As per a recent update from Fortinet, Exploitation of CVE-2024-55591, a recently disclosed authentication bypass vulnerability in FortiOS and FortiProxy, allows remote attackers to achieve super-admin privileges. By sending specially crafted requests to the Node.js WebSocket module, attackers can exploit this zero-day vulnerability to gain unauthorized access.

As the official implementation date approaches for the Digital Operational Resilience Act (DORA) – financial institutions and their information and communication technology (ICT) service providers, across the European Union are gearing up for a significant shift in their operational landscape.

A Software Bill of Materials (SBOM) is essentially an inventory of the components used to build a software artifact, such as an application. While the concept of tracking an application’s components is not new, its importance has grown in recent years due to the rising threat of software supply chain attacks. One significant example is the SolarWinds attack, which highlighted how threat actors are increasingly targeting vulnerabilities in software components during the delivery process.

In the fast-paced world of cybersecurity and system observability, timely and accurate incident investigations are crucial. Whether you’re a SOC admin hunting down vulnerabilities, a developer resolving critical system outages, or a team member tracking Real User Monitoring (RUM) errors, the ability to piece together evidence, understand the timeline, and collaborate effectively is the difference between days and weeks of investigation.

In a world where increasing numbers of transactions are done online, compliance with PCI DSS (Payment Card Industry Data Security Standard) is crucial. However, with more organizations turning to cloud-based service providers such as AWS, Azure or GCP, ensuring that payment data is kept completely secure is becoming more challenging.

We are excited to announce today that Coralogix has achieved FedRAMP Ready status and is now listed in the Federal Risk and Authorization Management Program Marketplace. This significant milestone underscores Coralogix’s commitment to providing secure, compliant, and efficient observability services to customers, especially within the government sector. This achievement paves the way for Coralogix to provide US government entities with full-stack, cost-effective observability capabilities.

Bad bots, hackers, and other malicious agents can be tracked by a huge volume of metrics – session activity, HTTP headers, response times, request volume & cadence, and more. This complexity has created a market for siloed, complex, and extremely expensive tools. In contrast, Coralogix can consume simplistic data, like CDN logs, and derive complex, dynamically changing scores. When coupled with built-in cost optimization and the wider platform features, this makes a very compelling case.

On April 12, 2024, Palo Alto disclosed a critical vulnerability identified as CVE-2024-3400 in its PAN OS operating system, which carries the highest severity rating of 10.0 on the CVSS scale. This vulnerability, present in certain versions of Palo Alto Networks’ PAN-OS within the GlobalProtect feature, allows unauthenticated attackers to execute any code with root privileges on the firewall through command injection.

The same security scenarios are checked thoroughly. Privilege escalation, SQL injection, Port scanning and so on. These checks form the bedrock of defensive security, but as solutions become more complex, so too must our capability to detect complex scenarios. Let’s explore a very complex use case, that ties together multiple Coralogix features, and showcases the power of Coralogix, not just in detecting the simple stuff, but in tracking the most complex scenarios in modern security.

There is one area of technology that requires the fastest possible response time, where every second has potentially enormous implications – security. Coralogix fits the security use cases elegantly for a simple reason. It’s very, very fast. Coralogix alarms fire faster than any of our competitors. When benchmarking our closest competition, whose alarms responded in around 2-4 minutes, we left them behind with a median trigger time of 10 seconds across log alerts.