicable to both internal and external tests.

New Rapid Response Content and Tests

SolarWinds Web Help Desk Vulnerabilities

  • CVE-2024-28986: Allows an unauthenticated attacker to run commands on the host machine. Affects SolarWinds Web Help Desk 12.8.3 and all previous versions. This vulnerability was found to be exploited in-the-wild and was added to CISA KEV on August 15, 2024.
  • CVE-2024-28987: Allows an unauthenticated attacker to read and edit any helpdesk tickets, which may contain sensitive information like password reset details and system credentials. Affects SolarWinds Web Help Desk 12.8.3-HF1 and earlier versions. This vulnerability was discovered and reported by the Horizon3.ai research team. Read more in the news.