Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We’ve listened, we’ve learned, and the market has definitely spoken! Our old name just wasn’t working: it was hard to pronounce, hard to spell, and hard to understand what we do. Even if the ‘archivist’ leap was made it didn’t carry our special mission with it.

What do you need to become a successful bug bounty hunter? Most importantly: a hoodie. But qualities like professionalism, a growth mindset, and good communication skills count, too.

Businesses today leverage technology in almost all aspects of their operations because it enhances efficiency. However, this reliance on digital tools exposes them to cyber threats like an eavesdropping attack. Research says more than 37% of smartphones worldwide have become eavesdropping targets. That's a lot of mobile devices belonging to employees of many companies. So, understanding what an eavesdropping attack is and how to prevent it can save your organization from potential problems.

My new favorite company took center stage in iconic New York Times Square today with a multi-story high 3D visualization of our revolutionary secure access service edge (SASE) platform. It’s positively mesmerizing, take a look: The move signals a seismic shift happening across enterprises, the need to have an IT infrastructure that can easily adapt to anything at any time, and the transformative power of Cato’s networking and security platform.

On November 4, 2023, QNAP published security advisories for two critical command injection vulnerabilities impacting multiple versions of QNAP operating systems and applications related to the vendor’s network-attached storage (NAS) devices. Both vulnerabilities have been given critical CVSS scores (CVE-2023-23368: 9.8, CVE-2023-23369: 9.0) and both can lead to unauthenticated, remote threat actors executing commands if successfully exploited.

On November 2, 2023, SysAid was notified by Microsoft of a zero-day path traversal vulnerability allowing for remote code execution, which affects their on-premises ITSM solution. In the investigation conducted by SysAid, it was determined that the vulnerability was being actively exploited by a ransomware affiliate group known as Lace Tempest (DEV-0950), a group known for deploying the CL0P ransomware payload.

More decision-makers are investing in grid modernization efforts, knowing that doing so is necessary for keeping pace with modern demands. For example, smart grid fault-detection sensors could warn utility company providers of problems in real time, preventing costly and inconvenient outages. Technologies like the Internet of Things (IoT) can also improve stability. An IoT grid-monitoring approach allows authorized parties to oversee electrical infrastructure from anywhere.

As discussed in the previous blog, the insurance sector, like other financial institutions, face various unique cybersecurity challenges. Of primary concern is its responsibility for safeguarding sensitive customer data. This data has long been a prime target for cybercrime — a trend that has endured even as today’s IT landscape, and the threats against it, continue to evolve.