How Horizon3.ai’s Rapid Response Identified and Mitigated a Critical Mirth Connect Vulnerability A key consideration in cybersecurity is determining whether a known software vulnerability is actually exploitable. This often depends on how and where the at-risk software is deployed in your environment. To address the need to find what’s exploitable, Horizon3.ai developed and recently unveiled its Rapid Response service. This service provides our customers with proactive notifications about potentially exploitable vulnerabilities existing in their environments. Then using NodeZero, it allows them to test for exploitability for zero-day and N-day vulnerabilities. Once remediations are performed, they then use NodeZero to verify that issues have been resolved. Let’s look at an example of Rapid Response in action, in the context of a Mirth Connect RCE (Remote Code Execution) vulnerability that our research team discovered last year. Timeline of Mirth Connect Vulnerability: CVE-2023-43208 As part of our Rapid Response service, Horizon3.ai’s Attack Team performs expert research on popular software applications, this time researching Mirth Connect by NextGen HealthCare. Mirth Connect is an open-source data integration platform widely used by healthcare organizations. Last August, our Attack Team was tracking a vulnerability in Mirth (CVE-2023-37679) which was reportedly patched in Mirth Connect 4.4.0, released on […]

The post Ensuring Cybersecurity: Horizon3.ai’s Rapid Response Service in Action appeared first on Horizon3.ai.

The post Ensuring Cybersecurity: Horizon3.ai’s Rapid Response Service in Action appeared first on Security Boulevard.

Stephen Gates

Source: Security Boulevard
Source Link: https://securityboulevard.com/2024/07/ensuring-cybersecurity-horizon3-ais-rapid-response-service-in-action/