Leveraging BAS and MITRE ATT&CK for Threat-Informed Defense

In a recent blog, we covered the basics of breach and attack simulation (BAS) and MITRE ATT&CK, including the challenges security teams often face when attempting to utilize the ATT&CK framework and how BAS can help. Now, it’s time to get more specific. In this installment of our latest series, we’ll discuss the ways organizations typically leverage BAS and MITRE ATT&CK for threat-informed defense.

Cato's Analysis and Protection for cURL SOCKS5 Heap Buffer Overflow (CVE-2023-38545)

TL;DR This vulnerability appears to be less severe than initially anticipated. Cato customers and infrastructure are secure. Last week the original author and long-time lead developer of cURL Daniel Stenberg published a “teaser” for a HIGH severity vulnerability in the ubiquitous libcurl development library and the curl command-line utility. A week of anticipation, multiple heinous crimes against humanity and a declaration of war later, the vulnerability was disclosed publicly.

5 Reasons Why VPN is an Essential Utility for Internet Users

Imagine the internet as a big city. It's a place full of exciting destinations but also has its fair share of dark alleys. Now, imagine a VPN (Virtual Private Network) as your personal, digital bodyguard while you roam around this city. It keeps you safe, guards your privacy, and unlocks doors to places you never knew existed. Curious to take this security guard for a spin? You can try VPN for free and see the difference it makes. In this guide, we'll unveil five solid reasons why having a VPN by your side is a smart choice for any internet user.

Data Anonymization: What It Is and 6 Best Practices You Should Know

Despite diverse protection measures applied by organizations, data breaches involving Personally Identifiable Information (PII) still cause substantial financial losses across various industries. Between March 2022 and March 2023, compromised customer and employee PII cost organizations $183 and $181 per record, respectively, according to the 2023 Cost of a Data Breach Report by IBM Security.

The Role of UEBA in Zero Trust Security

As cyber threats have grown in sophistication and frequency, a paradigm shift in security strategy has become imperative. This shift has given rise to the Zero Trust Security Framework, an approach that challenges the very foundation of trust in network security. User and Entity Behavior Analytics (UEBA) steps into the spotlight as a dynamic force that complements and enhances the Zero Trust Security framework. Let’s discover how UEBA can help organizations achieve zero trust security!

How to Build Your Cybersecurity Leadership Skills as a SOC Analyst

Leadership skills are important for career growth in any industry, and cybersecurity is no exception. While you can certainly have a long, fulfilling career as a SOC analyst, you may be interested in moving up the ranks into a leadership position one day. Whether you aspire to be a SOC director or even a CISO, these tips will help you position yourself and develop the skills needed to move into a cybersecurity leadership role.

The State of Citrix Zero-Day Vulnerabilities 2023

Critical zero-day Citrix CVE-2023-3519 is still being exploited two months after Citrix released a patch. IONIX research found that 19% of the CVE-2023-3519 vulnerabilities are still unmitigated in comparison to only 3% among IONIX customers. In addition, IONIX customers were able to resolve this critical risk three times faster.