'

Cato Networks: Challenger in Gartner Magic Quadrant for Single-Vendor SASE

Cato Networks: Challenger in Gartner Magic Quadrant for Single-Vendor SASE

Cato Networks has announced today that Gartner, Inc. has recognised the company as a Challenger in the Gartner® Magic Quadrant for Single-Vendor SASE. “We are SASE. Four years before SASE was even defined, Cato was founded on the vision of converging networking and security into single, global, cloud service,” said Shlomo Kramer, co-founder and CEO … Read more

Customer-configured rules now the biggest contributor to mitigated traffic

Customer-configured rules now the biggest contributor to mitigated traffic

Customer-configured rules are now the biggest contributor to mitigated traffic as organizations adopt web application firewalls (WAFs) and improve at configuring/locking down their applications. That’s according to Cloudflare’s Application Security Report: Q2 2023, based on HTTP traffic observed by the firm between April and June. The research also found that CVEs dating back almost a … Read more

10 benefits of security performance metrics for CISOs

10 benefits of security performance metrics for CISOs

Measuring security performance may not sound like the most exciting exercise on the CISO’s agenda, but the right metrics can deliver significant value to security leaders and go a long way to helping them tackle a diverse set of challenges. The intersection of modern security and business means there are multiple metrics that CISOs can … Read more

Balancing risk and compliance: implications of the SEC’s new cybersecurity regulations

Balancing risk and compliance: implications of the SEC’s new cybersecurity regulations

Corporate cybersecurity is becoming a non-negotiable priority. How companies prepare for and defend themselves against cyber intrusions has profound implications for their operations, reputation, and bottom line. Companies have historically underestimated the magnitude of cybersecurity risks, and in the view of the US Security and Exchange Commission (SEC), they have consistently underreported material losses caused … Read more

CISA adds critical Adobe ColdFusion flaw to its Known Exploited Vulnerabilities catalog

CISA adds critical Adobe ColdFusion flaw to its Known Exploited Vulnerabilities catalog

US CISA added critical vulnerability CVE-2023-26359 in Adobe ColdFusion to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw CVE-2023-26359 (CVSS score 9.8) affecting Adobe ColdFusion to its Known Exploited Vulnerabilities Catalog. Adobe fixed the critical flaw in March 2023, it is a deserialization of untrusted data issue in Adobe ColdFusion that can … Read more

A cyber attack hit the Australian software provider Energy One

A cyber attack hit the Australian software provider Energy One

The Australian software provider Energy One announced it was hit by a cyberattack last week that affected certain corporate systems in Australia and the UK. The Australian software provider Energy One announced that a cyberattack hit certain corporate systems in Australia and the UK last week. Energy One is a global supplier of software products … Read more

Ivanti fixed a new critical Sentry API authentication bypass flaw

Ivanti fixed a new critical Sentry API authentication bypass flaw

Ivanti warned customers of a new critical Sentry API authentication bypass vulnerability tracked as CVE-2023-38035. The software company Ivanti released urgent security patches to address a critical-severity vulnerability, tracked as CVE-2023-38035 (CVSS score 9.8), in the Ivanti Sentry (formerly MobileIron Sentry) product. The vulnerability could be exploited to access sensitive API data and configurations, run … Read more

WinRAR users urged to upgrade to fix critical vulnerabilities

WinRAR users urged to upgrade to fix critical vulnerabilities

Users are advised to upgrade their WinRAR installations to fix two high-severity flaws that attackers could exploit to execute arbitrary code. The RAR archive format, which is associated with WinRAR, has been abused and exploited by cybercriminals before due to its long history of usage and popularity on the internet. Vulnerabilities could allow execution of … Read more

New HiatusRAT campaign targets Taiwan and U.S. military procurement system

New HiatusRAT campaign targets Taiwan and U.S. military procurement system

HiatusRAT malware operators resurfaced with a new wave of attacks targeting Taiwan-based organizations and a U.S. military procurement system. In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called “HiatusRAT” that infected over 100 edge networking devices globally. Threat actors leveraged edge routers, or “living on the edge” access, to passively collect … Read more

Application Security Report: Q2 2023

Application Security Report: Q2 2023

Cloudflare has a unique vantage point on the Internet. From this position, we are able to see, explore, and identify trends that would otherwise go unnoticed. In this report we are doing just that and sharing our insights into Internet-wide application security trends. This report is the third edition of our Application Security Report. The … Read more