In today’s fast-paced digital landscape, IT departments face unprecedented challenges. From managing increasingly fragmented infrastructures to ensuring robust security, the demands on IT teams have never been higher. Secure Access Service Edge (SASE) represents a groundbreaking approach to addressing these challenges by converging networking and security into a unified, cloud-native platform. But what makes a true SASE platform so transformative?

The Cato CTRL and Cato Application Security Research teams recently discovered CVE-2023-49559, a directive overload Denial of Service (DoS) vulnerability in the gqlparser library, which is a crucial component in the development and running of GraphQL applications. The vulnerability is of medium severity (CVSS score of 5.3). The gqlparser library is an integrated component of the gqlgen Golang GraphQL server, widely used in web applications to handle GraphQL queries.

As organizations increasingly integrate artificial intelligence (AI) into their operations, the nature of data security is undergoing significant transformation. With AI’s ability to process vast amounts of data quickly, the risk of data breaches and leaks has grown exponentially. In this context, Data Loss Prevention (DLP) has (re)emerged as a critical component for IT professionals seeking to safeguard sensitive information.

In today’s rapidly evolving retail landscape, where digital transformation is no longer a choice but a necessity, the importance of a robust and agile network and security infrastructure cannot be overstated. Retailers face a multitude of challenges, from managing vast networks across geographically dispersed locations to safeguarding sensitive customer data in an increasingly complex threat environment.

Selecting the right SASE (Secure Access Service Edge) vendor requires a solid project management tool that fosters collaboration between network and IT security teams. This collaboration, or team unity, will ensure alignment with an organization’s strategic goals while leveraging the respective expertise of stakeholders. Consequently, the selected SASE solution will meet network design, configuration, and security needs – essential for project success.

In the ever-evolving landscape of IT services, channel partners like service providers, managed service providers (MSPs), and telecommunications companies have long played a crucial role in delivering enterprise networking and security solutions. However, a subtle yet powerful shift is emerging that threatens to disrupt this status quo. Single-vendor SASE (Secure Access Service Edge) solutions are rapidly gaining traction and quietly reshaping the competitive landscape.

To further raise awareness on threat actor activity in the dark web and hacking communities, today we are introducing the Cato CTRL Threat Actor Profile. This will be a blog series that profiles various threat actors and documents notable activity that we are observing. Our inaugural Cato CTRL Threat Actor Profile is on Yashechka.

Recently, CrowSec security researchers published a proof of concept (PoC) for a critical remote code execution (RCE) vulnerability in Windows Server (CVSS score 9.8), ranging all the way from Windows Server 2000 up to 2025. The vulnerable component is the Remote Desktop Licensing service, often deployed and enabled on Windows Servers using Remote Desktop Services. The exploit is a 0-click pre-auth exploitation, meaning no user interaction or authentication details are necessary.

At RSA Conference 2024, Cato Networks introduced Cato CTRL (Cyber Threats Research Lab), which is our cyber threat intelligence (CTI) team. Cato CTRL protects organizations by collecting, analyzing and reporting on external and internal threats, utilizing the data lake underlying the Cato SASE Cloud Platform. For 2024, Cato CTRL is publishing quarterly threat reports that provide an overview of the threat landscape.

The world has evolved and the on-going momentum of Cloud and Work-From-Anywhere (WFA) has become unstoppable. CISOs have realized their traditional security architectures, specifically VPNs, are no longer adequate to ensure only authorized users have access to critical resources. This has made the role of CISO ever more important because we now have applications everywhere and people everywhere, leading to increased cyber threats everywhere.