The ABB BMS/BAS controller suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the CSV DB that contains the configuration mappings information via the VMobileImportExportServlet by directly calling the vstatConfigurationDownload.php script.

ABB Cylon Aspect 3.08.01 (vstatConfigurationDownload.php) Config Download

### Impact


### Patches
1.31.1, 1.30.6, 1.29.8

### Workarounds
set `enable_criu_support = false` 

### References
_Are there any links users can visit to find out more?_


**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-7p9f-6x8j-gxxp: CRI-O: Maliciously structured checkpoint file can gain arbitrary node access

Neurodivergent talent can add so much to a cybersecurity team. How can companies ensure they have the right hiring and onboarding practices in place to help these employees succeed?

Source: Jess Rodriguez via Alamy Stock Photo

Hiring and retaining neurodivergent talent is a crucial step toward fostering a more inclusive and innovative cybersecurity workforce. But traditional hiring processes and standardized training programs can often create barriers for these individuals and lead companies to lose out on talent.

Here are eight tips for ensuring that your hiring and training processes are more inclusive and that neurodivergent candidates can succeed and thrive within your organization once they are on the job.

**1\. Embrace Performance-Based Interviews**

Traditional interviews may not showcase a neurodivergent candidate's full potential. Instead, use performance-based interviews where candidates can demonstrate their skills in a comfortable, simulated work environment. This provides better insight into their capabilities and reduces stress related to social interactions.

"Sitting in a room answering questions, especially when you're seeking a job that is going to have less social interaction, is not the way to do it," says Megan Roddie-Fonseca, a senior security engineer at Datadog and a neurodivergent person with autism and ADHD. "When it comes to showing my skill set, I'm going to be doing that on a computer, in an environment I'm comfortable with."

**2\. Communicate Clear Expectations**

Clarity is key when working with neurodivergent candidates. During interviews and onboarding, provide clear instructions and explain expectations thoroughly. Avoid using metaphors or vague language, which can create confusion for some candidates.

"Due to my auditory processing disorder, I often rely on written communication to fully process information," says Meghan Maneval, senior director of product marketing at LogicGate.

**3\. Use Flexible Interview Formats**

Allowing candidates to complete tasks at their own pace and in familiar environments can help them showcase their strengths without the added pressure of time constraints or sensory distractions.

"Many neurodivergent employees I have spoken with tell me they are at their best when they have time and mental space to solve a problem on their own, in their own way, and then bring it back to the team," says Jodi Asbell-Clarke, a senior researcher in neurodiversity in STEM education at the nonprofit TERC and author of Reaching and Teaching Neurodivergent Learners in STEM.

**4\. Develop Individualized Training Plans**

Neurodivergent employees often benefit from tailored training programs. Rather than a one-size-fits-all approach, offer flexible training options, such as self-paced modules, to accommodate different learning styles.

"Giving neurodivergent employees space for autonomy of thought during training can be beneficial," Asbell-Clarke says.

**5\. Build a Culture of Inclusion**

Foster open dialogue about neurodiversity and encourage conversations about the needs of neurodivergent employees. Create employee resource groups (ERGs) to provide a platform for neurodivergent voices and make sure they feel heard.

“It's a culture shift because a lot of people are afraid to bring up those things because people think they're silly or they'll feel like, you know, they're going to get fired or not be a candidate for hire because they made a request like this," Roddie-Fonseca says.

**6\. Implement Universal Design Principles**

Adopt universal design practices that benefit everyone in the workplace, whether or not they disclose a neurodivergent condition. Simple accommodations, such as allowing flexible workspaces, reducing sensory distractions, and providing access to tools, can help everyone thrive.

"Neurodivergence is already present in about 20% of the workforce, but not everyone will disclose it. So it's important to have support systems in place that everyone can access," says Liz Green, an occupational therapist and business consultant specializing in neurodiversity and inclusive design, who often works with cybersecurity clients.

**7\. Regularly Check in With Employees**

Create a culture of regular check-ins, where managers and employees can discuss accommodations, work environment preferences, and overall well-being. This ensures neurodivergent employees feel supported and understood. But do it in different ways so that the check-ins are not intrusive. This can be done with short check-in surveys, for example.

"Quick checks are very helpful," Green says. "Regular check-ins allow managers to understand how employees are doing and if any accommodations need adjustment."

**8\. Be Open to Learning and Adapting**

Creating an inclusive environment for neurodivergent employees requires a willingness to learn and adapt. Encourage managers to engage in ongoing training and education on neurodiversity and foster a workplace culture that supports continuous learning and improvement. Make sure that neurodivergent employees are included in all conversations and initiatives that are centered on inclusion.

"The most important thing is bringing forth the voices of the population," Green says. "It's about making an effort to listen and then act on what neurodivergent employees are saying."

**About the Author**

Contributing Writer, Dark Reading

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online.

8 Tips for Hiring and Training Neurodivergent Talent

The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit.

Source: Collection Chrisophel via Alamy Stock Photo

For a brief window of time in October, Russian hackers had the ability to launch arbitrary code against anyone in the world using Firefox or Tor.

On Oct. 8, researchers from ESET first spotted malicious files on a server managed by the Russian advanced persistent threat (APT) RomCom (aka Storm-0978, Tropical Scorpius, UNC2596). The files had gone online just five days earlier, on Oct. 3. Analysis showed that they leveraged two zero-day vulnerabilities: one affecting Mozilla software, the other Windows. The result: an exploit that spread the RomCom backdoor to anyone who visited an infected website, no clicks required.

Luckily, both issues were remediated quickly. "The attackers only had a really small window to try to compromise computers," explains Romain Dumont, malware researcher with ESET. "Yes, there was a zero-day vulnerability. But, still, it was patched really fast."

Dark Reading has reached out to Mozilla for comment on this story.

**A Zero-Day in Firefox & Tor**

The first of the two vulnerabilities, CVE-2024-9680, is a use-after-free opportunity in Firefox animation timelines — the browser mechanism that handles how animations play out based on user interactions with websites. Its power to afford attackers arbitrary command execution earned it a "critical" 9.8 rating from the Common Vulnerability Scoring System (CVSS). 

Related:Sneaky Skimmer Malware Targets Magento Sites Ahead of Black Friday

Importantly, CVE-2024-9680 affects more than just Firefox. Mozilla's open source email client "Thunderbird" is also impacted, as is the ultrasecretive Tor browser, which is built from a modified version of Firefox's Extended Support Release (ESR) browser.

In October, RomCom deployed specially crafted websites that would instantly trigger CVE-2024-9680 without the need for any victim interaction. Victims would unknowingly download the RomCom backdoor from RomCom-controlled servers, then quickly be redirected to the original website they thought they were visiting all along.

These malicious domains were made to mimic the real sites associated with the ConnectWise and Devolutions IT services platforms, and Correctiv, a nonprofit newsroom for investigative journalism in Germany. That these organizations are both political and economic in nature might not surprise those familiar with RomCom, which has always conducted opportunistic cybercrime, but in more recent times has added politically motivated espionage to its agenda. Its activity in 2024 has included campaigns against the insurance and pharmaceutical sectors in the US, but also the defense, energy, and government sectors in Ukraine.

Related:News Desk 2024: Can GenAI Write Secure Code?

It's unclear by what means of social engineering RomCom might have spread these malicious sites.

**What We Know of RomCom's Campaign**

Not content with only running code in a victim's browser, however, RomCom also employed a second vulnerability, CVE-2024-49039. This high-severity 8.8 CVSS-rated bug in the Windows Task Scheduler allows for privilege escalation, thanks to an undocumented remote procedure calls (RPC) endpoint unintentionally accessible to low level users. In this case, RomCom used CVE-2024-49039 to escape the browser sandbox and onto a victim's machine at large.

The damage that might've been done with such a powerful exploit chain, and exactly who was affected by it last month, remains unknown. What's clear at this point is that the overwhelming majority of targets were located in North America and Europe — particularly the Czech Republic, France, Germany, Poland, Spain, Italy, and the US — plus scattered victims in New Zealand and French Guiana.

Also, notably, none of the victims tracked by ESET were compromised via Tor. "Tor has some predefined settings that differ from Firefox, so maybe it would not have worked," Damien Schaeffer, senior malware researcher at ESET speculates. He notes, too, that RomCom's primary targets appeared to be corporations, which rarely use Tor.

Related:Israel Defies VC Downturn With More Cybersecurity Investments

Both CVE-2024-9680 and CVE-2024-49039 have since been patched — the former on Oct. 9, just 25 hours after Mozilla was notified of the issue, and the latter on Nov. 12.

"By now, I hope, the problem is more or less done," Schaeffer says. Still, for any given organization, "It'll depend on their policies. If you have good patch management, this would have been fixed in one day or so. But it's up to people to fix their stuff."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

'RomCom' APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor

New York state regulators punish insurers after cybercriminals illegally access customer info they then used to file scam unemployment claims during the COVID-19 pandemic.

Source: Phanie - Sipa Press via Alamy Stock Photo

Two auto insurance companies will pay a hefty penalty for what the State of New York says was inadequate security that allowed hackers to compromise personal data of more than 12,000 state residents.

New York Attorney General Letitia James and New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris said the $11.3 million fines against Government Employees Insurance Co. (GEICO) and the Travelers Indemnity Co. follows what the state deemed "poor data security" practices that allowed cybercriminals to steal driver license numbers. Worse, at the height of the COVID-19 crisis, they used that info to file fraudulent unemployment claims. Specifically, the insurers were found to have violated a state regulation to "implement policies, procedures, and controls designed to protect consumer data as well as the financial institutions themselves," their statement said.

GEICO has been ordered to pay $9.75 million, and Travelers will pay $1.55 million.

“GEICO and Travelers offer drivers protection during times of emergencies, but these companies failed to protect consumers' personal information,” James said. “Data breaches can lead to serious fraud, and that is why it is important for all companies to take cybersecurity and data protection seriously.”

GEICO experienced a November 2020 compromise of its auto insurance quoting tool, allowing threat actors to steal driver license numbers from the company's public-facing website, New York regulators said.

"Despite being notified by DFS of an industry-wide cyberattack campaign to obtain driver's license numbers, and suffering, disclosing, and remediating separate cybersecurity incidents, GEICO failed to conduct a comprehensive review of its systems to prevent and detect future cyberattacks," the statement continued.

Following that breach, hackers pivoted to exploit a vulnerability in GEICO's quoting tool for insurance agents on a separate platform.

Both cyberattacks against GEICO exposed the personal information of about 116,000 New York residents, most of those leaked in the second compromise, the statement added.

Travelers too was breached through a similar cyberattack against its auto insurance quoting tool, this time a calculator used by independent agents. Despite receiving multiple alerts that threat actors were conducting these types of campaigns, in April 2021, hackers were able to use compromised credentials to generate reports with license numbers in plain text, exposing the data of 4,000 New Yorkers, the statement said.

Besides the penalties, these insurers have agreed to improve their cybersecurity practices including improving protections for private information, conducting a comprehensive data inventory, requiring authentication to access private data, implementing logging and monitoring, and enhancing threat response planning and procedures.

GEICO also agreed to conduct remedial measures, including comprehensive risk assessment and penetration testing, plus developing an action plan to address any resulting issues. Travelers agreed to review its systems, assess its own access controls, and improve protections against unauthorized access to nonpublic personal information, according to the regulators' statement.

Geico, Travelers Fined $11.3M for Lax Data Security

Microsoft connected experiences have been the subject of heated online discussions. So what are they, and do they train AI with my data?

Recently we’ve seen some heated discussion about Microsoft’s connected experiences feature. As in many discussions lately there seems to be no room for middle ground, but we’re going to try and provide it anyway.

First of all, it’s important to understand what the “connected experiences” are.

Microsoft describes it like this:

> “Connected experiences that analyze your content are experiences that use your Office content to provide you with design recommendations, editing suggestions, data insights, and similar features.”

If that sounds like auto-correct on steroids, you’re close. You like it or you don’t.

But I found that there are two types of connected experiences.

Let’s start with a locally saved document created in Microsoft 365 (Word). To find the connected experiences settings, you’ll need to

*   Click on **File** > **Options**

Options

*   Select **Trust Center** and click on **Trust Center Settings**

Trust Center Settings

*   Select **Privacy Options** and click on **Privacy Settings**

Privacy Options > Privacy Settings

Then you’ll see three entries for Connected experiences:

*   Experiences that analyze your content
*   Experiences that download online content
*   All connected experiences

My tinfoil hat warns me that the second one is bound to show up in some vulnerability, but nowhere does it say that anything you produce will be shared with anyone, let alone train an AI model. If anything is worrying in there, it’s the fact that it uses content in your documents to find online information that might be of interest to you.

Connected experiences

Feel free to turn these options off.

For **online** documents created with Microsoft 365 apps it’s a different topic, and depends on what the administrator of the organization that provided it has decided to make available to you.

The overview of optional connected services provided by Microsoft says:

> “If you have a work or school account, your organization’s admin may have provided you with the ability to use one or more cloud-backed services (also referred to as “optional connected experiences”) while using the Office apps, like Word or Excel, that are included with Microsoft 365 Apps for enterprise.”

It then goes on to list all the possible optional connected experiences. The settings for these are of the type  “all or nothing.”

You can find these settings if you have a document open in your browser by following the path **File > About > Privacy Settings > Optional connected experiences**.

Optional connected experiences

The official Microsoft 365 account on X tweeted to say it didn’t use customer data to train large language models (LLMs)—a type of artificial intelligence (AI) program—in M365 apps:

> “In the M365 apps, we do not use customer data to train LLMs. This setting only enables features requiring internet access like co-authoring a document.”

So, turning that option off might result in some lost functionality if you’re working on the same document with other people in your organization.

If you want to turn these settings off for reasons of privacy and you don’t use them much anyway, by all means, do so. The settings can all be found under **Privacy Settings** for a reason. But nowhere could I find any indication that these connected experiences were used to train AI models.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Explained: the Microsoft connected experiences controversy 

The APT, aka Earth Estries, is one of China's most effective threat actors, performing espionage for sometimes years on end against telcos, ISPs, and governments before being detected.

Source: 3D generator via Alamy Stock Photo

The Chinese threat actor known as Salt Typhoon has been spying on some high-value government and telecommunications organizations for several years now, recently debuting fresh backdoor malware, dubbed GhostSpider.

Salt Typhoon (aka Earth Estries, FamousSparrow, GhostEmperor, and UNC2286) is among the People's Republic's most cutting advanced persistent threats (APT). In a campaign stretching back to 2023, it has compromised more than 20 organizations. Those organizations tend to be of the highest order, from all corners of the globe, and their breaches have in some cases remained undetected for years. Most recently, it's been known for targeting US telcos, including T-Mobile USA, and ISPs in North America.

**Salt Typhoon's Arsenal of Malware**

With access to a targeted network, the APT that Trend Micro calls Earth Estries can deploy any one of its varied and powerful payloads, which it is consistently building out, according to a new analysis from the firm.

There's Masol RAT — a cross-platform tool it's used against Linux servers from Southeast Asian governments — and the modular SnappyBee (aka Deed RAT). The newly discovered GhostSpider, meanwhile, is a highly modular backdoor, adjustable for any particular attack scenario, according to Jon Clay, Trend Micro's vice president of threat intelligence.

Related:Sneaky Skimmer Malware Targets Magento Sites Ahead of Black Friday

"So, I can enact a specific module to do one specific thing, and it only does that one thing, and then if I need something else, I enact another module. And this does make it much more difficult for defenders and researchers to identify what's what," Clay says, because one instance of GhostSpider might look entirely different from another.

Besides its backdoors, the group also possesses a rootkit called Demodex, and Trend Micro has speculated that it might even have used Inc ransomware in some of its operations.

The diversity of Salt Typhoon's malware may be connected to the very nature of how it operates. According to the researchers, it is a structured organization of distinct, specialized teams. Its various backdoors, for example, are managed by different "infrastructure teams." The tactics, techniques, and procedures (TTPs) utilized in different attacks might vary significantly, with unique teams focusing in different geographic regions and industries — another reason why pinning down the Chinese APT has been so difficult over the years. "They are very sophisticated \[at\] gaining access, maintaining access, maintaining persistence, and wiping their tracks when they have done something to make it look like they were never there," Clay says.

Related:News Desk 2024: Can GenAI Write Secure Code?

**How Estries Gains Entry**

Earth Estries had been conducting long-term espionage attacks against governments and other targets since 2020. Around the middle of 2022, though, a switch flipped.

"In the past, they were doing a lot of phishing of employees," Clay recalls. "Now they're targeting Internet-facing devices using n-day vulnerabilities, finding any open ports \[or\] protocols, or applications that are running that they can exploit in order to gain access."

"N-day" refers to recently disclosed bugs that organizations might not have had a chance to patch yet. The group's favorite vulnerabilities have been dangerous (but now well-documented), including: 

*   The SQL injection bug CVE-2024-48788, which affects the Fortinet Enterprise Management Server (EMS)
    
*   CVE-2022-3236, a code injection issue in Sophos Firewalls
    

*   The four Microsoft Exchange vulnerabilities involved in ProxyLogon
    

"And we see this across the board," Clay notes. "Certainly, emails are still a big way to gain access to organizations, but it used to be 80%-plus \[of cases\]. I think now you're looking at a much smaller percentage of these attacks beginning with a phishing campaign."

Related:Israel Defies VC Downturn With More Cybersecurity Investments

**Chinese Island Hopping to Gov't Cyberattack Victims**

Often, Salt Typhoon doesn't exploit vulnerabilities directly in its target's network. Instead, it opts for a more tactful approach.

Since 2023, its victims have spanned no fewer than four continents — from countries as diverse as Afghanistan, India, Eswatini, and the US — with the greatest concentration being in Southeast Asia. These organizations have come from the telecommunications, technology, consulting, chemical, transportation, and nonprofit sectors, with a special emphasis on government agencies.

Not all of these organizations are necessarily the hackers' final destination, though. A nongovernmental organization (NGO), for example, may house interesting data worth stealing, or it might just provide a covert springboard for attacking a more important government agency. In 2023, for instance, researchers observed Salt Typhoon compromising consulting firms and NGOs that work with the US government and military, with the goal of more quickly and effectively breaching the latter.

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Salt Typhoon Builds Out Malware Arsenal With GhostSpider

### Impact
Existing lakeFS users who have issued credentials to users who have been deleted.
Creating a new user with the same username, that user will inherit all of the previous user's credentials lakeFS needs to delete user credentials upon user deletion.

### Patches
_Has the problem been patched? What versions should users upgrade to?_

### Workarounds
A possible workaround will be not to reuse usernames that were previously deleted

### References
_Are there any links users can visit to find out more?_


GHSA-hh33-46q4-hwm2: Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion

Protecting sensitive data is critical for businesses facing constant cyber threats. Automating encryption, audits, and access control strengthens security and reduces human error.

Protecting sensitive data nowadays should be a top priority for businesses of all sizes. Data breaches and cyber threats are no longer occasional occurrences but constant risks that require ongoing attention. The global cost of cyberattacks is expected to hit $9.5 trillion in 2024, largely fueled by ransomware, phishing, and data breaches. To combat these threats, companies need robust, continuous security measures that adapt as threats evolve. 

Traditional security measures, while effective to an extent, often involve manual processes that can be inconsistent, leaving gaps in protection. Automation is changing the landscape as it allows businesses to protect data more effectively through real-time encryption and automated security audits.

Automating data security processes means sensitive information is consistently protected, and security status is constantly monitored without relying solely on human effort. Automation, combined with other technologies like machine learning, offers businesses the ability to stay one step ahead.

Let’s discuss more on this below:

****Using Robotic Process Automation** **

Robotic process automation (RPA) has become a valuable tool in automating repetitive tasks across various business functions, and data security is no exception. RPA can handle tasks such as data encryption, access control management, and audit preparation, which are critical in maintaining a secure data environment. Thanks to RPA, businesses can create automated workflows that perform these tasks quickly and consistently, eliminating human error and freeing up security teams to focus on more complex challenges.

One major advantage of RPA in security is its ability to run 24/7 without interruption. Tasks that are time-consuming or repetitive for human employees can be efficiently managed by RPA, creating a more consistent layer of protection. 

Additionally, it can help businesses stay compliant with data regulations by automatically recording security actions and updates. Instead of relying on team members to complete these steps manually, RPA executes them precisely and on schedule.

****Automating Data Encryption** **

Data encryption is one of the most important elements in a data security strategy, protecting sensitive information by converting it into an unreadable format. With encryption, data remains secure even if accessed by unauthorized users. 

However, manually encrypting data across all systems and applications is not only time-consuming but also prone to inconsistencies. Automating the encryption process enables businesses to apply real-time protection to data without the need for constant manual intervention.

Automated encryption solutions can detect sensitive data as it’s created or transferred and immediately encrypt it, adding a critical layer of security. This real-time approach is particularly valuable for businesses that handle large volumes of data daily. With automated encryption, businesses reduce the risk of accidental exposure, keeping data consistently protected, whether it’s at rest or in transit. Automation also allows companies to apply encryption uniformly across their systems so there are no weak points that hackers can exploit.

****Implementing Automated Security Audits** **

Security audits play an essential role in identifying vulnerabilities, maintaining compliance, and ensuring data integrity. However, conducting regular audits can be a challenge for companies, as it requires significant time and resources. 

Automated audit tools streamline this process, allowing for continuous auditing that keeps an eye on security status in real time. Instead of waiting for scheduled audit periods, automated audits can provide up-to-date reports on security gaps and compliance status.

Real-time auditing brings numerous benefits, especially for companies in highly regulated industries. Automated audits allow businesses to spot potential issues early, minimizing the risk of non-compliance and giving them a proactive approach to risk management. With continuous monitoring, teams can quickly act when issues arise, addressing vulnerabilities before they become major threats. Automated security audits give businesses the confidence that their security measures are consistently monitored and aligned with industry standards, all while reducing the workload on internal teams.

****Utilizing Machine Learning for Anomaly Detection** **

Machine learning (ML) adds another layer of sophistication to automated security audits by identifying patterns and unusual activities that might indicate a security threat. Unlike traditional methods, ML algorithms can learn from data over time, recognizing what constitutes typical behaviour and quickly spotting anomalies that could signal unauthorized access or suspicious actions. This type of real-time detection helps teams stay aware of issues that may otherwise go unnoticed in large datasets.

Incorporating ML into security audits enables businesses to gain a proactive approach to data protection. As soon as an anomaly is detected, ML-powered tools can alert the security team to investigate before any real damage is done. This level of insight is especially valuable in industries handling sensitive data, where even minor incidents could have serious consequences. Automated anomaly detection keeps teams informed, enabling swift action and strengthening the overall security framework.

****Improving Data Access Control** **

Statistics show that over 70% of organizations with access control experience fewer than five major incidents annually. Access control is a fundamental element of data security as it determines who can view or modify sensitive information within an organization. Automated access control systems make this process more secure by continuously monitoring and adjusting permissions based on predefined rules. For instance, when an employee changes roles or leaves the company, automated systems can immediately update or revoke access rights, reducing the risk of unauthorized access.

Automating access control brings consistency and reduces human error, which can often lead to accidental exposure of sensitive information. By leveraging automated systems, companies create a more adaptable and secure environment where access is restricted to those who genuinely need it. This method also simplifies compliance with regulatory standards that require strict access controls. In this way, businesses can manage data access dynamically and respond quickly to personnel or organizational changes.

****Automated Reporting** **

Automated reporting is a powerful tool for maintaining a clear view of an organization’s security health. With real-time data feeding directly into dashboards and reports, security teams gain immediate insights into the status of various security measures, compliance levels, and potential risks. Instead of spending hours manually compiling data for reports, automated systems handle this work, generating up-to-date summaries that decision-makers can access at any time.

Automated reports not only save time but also improve the quality of information used in decision-making. These reports are frequently customizable, allowing teams to focus on specific metrics or risks that are most relevant to their organization. This flexibility makes it easier to make informed decisions, as leaders have a continuous, accurate view of security issues and trends. 

Automating data encryption and security audits has transformed the way businesses approach data protection. With tools like robotic process automation, machine learning, and automated reporting, companies can create a dynamic, secure environment that operates around the clock. These methods bring real-time data security and compliance monitoring within reach, helping organizations respond to risks proactively rather than reactively. 

1.  Top 9 Compliance Automation Software in 2024
2.  Safe Data Sharing Practices: How to Avoid Data Leaks
3.  How To Prevent Growing Issue of Encryption Based Malware
4.  How FHE Technology Is Making End-to-End Encryption a Reality
5.  Cybersecurity, Big Data & Automation Tools: What You Need To Know

Automating Data Encryption and Security Audits for Continuous Protection

Amazon Web Services' identity and access management platform has added new features that help developers implement secure, scalable, and customizable authentication solutions for their applications.

Source: GK Images via Alamy Stock Photo

Amazon Web Services (AWS) has announced updates to Amazon Cognito, its identity and access management service for Web and mobile applications. The service allows developers to secure machine-to-machine authentication, enable role-based access to AWS resources, and create sign-in and sign-up experiences in applications. 

Cognito now supports passwordless login with managed login, enabling users to integrate passwordless authentication methods, including passkeys, email one-time-passwords, and SMS one-time-passwords. 

The new features include a developer-focused console experience that streamlines onboarding via a wizard and use-case specific recommendations. This allows developers to configure their sign-in options and follow the system-provided instructions to create the application's sign-in and sign-up pages. A new user pool, a user directory for authentication and authorization, is automatically created, according to the blog post announcing the new updates. Amazon Cognito also supports major application frameworks and offers detailed instructions for integrating them using standard OpenID Connect (OIDC) and OAuth open source libraries.

Amazon has updated the pricing structure for Cognito, adding user pool feature tiers: Lite, Essentials, and Plus. New user pools are created at the Essentials tier by default, and users can switch between tiers depending on their needs. 

The Lite tier includes user registration, password-based authentication, and social identity provider integration. The Essentials tier includes expanded authentication and access control features, including managed login and passwordless capabilities and enhanced security features. The Plus tier offers more security features, including threat protection capabilities against suspicious logins and compromised credential detection. 

Pricing is based on monthly active users. The Essentials and Plus tiers are available in all AWS regions where Cognito is available, except AWS GovCloud (US) regions. 

**About the Author**

Contributing Writer

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

Tag

#auth