Security News

Barriers preventing organizations from DevOps automation
2023-10-03 03:00

Organizations prioritize DevOps automation investments. The biggest barriers preventing organizations from automating new DevOps use cases are security concerns, difficulty operationalizing data, and toolchain complexity.

The clock is ticking for businesses to prepare for mandated certificate automation
2023-09-28 03:30

Many organizations are unprepared for sweeping industry changes that call for mandated certificate automation, according to GMO GlobalSign. The solution to meet this call by Google, and other browsers, is to automate certificate management.

Building automation giant Johnson Controls hit by ransomware attack
2023-09-27 19:48

Johnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices, including VMware ESXi servers, impacting the company's and its subsidiaries' operations.Yesterday, a source told BleepingComputer that Johnson Controls suffered a ransomware attack after initially being breached at its Asia offices.

Reaper: Open-source reconnaissance and attack proxy workflow automation
2023-09-05 03:00

Reaper is an open-source reconnaissance and attack proxy, built to be a modern, lightweight, and efficient equivalent to Burp Suite/ZAP. It focuses on automation, collaboration, and building universally distributable workflows. Reaper is a work in progress, but it's already capable of much.

Key factors for effective security automation
2023-07-27 03:30

Harnessing the potential of automation in cybersecurity is key to maintaining a robust defense against ever-evolving threats. Still, this approach comes with its own unique challenges. In this...

Growing scam activity linked to social media and automation
2023-07-17 03:00

Experts at Group-IB noted both an increase in the number of scams as well as the number of people engaged in scam activity, both driven by the more frequent use of social media to spread scams and the growing automation of scam processes. In the APAC region, 58% of scam resources targeting companies in seven core economic sectors used this vector, while in Europe, messengers remained the primary vector for scam activity.

Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596)
2023-07-13 12:42

Rockwell Automation has fixed two vulnerabilities in the communication modules of its ControlLogix industrial programmable logic controllers, ahead of expected in-the-wild exploitation. "An unreleased exploit capability leveraging these vulnerabilities is associated with an unnamed APT group," industrial cybersecurity company Dragos has stated on Wednesday.

Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks
2023-07-13 09:00

The U.S. Cybersecurity and Infrastructure Security Agency has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP communication module models that could be exploited to achieve remote code execution and denial-of-service. "The results and impact of exploiting these vulnerabilities vary depending on the ControlLogix system configuration, but they could lead to denial or loss of control, denial or loss of view, theft of operational data, or manipulation of control for disruptive or destructive consequences on the industrial process for which the ControlLogix system is responsible," Draogos said.

Compliance Automation: Your Audit Experience Before and After
2023-06-14 11:04

Streamlining the audit process is not the only benefit of compliance automation. At the same time, automation improves your compliance and security posture as well as the productivity of your compliance program.

3 ways we’ve made the CIS Controls more automation-friendly
2023-06-14 03:00

Toward that end, the CIS Critical Security Controls team spoke with our users and volunteers as well as looked at our goals for the future of the CIS Controls. In this article, we identify the changes that we made and explain how they support an automated future for the CIS Controls.