New Features & Enhancements
- New Release for Windows Client v5.17: During the week of August 31, 2025, we will begin rolling out the new Windows Client version 5.17. This version includes performance enhancements and bug fixes.
-
App Activities via API Support for ServiceNow: Connecting SaaS apps to Cato lets you understand who is accessing each app and identify suspicious activities or trends, even when users are not connected to the Cato Cloud. You can now connect your ServiceNow account to provide visibility into user activities.
- The ServiceNow app is available from the Integrations Catalog, under App Activities
- This feature is included in the CASB license
Security Updates
-
App Catalog
- Apple iCloud Private Relay (Enhancement)
- Epic Games, Nintendo (Enhancement)
- Kakaotalk (Enhancement)
- MongoDB (Enhancement)
- SharePoint and OneDrive business (Enhancement)
- Sofa Feed (New)
- Synology (Enhancement)
- Talk2M By Ewon (Enhancement)
- Webex (Enhancement)
- Iboss (Enhancement)
-
IPS Signatures
-
IPS Signatures: View more details about the IPS signatures and protections in the Threats Catalog:
- CVE-2021-3223 (New)
- CVE-2023-41109 (New)
- CVE-2024-4323 (Enhancement)
- CVE-2024-56325 (New)
- CVE-2025-29971 (Enhancement)
- CVE-2025-34035 (New)
- CVE-2025-47981 (New)
- CVE-2025-52488 (New)
- CVE-2025-8355 (New)
- Exploitation - Modbus Scanner - Read Device Identification Command (New)
- Heuristic - Certipy's Certificate Signing Request (CSR) via Web Enrollment (Enhancement)
- Heuristic - Certipy's DCOM-based Certificate Signing Request (CSR) (New)
- Heuristic - Certipy's RPC-based Certificate Signing Request (CSR) (New)
- Heuristic - Metasploit-Framework's Certificate Signing Request (CSR) (New)
- Heuristic - O365 Phishing (Enhancement)
- Ransomware - 707 (Enhancement)
- Ransomware - Aleta (Enhancement)
- Ransomware - Arena (Enhancement)
- Ransomware - Bitrix (Enhancement)
- Ransomware - BlackHeart (MedusaLocker) (Enhancement)
- Ransomware - BOBER (Enhancement)
- Ransomware - Charon (Enhancement)
- Ransomware - Cowa (Enhancement)
- Ransomware - CyberHazard (Enhancement)
- Ransomware - Cybertron (Enhancement)
- Ransomware - Darkness (Enhancement)
- Ransomware - Dire Wolf (Enhancement)
- Ransomware - GRYPHON (Enhancement)
- Ransomware - Jackpot (MedusaLocker) (Enhancement)
- Ransomware - KREMLIN (Enhancement)
- Ransomware - Level (Enhancement)
- Ransomware - Matrix (Proton) (Enhancement)
- Ransomware - Mr.Dark101 (Enhancement)
- Ransomware - RA World (Enhancement)
- Ransomware - RDAT (Enhancement)
- Ransomware - RestoreMyData (Enhancement)
- Ransomware - REVRAC (Enhancement)
- Ransomware - Rokku (Enhancement)
- Ransomware - RTRUE (Enhancement)
- Ransomware - Solara (Enhancement)
- Ransomware - Tiger (Enhancement)
- Ransomware - Traders (Enhancement)
-
SAM Signatures
- Putty latteral movment – (Enhancement)
- Anydesk Command and control (New)
- SMB Public Share Enumeration Across Multiple Client Ports, Script Associated (New)
- Access To Unsecured Web Server Open-Directory (New)
- Impacket | Impacket Group Policy Preferences Passwords (New)
-
Application Control Policy
- Inline tenant control for Outlook (New)
-
XDR Indications of Attack
-
Anomaly Detection
- First Occurrence of Outbound SSH/Telnet on Non-Standard Ports (Enhancement)
- First Occurrence of WANBOUND Scanning Activity in a Site (Enhancement)
- Unusual File Creation Activity (Enhancement)
-
Threat Prevention
- Downloaded Possibly Malicious Tool From Unofficial Domain (New)
-
Anomaly Detection
-
Device Inventory
- These are the updates to the Device Inventory detection engine:
-
IoT
-
Multifunction Device
- Canon (Enhancement)
- Payment Terminal
- Castles Technology (Enhancement)
- Verifone (Enhancement)
-
Printer
- Brother Industries (Enhancement)
- Epson (Enhancement)
- HP (Enhancement)
- Konica Minolta (Enhancement)
- Kyocera (Enhancement)
- Lexmark (Enhancement)
- Xerox (Enhancement)
- Zebra (Enhancement)
- Signage Media Player
- BrightSign (Enhancement)
-
Speaker
- Algo (Enhancement)
-
Unidentified IoT
- Grandstream Networks (Enhancement)
- Synology (Enhancement)
- Video Conferencing
- Cisco (Enhancement)
-
VoIP
- Aastracom (Enhancement)
- Avaya (Enhancement)
- Cisco (Enhancement)
- Digium (Enhancement)
- Grandstream Networks (Enhancement)
- Polycom (Enhancement)
- Snom (Enhancement)
- Yealink (Enhancement)
-
Fitness
- Life Fitness Screen (New)
-
Multifunction Device
-
OT
-
Mobile Computer
- AML Striker (New)
-
Industrial Control
- Wuxi iData
-
Mobile Computer
-
PC
-
Desktop
- Dell (Enhancement)
- HP (Enhancement)
- Lenovo (Enhancement)
-
Laptop
- Apple (Enhancement)
- Dell (Enhancement)
- HP (Enhancement)
- Lenovo (Enhancement)
- Microsoft (Enhancement)
- Toshiba (Enhancement)
- Vaio (Enhancement)
-
Thin Client
- Dell (Enhancement)
-
Workstation
- Apple (Enhancement)
- Fujitsu (Enhancement)
- HP (Enhancement)
- NEC (Enhancement)
- Panasonic (Enhancement)
- Windows Workstation (Enhancement)
- ChromBook (Enhancement)
-
Desktop
-
Mobile
-
Mobile Computer
- Zebra (Enhancement)
-
Mobile Phone
- Newland (Enhancement)
- Oppo (Enhancement)
- Samsung (Enhancement)
- Vivo (Enhancement)
- Galaxy Note (Enhancement)
-
Tablet
- Samsung (Enhancement)
- Zebra (Enhancement)
-
Mobile Computer
-
Networking
-
Network Appliance
- 3Com (Enhancement)
- Aruba Networks (Enhancement)
- Juniper Networks (Enhancement)
- Ubiquiti (Enhancement)
-
Network Appliance
-
Server
-
Media Server
- Roku (Enhancement)
-
Print Server
- HP (Enhancement)
-
NAS
- QNAP (Enhancement
-
Media Server
-
IoT
- These are the updates to the Device Inventory detection engine:
-
Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.
0 comments
Please sign in to leave a comment.