New Features & Enhancements
Manually Upgrade Sockets to a Newer Version: We're introducing an option to manually start the Socket upgrade process and install a Socket firmware version. This can help when an upgrade was skipped because the Socket was disconnected during the maintenance window, or for any other reason.
Simplified Removal of Users and User Groups From Your Account: You can now delete a user or user group even if they are included in a policy. After being deleted, they are removed from the Users or User Groups pages and can no longer connect with the Cato Client or have a policy applied.
Users or user groups are still visible in a policy and marked as deleted, for example, John Doe (Deleted)
Previously, users or user groups could not be deleted when included in a policy
Improved Monitoring of Sanctioned Apps: To better manage cloud app ecosystems, customers can now include their known business applications in the Sanctioned Apps Category. This lets you filter to see analytics specifically for sanctioned apps.
The App Analytics and Experience Monitoring pages can be filtered for sanctioned apps
For customers with a CASB license:
The Sanctioned Apps Category can be configured in Application Control rules
The Cloud Apps Dashboard can be filtered for sanctioned apps
The Sanctioned Apps Category is configured in the Assets > Categories page
Previously, the category was available only with a CASB license
Go to the Cato Product Roadmap in the Knowledge Base to follow the status of upcoming features and enhancements.
Security Updates
IPS Signatures:
View more details about the IPS signatures and protections in the Threats Catalog
Malware AlphaCrypt-CnC Beacon (New)
Malware DuckTail APT-CnC communication (New)
Malware Lumma Stealer-CnC (New)
Malware PrivateLoader-CNC Communication (New)
Ransomware ATCK (New)
Ransomware BlackSkull (New)
Ransomware DumbStackz (Enhancement)
Ransomware KUZA (Enhancement)
Ransomware Mallox (Enhancement)
Ransomware Ncov (Enhancement)
Ransomware Robaj (Enhancement)
Ransomware SHINRA (Enhancement)
Ransomware Stop/Djvu (Enhancement)
Ransomware Tuborg (Enhancement)
Ransomware Virus (MedusaLocker) (Enhancement)
Ransomware Wormhole (Enhancement)
Ransomware xDec (Enhancement)CVE-2022-38108 (New)
CVE-2020-4000 (New)
CVE-2021-21345 (New)
CVE-2021-21480 (New)
CVE-2022-29847 (New)
CVE-2022-44373 (New)
CVE-2023-32985 (New)
CVE-2023-34993 (New)
CVE-2023-37569 (New)
CVE-2023-44353 (New)
CVE-2023-48782 (New)
CVE-2023-6019 (New)
CVE-2023-6184 (New)
CVE-2024-1212 (Enhancement)
CVE-2024-26212 (New)
CVE-2024-3272 (New)
Generic Directory Traversal - HTTP (Enhancement)
PetitPotam - Active Directory Certificate Services (ADCS) NTLM Authentication (New)
Detection & Response
These are the updates to the Indications Catalog:
Threat Hunting Indications:
Suspicious Bot Activity(Pastebin) (Enhancement)
Suspicious DNS Traffic (Enhancement)
Note:
Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.