Security News

Experts at Group-IB noted both an increase in the number of scams as well as the number of people engaged in scam activity, both driven by the more frequent use of social media to spread scams and the growing automation of scam processes. In the APAC region, 58% of scam resources targeting companies in seven core economic sectors used this vector, while in Europe, messengers remained the primary vector for scam activity.

Rockwell Automation has fixed two vulnerabilities in the communication modules of its ControlLogix industrial programmable logic controllers, ahead of expected in-the-wild exploitation. "An unreleased exploit capability leveraging these vulnerabilities is associated with an unnamed APT group," industrial cybersecurity company Dragos has stated on Wednesday.

The U.S. Cybersecurity and Infrastructure Security Agency has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP communication module models that could be exploited to achieve remote code execution and denial-of-service. "The results and impact of exploiting these vulnerabilities vary depending on the ControlLogix system configuration, but they could lead to denial or loss of control, denial or loss of view, theft of operational data, or manipulation of control for disruptive or destructive consequences on the industrial process for which the ControlLogix system is responsible," Draogos said.

Streamlining the audit process is not the only benefit of compliance automation. At the same time, automation improves your compliance and security posture as well as the productivity of your compliance program.

Toward that end, the CIS Critical Security Controls team spoke with our users and volunteers as well as looked at our goals for the future of the CIS Controls. In this article, we identify the changes that we made and explain how they support an automated future for the CIS Controls.

Imagine if all you needed to do to turn a security policy into an enforced workflow was type it out as a prompt.... Modern security teams have witnessed many generations of solutions that make it easier to automate security workflows across tools, from manual scripting, to Security, Automation, Orchestration, and Response tools, to low-code/no-code platforms. Now, the next generation of security automation tooling is here and it's powered by generative AI. How Generative AI Unlocks No-Code Automation for Security.

For companies today, the need to maintain and enhance levels of audit and compliance against the backdrop of an ever-worsening cyber security threat landscape has become more pressing than ever before. Security and compliance breaches can cause operational disruption, lost revenue, customer dissatisfaction, and lead to potentially catastrophic legal or regulatory actions, according to a new white paper published by compliance automation specialist Drata.

In several high-profile incidents, application programming interfaces emerged as a primary attack vector, posing a new and significant threat to organizations' security posture, according to Cequence Security. "As attack automation becomes an increasingly prevalent threat against APIs, it's critical that organizations have the tools, knowledge and expertise to defend against them in real- time," Talwalkar added.

We're now making cloud security automation easier for you by releasing CIS hardening components in EC2 Image Builder on Amazon Web Services. Our CIS hardening components help give you more options for building a golden image, especially when you need to automate your image creation process.

Data backups get a lot of attention, but sadly, sometimes, the operational work that keeps networks secure - like device backups, upgrades, and configuration grooming - goes undone. Recent high-profile network outages have brought attention to the importance of not just automating improvements in network security and operations but recovering quickly and minimizing downtime when disaster strikes.