Protecting your business from cyber threats today means building a stronger tomorrow. As we see firsthand, the digital backdrop has grown increasingly complex, and with it, the risks businesses face daily. AI-powered threats are more sophisticated, making it critical for organizations to evolve their cybersecurity strategies.

Securing HTTP requests is crucial when developing Go applications to prevent vulnerabilities like Server-Side Request Forgery (SSRF). SSRF occurs when an attacker manipulates a server to make unintended requests, potentially accessing internal services or sensitive data. We will explore how to secure HTTP requests by employing URL parsing and validation techniques, and provide example code to fortify the http.Get HTTP GET request handler.

Update: Dec 11, 2024. Find the latest information in our follow-up security bulletin. On December 7, 2024, Arctic Wolf began observing a novel campaign exploiting Cleo Managed File Transfer (MFT) products across several customer environments. Initial indications of malicious activity in this campaign were identified as early as October 19, with a sharp increase in early December.

The anticipated change in stance from US regulators will drive a huge boost to global stablecoin adoption, which is already rapidly gaining traction as their share in cross-border and business-to-business payments grows, according to Michael Shaulov, CEO of Fireblocks.

3AM (also known as ThreeAM) is a ransomware group that first emerged in late 2023. Like other ransomware threats, 3AM exfiltrates victims' data (threatening to release it publicly unless a ransom is paid) and encrypts the copies left on targeted organisations' computer systems.

In this edition, Rom discusses four essential capabilities to consider when using a solution to manage cloud privileges and access to resources. He emphasizes the importance of visibility across all cloud access, planning for scale upfront, speaking the language of both security and DevOps, and ensuring easy onboarding and fast adoption. These four points are a great starting point for making the right PAM buying decision.

Cyberattackers are exploring stealthier and more sophisticated methods to infiltrate cloud environments. From exploiting misconfigurations to leveraging stolen credentials, adversaries are skilled at evading detection. Cloud logs are invaluable in helping organizations identify potential threats before they can cause damage.

Over the past decade, Detection and Response (DR) solutions have advanced substantially to address the constantly evolving sophistication of cyberattacks. Malicious actors have perfected techniques to evade traditional defenses, making detection and response solutions key requisites in a robust cybersecurity strategy.

The FBI issued an advisory on December 3rd warning the public of how threat actors use generative AI to more quickly and efficiently create messaging to defraud their victims, echoing earlier warnings issued by Trustwave SpiderLabs. The FBI noted that publicly available tools assist criminals with content creation and can correct human errors that might otherwise serve as warning signs of fraud.

Today, Cato Networks introduced Cato IoT/OT Security, the industry’s first SASE-native IoT/OT security solution. Cato IoT/OT Security extends SASE-based protection into IoT/OT environments, improving visibility and security while reducing complexity. Cato IoT/OT Security is a native feature in the Cato SASE Cloud Platform. It allows enterprises to instantly activate the new solution with a click of a button. No additional hardware or software needs to be installed or configured.