Product Update - July 24th, 2023

New Features & Enhancements

  • License Bandwidth Management for China and Vietnam Sites: Over the next few weeks, we are gradually rolling out an enhancement that lets you view and assign the regional and global bandwidth site licenses for the China and Vietnam regions.

    • Provides clear visibility of the maximum regional and global bandwidth site licenses (Administration > License)

    • Manually assign and un-assign regional and/or global bandwidth licenses for sites in the China and Vietnam regions

    • There is no impact on traffic or settings in your account

  • Change in Navigation Menu:

    • Catalogs Move to Assets Section: The App Catalog and Threat Catalog screens are now located under the Assets section.

      • Previously they were located under the Monitoring section

    • Reports Move to Monitoring Section: The Reports screen is now located under the Monitoring section.

      • Previously it was located under the Administration section

Cato SDP Client Releases

  • Gradual Rollout of macOS Client v5.4: We are starting the gradual rollout of macOS Client v5.4 the week of July 23rd, 2023. For more information about the features and bug fixes in this version, see Summary of macOS Client Releases.

  • Android Client v5.0.1.112: Android Client version 5.0.1.112 is available for download from the Google Play Store. This version contains infrastructure improvements for future versions.
    For more information, see Summary of Cato Android Client Releases.

Security Updates

  • Application Database:

    • Added more than 100 new SaaS applications (you can view the SaaS apps in the Apps Catalog), including:

      • Threads

      • Windstream Video Conferencing

  • IPS Signatures: 

    • CVE-2020-12641: Roundcube Webmail Remote Code Execution

    • CVE-2021-27876: Veritas Backup Exec Agent File Access

    • CVE-2021-27877: Veritas Backup Exec Agent Remote Code Execution

    • CVE-2022-2414: Dogtag PKI XML External Entity Injection

    • CVE-2023-23333: SolarView Command Injection

    • CVE-2023-25135: vBulletin Remote Code Execution

    • CVE-2023-25717: Ruckus Wireless Devices Remote Code Execution

    • CVE-2023-32986: Jenkins File Parameters Plugin Directory Traversal

    • CVE-2023-34960: Chamilo Command Injection  

    • CVE-2023-20887: Aria Operations for Networks Command Injection (Enhancement)

    • CVE-2021-27878: Veritas Backup Exec Agent Remote Code Execution (Enhancement)

    • Ransomware AlphVM (Enhancement)

  • Suspicious Activity Monitoring:

    • Java download PE file (New)

    • PowerShell over HTTP (New)

  • Application Control Policy (CASB):

    • New granular actions for the following apps: 

      • Google Docs: View

    • Enhanced granular actions for the following apps:

      • Facebook: Comment, Login

      • Google: Login

      • MS Teams: Upload

      • Yahoo: Login  

  • Data Loss Prevention (DLP):

    • Added these new file types:

      • Toast Disk

      • Virtual CD

      • ISO Disk

      • Universal Disk Format (UDF)

Knowledge Base Updates

Was this article helpful?

0 out of 0 found this helpful

0 comments

Add your comment