We have found a new Prototype Pollution vulnerability in protobufjs (CVE-2023-36665). The maintainer of protobufjs has issued an update that fixed the issue on 27 June 2023. The vulnerability was discovered by Peter Samarin using Jazzer.js with our newly integrated Prototype Pollution bug detector. This finding emerged in part from our collaboration with Google's OSS-Fuzz and puts affected applications at risk of remote code execution and denial of service attacks.

Chances are, if you’re reading this, you’re in a situation you don’t want to be in. Maybe you’re suddenly unable to log into your account, you’ve noticed some suspicious activity in your bank statements, or you’ve woken up to unwanted threatening emails. In the modern world of cyberattacks, it is not a rare occurrence for people to make mistakes online resulting in being hacked.

In the face of persistent data breaches and escalating cyber threats, organizations are compelled to prioritize cloud defense in depth. These measures are indispensable for protecting critical assets and upholding the integrity of cloud-based systems. By establishing a comprehensive security plan, organizations can effectively convey their commitment to security and lay a solid foundation for a resilient and secure cloud environment.

In the past, organisations traditionally stored their data, applications, and resources in on-premises servers located in their building and typically managed by an in-house IT team. However, the modern work landscape has changed significantly, many businesses now prefer to migrate their IT infrastructure from on-premises to servers that are hosted and accessed through the internet, also known as ‘The Cloud’.

Behind every important business process is a solid network infrastructure that lets us access all of these services. But for an efficient and available network, you need an optimization framework to maintain a strong network lifecycle. It can be carried out as a lifecycle process to ensure continuous monitoring, management, automation, and improvement.

In the original Top Gun movie, Tom Cruise famously declared the words, “I feel the need! The need for speed!” At Cato Networks, we also feel the need for speed, and while we’re not breaking the sound barrier at 30,000 feet, we did just break the SASE speed barrier (again!).

According to the Verizon 2023 Data Breach Investigations Report, basic web application attacks, which consist largely of leveraging vulnerabilities and stolen credentials to get access to an organization’s assets, are the most prevalent pattern of attack against the financial services sector.

Every company has workers that have been there from the beginning and worked in every department. Knowledge of the company’s processes makes them valuable employees, but they can also access and put at risk lots of sensitive data. Regular user access reviews can help you mitigate this risk and safeguard your critical assets. Regularly reviewing user access is an essential part of access management.

The InfoStealer and remote-access-tools (RATs) markets constantly provide us with new products. The Cyberint Research Team discovered a new RAT that is claiming to be the next popular threat against organizations and individuals worldwide. With fairly interesting PR and marketing methods, RevolutionRAT seems to be gaining attention with a growing Telegram community after only a few days of operation.

Software vulnerabilities are the most significant security risks organizations face today, and several critical vulnerabilities have been identified in 2023, including Apache Superset, Papercut, and MOVEit SQL Injection vulnerabilities. In the first quarter of 2023, AppTrana detected 24,000 vulnerabilities across 1,400+ sites.