Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We have found a new Prototype Pollution vulnerability in protobufjs (CVE-2023-36665). The maintainer of protobufjs has issued an update that fixed the issue on 27 June 2023. The vulnerability was discovered by Peter Samarin using Jazzer.js with our newly integrated Prototype Pollution bug detector. This finding emerged in part from our collaboration with Google's OSS-Fuzz and puts affected applications at risk of remote code execution and denial of service attacks.

Chances are, if you’re reading this, you’re in a situation you don’t want to be in. Maybe you’re suddenly unable to log into your account, you’ve noticed some suspicious activity in your bank statements, or you’ve woken up to unwanted threatening emails. In the modern world of cyberattacks, it is not a rare occurrence for people to make mistakes online resulting in being hacked.

In the face of persistent data breaches and escalating cyber threats, organizations are compelled to prioritize cloud defense in depth. These measures are indispensable for protecting critical assets and upholding the integrity of cloud-based systems. By establishing a comprehensive security plan, organizations can effectively convey their commitment to security and lay a solid foundation for a resilient and secure cloud environment.

In the past, organisations traditionally stored their data, applications, and resources in on-premises servers located in their building and typically managed by an in-house IT team. However, the modern work landscape has changed significantly, many businesses now prefer to migrate their IT infrastructure from on-premises to servers that are hosted and accessed through the internet, also known as ‘The Cloud’.

In the original Top Gun movie, Tom Cruise famously declared the words, “I feel the need! The need for speed!” At Cato Networks, we also feel the need for speed, and while we’re not breaking the sound barrier at 30,000 feet, we did just break the SASE speed barrier (again!).

According to the Verizon 2023 Data Breach Investigations Report, basic web application attacks, which consist largely of leveraging vulnerabilities and stolen credentials to get access to an organization’s assets, are the most prevalent pattern of attack against the financial services sector.

Every company has workers that have been there from the beginning and worked in every department. Knowledge of the company’s processes makes them valuable employees, but they can also access and put at risk lots of sensitive data. Regular user access reviews can help you mitigate this risk and safeguard your critical assets. Regularly reviewing user access is an essential part of access management.

Software vulnerabilities are the most significant security risks organizations face today, and several critical vulnerabilities have been identified in 2023, including Apache Superset, Papercut, and MOVEit SQL Injection vulnerabilities. In the first quarter of 2023, AppTrana detected 24,000 vulnerabilities across 1,400+ sites.

IIS server, Microsoft’s Windows web server is one of the most used web server platforms on the internet. IIS 10 hardening according to the IIS CIS benchmarks is essential for preventing cyber-attacks and achieving CIS compliance. Common breaches happen by using IIS unsecured server protocols and configurations, such as SMB and TLS/SSL. The IIS default configurations is not recommended to use and should be changed to meet the IIS CIS benchmarks requirements.

Jackson National Life Insurance is based in Lansing, Michigan, and was founded in 1961. This insurance and annuities company offers retail brokerage services and offers asset management services to its customers. Nearly 3,000 people are employed by the company, and it has an annual revenue of $14.4 billion. This large-scale insurance company is just one of the many recent organizations to be hurt by the MOVEit file transfer service breaches.