On Friday, April 12, 2024, Palo Alto Networks PAN-OS was found to have an OS command injection vulnerability (CVE-2024-3400). Due to its severity, CISA added it to its Known Exploited Vulnerabilities Catalog. Shortly after disclosure, a PoC was published.

Every year, Bonnaroo, the popular music and arts festival, takes over a 700-acre farm in the southern U.S. for four days. While the festival is known for its diverse lineup of music, it also offers a unique and immersive festival experience filled with art, comedy, cinema, and more.

Cato Networks has recently released a new data loss prevention (DLP) capability, enabling customers to detect and block documents being transferred over the network, based on sensitive categories, such as tax forms, financial transactions, patent filings, medical records, job applications, and more. Many modern DLP solutions rely heavily on pattern-based matching to detect sensitive information. However, they don’t enable full control over sensitive data loss.

In an era where cyber threats evolve as rapidly as the technology they target, understanding the mindset of those behind the attacks is crucial. This was the central theme of a speech given by Etay Maor, Senior Director of Security Strategy, of Cato Networks at the MSP EXPO 2024 Conference & Exposition in Fort Lauderdale, Florida. Titled, “SASE vs.

A severe backdoor has been discovered in XZ Utils versions 5.6.0 and 5.6.1, potentially allowing threat actors to remotely access systems using these versions within SSH implementations. Many major Linux distributions were inadvertently distributing compromised versions. Consult your distribution’s security advisory for specific impact information.

The rapidly evolving technology and digital transformation landscape has ushered in increased requirements for high-speed connectivity to accommodate high-bandwidth application and service demands. Numerous use cases, such as streaming media, internet gaming, complex data analytics, and real-time collaboration, require we go beyond today’s connectivity trends to define new ones.

Cato XDR breaks the mold: Now, one platform tackles both security threats and network issues for true SASE convergence.

Phishing remains an ever persistent and grave threat to organizations, serving as the primary conduit for infiltrating network infrastructures and pilfering valuable credentials. According to an FBI report phishing is ranked number 1 in the top five Internet crime types. Recently, the Cato Networks Threat Research team analyzed and mitigated through our IPS engine multiple advanced Phishing Kits, some of which include clever evasion techniques to avoid detection.

In a recent ad on a closed Telegram channel, a known threat actor has announced it’s recruiting AI and ML experts for the development of it’s own LLM product.

If you’re an administrator running Ivanti VPN (Connect Secure and Policy Secure) appliances in your network, then the past two months have likely made you wish you weren’t. In a relatively short timeframe bad news kept piling up for Ivanti Connect Secure VPN customers, starting on Jan. 10th, 2024, when critical and high severity vulnerabilities, CVE-2024-21887 and CVE-2023-46805 respectively, were disclosed by Ivanti impacting all supported versions of the product.