Security News

Many organizations are unprepared for sweeping industry changes that call for mandated certificate automation, according to GMO GlobalSign. The solution to meet this call by Google, and other browsers, is to automate certificate management.

Johnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices, including VMware ESXi servers, impacting the company's and its subsidiaries' operations.Yesterday, a source told BleepingComputer that Johnson Controls suffered a ransomware attack after initially being breached at its Asia offices.

Reaper is an open-source reconnaissance and attack proxy, built to be a modern, lightweight, and efficient equivalent to Burp Suite/ZAP. It focuses on automation, collaboration, and building universally distributable workflows. Reaper is a work in progress, but it's already capable of much.

Harnessing the potential of automation in cybersecurity is key to maintaining a robust defense against ever-evolving threats. Still, this approach comes with its own unique challenges. In this...

Experts at Group-IB noted both an increase in the number of scams as well as the number of people engaged in scam activity, both driven by the more frequent use of social media to spread scams and the growing automation of scam processes. In the APAC region, 58% of scam resources targeting companies in seven core economic sectors used this vector, while in Europe, messengers remained the primary vector for scam activity.

Rockwell Automation has fixed two vulnerabilities in the communication modules of its ControlLogix industrial programmable logic controllers, ahead of expected in-the-wild exploitation. "An unreleased exploit capability leveraging these vulnerabilities is associated with an unnamed APT group," industrial cybersecurity company Dragos has stated on Wednesday.

The U.S. Cybersecurity and Infrastructure Security Agency has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP communication module models that could be exploited to achieve remote code execution and denial-of-service. "The results and impact of exploiting these vulnerabilities vary depending on the ControlLogix system configuration, but they could lead to denial or loss of control, denial or loss of view, theft of operational data, or manipulation of control for disruptive or destructive consequences on the industrial process for which the ControlLogix system is responsible," Draogos said.

Streamlining the audit process is not the only benefit of compliance automation. At the same time, automation improves your compliance and security posture as well as the productivity of your compliance program.

Toward that end, the CIS Critical Security Controls team spoke with our users and volunteers as well as looked at our goals for the future of the CIS Controls. In this article, we identify the changes that we made and explain how they support an automated future for the CIS Controls.

Imagine if all you needed to do to turn a security policy into an enforced workflow was type it out as a prompt.... Modern security teams have witnessed many generations of solutions that make it easier to automate security workflows across tools, from manual scripting, to Security, Automation, Orchestration, and Response tools, to low-code/no-code platforms. Now, the next generation of security automation tooling is here and it's powered by generative AI. How Generative AI Unlocks No-Code Automation for Security.