Security News

How automation can solve application development challenges
2022-08-30 03:30

Security Compass has published the results of a research study examining developer views on application security, including the challenges and opportunities they face in their secure development efforts. In order for software developers and security teams to effectively collaborate and ensure that a company's software products are secure, developers need automated, current, relevant, and actionable JITT training embedded into their development tools and processes.

Driving the Always-On Business with Infrastructure Automation and IaC
2022-07-22 00:00

Speed, cost reduction and reduced risk: just three of the benefits of Infrastructure-as-Code. Despite the immense business value IaC can yield, getting to and operating a state of automated infrastructure management is not always straightforward.

The future of SOCs: Automation where it matters
2022-07-14 05:00

Like Microsoft's new security patch technology, SOC automation intends to both improve an enterprise's security posture and reduce the burden on security engineers and security analysts. The real work of the SOC continues to be handled by security engineers who maintain the tools and the security analysts who have the insights that can assess attacks and determine what the organization should do to address threats.

Microsoft Exchange bug abused to hack building automation systems
2022-06-27 15:39

A Chinese-speaking threat actor has hacked into the building automation systems of several Asian organizations to backdoor their networks and gain access to more secured areas in their networks. The APT group, whose activity was spotted by Kaspersky ICS CERT researchers, focused on devices unpatched against CVE-2021-26855, one of the Microsoft Exchange vulnerabilities collectively known as ProxyLogon.

Critical Security Flaws Identified in CODESYS ICS Automation Software
2022-06-27 03:35

CODESYS has released patches to address as many as 11 security flaws that, if successfully exploited, could result in information disclosure and a denial-of-service condition, among others. CODESYS is a software suite used by automation specialists as a development environment for programmable logic controller applications.

Stronger detection and automation pave the way for real-time response
2022-06-14 08:00

Deepwatch released the State of the Modern SOC report, which found that most IT security professionals believe they could have stopped business impacting cyber events if equipped with better response capabilities. Many seek more automation and less alert noise to shorten response times.

Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities
2022-05-26 03:49

Cybersecurity researchers are calling attention to a free-to-use browser automation framework that's being increasingly used by threat actors as part of their attack campaigns. The U.S. cybersecurity company said it observed command-and-control IP addresses associated with malware such as Bumblebee, BlackGuard, and RedLine Stealer establishing connections to the downloads subdomain of Bablosoft, the maker of the Browser Automation Studio.

Microsoft Security Experts: Humans and automation to fight off cyber threats
2022-05-09 13:00

Microsoft is rolling out its "Security Experts" managed service with an eye on stomping down threats and malware. Microsoft is planning to roll out three such managed services in 2022, one of which became available today.

The Uncertain Future of IT Automation
2022-03-08 15:56

Chris Hass, director of information security and research at Automox, discusses how the future looks. While the trend of automation will continue to grow, there still remain many challenges to its adoption, and new innovations or threats could change how the future looks for this technology.

Preventing software security vulnerabilities with automation
2022-02-09 04:30

A team of UTSA researchers is exploring how a new automated approach could prevent software security vulnerabilities. The team sought to develop a deep learning model that could teach software how to extract security policies automatically.