My new favorite company took center stage in iconic New York Times Square today with a multi-story high 3D visualization of our revolutionary secure access service edge (SASE) platform. It’s positively mesmerizing, take a look: The move signals a seismic shift happening across enterprises, the need to have an IT infrastructure that can easily adapt to anything at any time, and the transformative power of Cato’s networking and security platform.

On November 4, 2023, QNAP published security advisories for two critical command injection vulnerabilities impacting multiple versions of QNAP operating systems and applications related to the vendor’s network-attached storage (NAS) devices. Both vulnerabilities have been given critical CVSS scores (CVE-2023-23368: 9.8, CVE-2023-23369: 9.0) and both can lead to unauthenticated, remote threat actors executing commands if successfully exploited.

On November 2, 2023, SysAid was notified by Microsoft of a zero-day path traversal vulnerability allowing for remote code execution, which affects their on-premises ITSM solution. In the investigation conducted by SysAid, it was determined that the vulnerability was being actively exploited by a ransomware affiliate group known as Lace Tempest (DEV-0950), a group known for deploying the CL0P ransomware payload.

Using anonymized data from three years of tests conducted on commercial software systems and applications, the recently published 2023 Software Vulnerability Snapshot report from Synopsys focuses on exposing persistent vulnerabilities that are significant challenges to web and software application security, including the top three vulnerability types related to.

More decision-makers are investing in grid modernization efforts, knowing that doing so is necessary for keeping pace with modern demands. For example, smart grid fault-detection sensors could warn utility company providers of problems in real time, preventing costly and inconvenient outages. Technologies like the Internet of Things (IoT) can also improve stability. An IoT grid-monitoring approach allows authorized parties to oversee electrical infrastructure from anywhere.

As discussed in the previous blog, the insurance sector, like other financial institutions, face various unique cybersecurity challenges. Of primary concern is its responsibility for safeguarding sensitive customer data. This data has long been a prime target for cybercrime — a trend that has endured even as today’s IT landscape, and the threats against it, continue to evolve.

In my previous blog post, I touched upon some challenges with how NGFW container firewalls are built and how it takes a team of firewall specialists to deploy, configure and maintain the firewall platform. In this blog I will illustrate the challenges in detail and demonstrate the simplicity of the Calico container firewall platform.

In the wake of escalating cyber-attacks and data breaches, the ubiquitous advice of “don’t share your password” is no longer enough. Passwords remain the primary keys to our most important digital assets, so following password security best practices is more critical than ever. Whether you’re securing email, networks, or individual user accounts, following password best practices can help protect your sensitive information from cyber threats.

As technology evolves, so do the threats that loom over our communication infrastructure. The rollout of 5G, the rise of artificial intelligence (AI) and our ongoing dependence on these networks combine to make the telecommunications industry a prime target for cyberattacks.

In today's rapidly changing cybersecurity landscape, swift and effective incident response is pivotal. Traditional incident response approaches, involving disparate tools and isolated processes, have proven inadequate to the task. That's where unified platforms come into play—a comprehensive approach to incident response that streamlines and centralizes the entire process.