Product Update - September 30, 2024

There are no new features or enhancements for the Cato service for this week. Take a look at these previously released features:

Go to the Cato Product Roadmap in the Knowledge Base to follow the status of upcoming features and enhancements.

Security Updates

  • IPS Signatures:
    • View more details about the IPS signatures and protections in the Threats Catalog:
      • WorkersDevBackdoor (New)

      • Bixi Ransomware (Enhancement)

      • BlackZluk Ransomware (Enhancement)

      • Cipher (Proton) Ransomware (Enhancement)

      • Colony Ransomware (Enhancement)

      • ELPACO-team Ransomware (Enhancement)

      • Foxtrot Ransomware (Enhancement)

      • Medusa Ransomware (Enhancement)

      • MoneyIsTime Ransomware (Enhancement)

      • Pgp Ransomware (Enhancement)

      • PURGAT0RY Ransomware (Enhancement)

      • Pwn3d Ransomware (Enhancement)

      • Secdojo Ransomware (Enhancement)

      • Stop/Djvu Ransomware (Enhancement)

      • ZAKI ESCOVINDA Ransomware (Enhancement)

      • CVE-2024-7593 (New)

      • CVE-2024-7339 (New)

      • CVE-2024-45195 (New)

      • CVE-2024-41869 (New)

      • CVE-2024-32399 (New)

      • CVE-2024-28000 (New)

      • CVE-2024-27564 (New)

      • CVE-2023-49559 (New)

      • CVE-2021-33045 (New)

      • CVE-2021-33044 (New)

      • CVE-2014-9222 (New)

      • CVE-2024-6670 (Enhancement)

      • CVE-2017-0199 (Enhancement)

      • Downloaded Files From Low-Popularity Target Using PowerShell (Enhancement)

  • Suspicious Activity Monitoring
    • These protections were added to the SAM service:
      • Ngrok agent established tunnel - free domains (New)

      • cid_sam_rmm_zoho_assist_attended_1_a (New)

      • cid_sam_rmm_zoho_assist_attended_1_b (New)

      • cid_sam_rmm_zoho_assist_attended_2 (New)

      • cid_sam_rmm_zoho_assist_attended_remote_support (New)

      • cid_sam_rmm_zoho_assist_unattended_1 (New)

      • cid_sam_rmm_zoho_assist_unattended_2 (New)

      • cid_sam_rmm_zoho_assist_unattended_3 (New)

    •  
  • XDR Indications Of Attack Signatures:
    • Threat Prevention:
      • C2 Communication Over DNS (New)
    • Threat Hunting:
      • Communication with newly registered domains (New)
      • DNS Queries to Crypto-Related Domains (New)
      • Remote Connectivity Activity (Enhancement)
      • Remote Session to Low-Popularity IP (Enhancement)
  • Device Inventory:
    • These are the updates to the Device Inventory detection engine:
      • IOT:

        • Smart Display
          • Kyocera (Enhancement)
        • Printer
          • Brother (Enhancement)
          • Zebra (Enhancement)
        • VoIP
          • Cisco (Enhancement)
          • Grandstream Networks (Enhancement)
          • Mitel (Enhancement)
          • Polycom (Enhancement)
          • Snom Technology (Enhancement)
      • IOMT:

        • Ascom (Enhancement)
      • OT, IOT
        • Power Device
          • APC (Enhancement)
          • Eaton (Enhancement)
      • Media Player
        • Roku (Enhancement)
      • Mobile:

        • Mobile Phone
          • Samsung (Enhancement)
      • Networking:
        • Network Appliance
          • Aruba Networks (Enhancement)
          • Netgear (Enhancement)
        • Access Point
          • Aruba Networks (Enhancement)
      • PC:
        • Workstation
          • MSI (Enhancement)

Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.

Was this article helpful?

0 out of 0 found this helpful

0 comments

Add your comment