Today, Cato Networks introduced Cato IoT/OT Security, the industry’s first SASE-native IoT/OT security solution. Cato IoT/OT Security extends SASE-based protection into IoT/OT environments, improving visibility and security while reducing complexity. Cato IoT/OT Security is a native feature in the Cato SASE Cloud Platform. It allows enterprises to instantly activate the new solution with a click of a button. No additional hardware or software needs to be installed or configured.

Securing HTTP requests is crucial when developing Go applications to prevent vulnerabilities like Server-Side Request Forgery (SSRF). SSRF occurs when an attacker manipulates a server to make unintended requests, potentially accessing internal services or sensitive data. We will explore how to secure HTTP requests by employing URL parsing and validation techniques, and provide example code to fortify the http.Get HTTP GET request handler.

Cybersecurity automation is no longer a “nice-to-have” — it’s a necessary component for security teams. The latest data reveals that organizations are increasingly recognizing the critical role automation plays in safeguarding their systems and enabling their teams to thrive. Here are the key insights.

Discover how GitGuardian is redefining non-human identity (NHI) security with comprehensive secrets security and governance solutions to protect against modern threats.

Struggling with fragmented secrets management and inconsistent vault practices? GitGuardian new multi-vault integrations provide organizations with centralized secrets visibility, reduce blind spots, enforce vault usage and fight against vault sprawl.

Virtual machines form the backbone of most enterprise IT systems, which means effective virtual machine backup software is essential for safeguarding business operations. Companies need reliable backup solutions to protect their virtualized applications and data from unexpected failures, breaches, or system crashes.

Update: Dec 11, 2024. Find the latest information in our follow-up security bulletin. On December 7, 2024, Arctic Wolf began observing a novel campaign exploiting Cleo Managed File Transfer (MFT) products across several customer environments. Initial indications of malicious activity in this campaign were identified as early as October 19, with a sharp increase in early December.

Researchers at Silent Push warn that a phishing campaign is using malicious Google Ads to conduct payroll redirect scams. The attackers are buying search ads with brand keywords to boost their phishing pages to the top of the search results. “We have identified hundreds of domains primarily focused on Workday users and high-profile organizations, including the California Employment Development Department (EDD), Kaiser Permanente, Macy’s, New York Life, and Roche,” the researchers write.

Since its initial release in January 2020, the Cybersecurity Maturity Model Certification (CMMC) has undergone a series of fundamental changes. Fortunately, CMMC compliance requirements became much clearer when the US Department of Defense (DoD) published its CMMC Final Rule in October 2024. As a result, CMMC will have an impact on nearly every DoD contractor and subcontractor, and it’s anticipated that references to CMMC will be included in DoD contracts as early as March 2025.

New analysis of ransomware attacks shows that phishing is the primary delivery method and organizations need to offer more effective security awareness training to mitigate the threat. Hornet Security’s Q3 2024 Ransomware Attacks Survey report paints a pretty bleak picture of how organizations have fared this year against ransomware attacks. So almost one in five organizations is a victim. According to the survey data, 52.3% of the attacks started with a phishing email.