On July 19, 2024, organizations around the world began to experience the “blue screen of death” in what would soon be considered one of the largest IT outages in history. Early rumors of a mass cyberattack were quickly squashed: it seemed a minor software update was to blame for countless shopping excursions cut short, airline flights grounded and critical surgeries postponed.

On August 12, 2024, Ivanti announced a critical authentication bypass vulnerability in its Virtual Traffic Manager (vTM), identified as CVE-2024-7593. Ivanti Virtual Traffic Manager (vTM) is a software-based application delivery controller that manages traffic flow to ensure high performance, availability, and security for web applications.

Researchers at ThreatFabric warn that a phishing campaign is distributing the Chameleon Android malware by impersonating a Customer Relationship Management (CRM) app. The campaign is currently targeting users in Canada and Europe, but may expand to other regions. “The naming used for the dropper and the payloads clearly shows that the intended victims of the campaign are hospitality workers and potentially B2C business employees in general,” ThreatFabric says.

Cross-Site Request Forgery (CSRF) is a serious web security vulnerability that allows attackers to exploit active sessions of targeted users to perform privileged actions on their behalf. Depending on the relevancy of the action and the permissions of the targeted user, a successful CSRF attack may result in anything from minor integrity impacts to a complete compromise of the application.

At RSA Conference 2024, Cato Networks introduced Cato CTRL (Cyber Threats Research Lab), which is our cyber threat intelligence (CTI) team. Cato CTRL protects organizations by collecting, analyzing and reporting on external and internal threats, utilizing the data lake underlying the Cato SASE Cloud Platform. For 2024, Cato CTRL is publishing quarterly threat reports that provide an overview of the threat landscape.

In our increasingly interconnected world, the specter of cybercrime looms larger than ever, casting a shadow over people, businesses, and governments alike. Among the slew of cyber threats bombarding entities daily, phishing attacks are a particularly pernicious menace. With each day, bad actors hone their techniques, leveraging the latest tools and psychological tactics to craft sophisticated phishing campaigns that are clever enough to defy all but the closest scrutiny.

In this episode of the Trust Issues podcast, Debashis Singh and host David Puner explore the intricate world of digital transformation and identity security. Debashis, the Global CIO at Persistent Systems, shares his frontline insights on the singular challenges and strategies organizations face on their digital transformation journeys.

No executive wants to be blindsided by risks that should have been reasonably anticipated, especially the CEO, CFO, and board members. In the CISO Desk Reference Guide, Gary Hayslip, Bill Bonney, and I wrote extensively about how CISOs play a critical role in contextualizing digital and cyber risks to the organization’s broader enterprise risk management practices.

The pressure on security teams has never been greater. With an ever-evolving threat landscape, resource constraints, and now the rapid adoption of artificial intelligence (AI) technologies, Chief Information Security Officers (CISOs) are facing unprecedented challenges. This was one of the clear takeaways from our recent report CISO perspectives: separating the reality of AI from the hype, in which 53 CISOs shared their opinions and experiences of AI’s impact on their security operations.

Securing your API ecosystem is increasingly complex, leaving organizations unsure where to begin. Gartner's 2024 Market Guide for API Protection offers clear guidance: Understanding your API attack surface and prioritizing your security efforts is crucial. Once you have visibility into your API landscape, you can implement appropriate security measures to protect your APIs from abuse and access violations.