The Cato CTRL and Cato Application Security Research teams recently discovered CVE-2023-49559, a directive overload Denial of Service (DoS) vulnerability in the gqlparser library, which is a crucial component in the development and running of GraphQL applications. The vulnerability is of medium severity (CVSS score of 5.3). The gqlparser library is an integrated component of the gqlgen Golang GraphQL server, widely used in web applications to handle GraphQL queries.

We’ve just introduced the Tines Top Builder score, a measure of user activity that shows just how much hands-on experience you’ve had in Tines in a given year. Why track our Top Builders? We realized we were seeing a high level of achievement from our users – to the extent that it warranted some recognition. We set out to identify exactly who our Top Builders were, with the intent to celebrate their achievement at the end of each year.

Enterprise data consolidation and access have long posed significant challenges in the Security Operations Center (SOC). They often hinder security teams from effectively investigating and taking action on the vast amounts of data they are tasked with protecting. Traditional security tools frequently operate in isolation, lacking the compatibility to create a cohesive data strategy.

In the fast-paced world of cybersecurity and system observability, timely and accurate incident investigations are crucial. Whether you’re a SOC admin hunting down vulnerabilities, a developer resolving critical system outages, or a team member tracking Real User Monitoring (RUM) errors, the ability to piece together evidence, understand the timeline, and collaborate effectively is the difference between days and weeks of investigation.

Pulumi customers can secure and simplify their secrets management workflows with a new integration built for 1Password.

On September 17, 2024, Broadcom released fixes for a critical vulnerability impacting VMware vCenter Server and Cloud foundation, tracked as CVE-2024-38812. This vulnerability is a heap-overflow flaw in the implementation of the DCERPC protocol that a remote attacker can use to send specially crafted network packets to vCenter Server, potentially leading to Remote Code Execution (RCE).

Keeper Security is excited to announce that passphrases are now supported for mobile platforms on Android and coming soon for iOS, extending the same passphrase experience users have enjoyed in the Keeper Web Vault. In addition, Keeper’s latest update provides enhanced autofill capabilities for long-tap autofilling and Time-based One-Time Passwords (TOTP) on iOS.

Engineering Leaders are stretched thinner than ever, racing to deliver innovative products and scale operations while securing a complex digital ecosystem across the increasing perimeter of code, DevOps, compliance, and more. Remember the infamous MOVEit attacks that compromised nearly 2,000 organizations, from BBC and Harvard to local government agencies. Over 67 million individuals were affected, underscoring the devastating consequences of such breaches.

Generative AI (GenAI) has the power to transform organizations from the inside out. Yet many organizations are struggling to prove the value of their GenAI investments after the initial push to deploy models. “At least 30% of GenAI projects will be abandoned after proof of concept by the end of 2025, due to poor data quality, inadequate risk controls, escalating costs or unclear business value,” according to Gartner, Inc.