SecurityCentric is your source for Blog Aggregation in the Security industry
Yesterday, the Senate resumed consideration of the motion to proceed to consideration of H.R. 3935. Sen Schumer (D,NY) entered a motion to close further debate on the motion to proceed to consideration of the bill. The vote on that cloture motion will take place when the Senate returns on March 30th, 2024, after the vote on the Georgia N. Alexakis ...
Yesterday in preparation for their quarterly business meeting tomorrow, the CSB updated their published list of reported chemical release incidents. They added 26 new incidents that occurred since the previous version was published in January and inserted eight new incidents that occurred before January. These are not incidents that the CSB is inve...
Tech leaders taking cybersecurity seriously is something of a double-edged sword. While its undoubtedly good that organizations are waking up to the genuine threat cyberattacks pose, its depressing that they must siphon off so many resources to protect themselves rather than using them for growth and innovation. A recent survey of UK technology lea...
Alexandre Dumas's timeless novel "The Three Musketeers" immortalized the ideal of unyielding solidarity, the enduring motto "All for one and one for all." In the face of ever-evolving threats in the digital realm, the European Union echoes this spirit with its landmark Cyber Solidarity Act . This new legislation recognizes that collective defense i...
Russia-linked hacking group claims to have targeted Indiana water plant. CNN.com article. Pull quote: While the video is sensational, the actions taken by the threat actor are amateur and would amount to a minor annoyance for plant operators, Fabela, who is CEO of Infinity Squared Group, a consulting firm, told CNN. A powerful volcano is erupting....
Today, CISAs NCCIC-ICS published updates for two control system security advisories for products from Chirp Systems and Mitsubishi Electric. Updates Chirp Systems Update - This update includes additional information on an advisory that was originally published on March 7th, 2024. Mitsubishi Update - This update includes additional information on...
Developing a competitive artificial intelligence business strategy has quickly become an essential leadership strategy as AI has grown into an indispensable business tool. Businesses from all different industries are incorporating new enterprise AI use cases in their workflows to improve products and disrupt their respective industries. To keep up ...
In 2023, companies lost about $4.45 million on average because of data breaches. As cyber threats advance, securing endpoints is more important than ever. An advanced Host-based Intrusion Detection System (HIDS) provides a sturdy remedy to improve endpoint security . By monitoring and examining system responses and device status, HIDS identifies an...
Budgetary and resource constraints play a huge role in cyberattacks on smaller organizations. Amidst a strained global economy, many under-resourced organizations like non-profits, local governments, and hospitals struggle to keep their heads above water - they simply don't have the funds to invest in cybersecurity. To make matters worse, cybercrim...
Syphilis case increase sparks Colorado public health order. TheHill.com article. Pull quote: People should know that this is a treatable disease for adults. A course of penicillin generally does the trick. Some adults have very mild symptoms, theres a lack of diagnosis, others who were symptomatic and treated with penicillin, Polis said. But the re...
Prompt engineering tools are software platforms that help business owners, content creators and prompt engineers craft effective prompts that maximize output from their large language models (LLMs) and generative AI tools. In other words, the best prompt engineering tools provide you with the instructions and support for getting your AI tools to cr...
I have seen it time and again where security clearance applicants who are denied eligibility based onfinancial issuesclaim the reason for the delinquent debts is because the spouse was in charge of the finances, and they thought all the bills and taxes were being taken care of. A recent Defense
Last month, Sen Padilla (D,CA) introduced S 3943, the Accelerating Networking, Cyberinfrastructure, and Hardware for Oceanic Research (ANCHOR) Act. The bill would require the National Science Foundation (NSF) to submit a plan to improve the cybersecurity and telecommunications of the Academic Research Fleet. No new funding is authorized by the legi...
Dragonfly: NASA Just Confirmed The Most Exciting Space Mission Of Your Lifetime. Forbes.com article. Pull quote: Titan is the only other world in the solar system other than Earth that has weather and liquid on its surface. It has an atmosphere, rain, lakes, oceans, shorelines, valleys, mountain ridges, mesas and dunesand possibly the building bloc...
On Friday, the Senate began debate on the consideration of HR 3935, the Securing Growth and Robust Leadership in American Aviation Act. That debate continued on Saturday. Debate will resume on Tuesday. No amendments have been submitted. No real action will occur until the Senate comes back from their upcoming recess on April 29th.
The experience of seeing a doctor has transformed dramatically, thanks in part to the emergence of telemedicine. This digital evolution promises convenience and accessibility but brings with it a host of cybersecurity risks that were unimaginable up until a few years ago. The unique cybersecurity challenges facing telemedicine today underscore the ...
As businesses transition to hybrid and multi-cloud setups, vulnerabilities arising from misconfigurations and security gaps are escalating, attracting attention from bad actors. In response, the US National Security Agency (NSA) issued a set of ten recommended mitigation strategies, published earlier this year (with support from the US Cybersecurit...
Recently, CISA added a new infographic to their stable of publications supporting the two agency chemical security programs, the currently inactive Chemical Facility Anti-Terrorism Standards (CFATS) program and the voluntary ChemLock program. The new SECURE CHEMICALS: POTENTIAL THREATS page shows a brief overview of the potential threats to chemica...
NOTE: See here for series background. Moosic, PA 4-15-24 Local news reports: Here, here, and here. Ammonia storage tank leak at food processing facility. 14 transported to hospital for ammonia exposure. Possible CSB reportable if any of the patients were admitted to the hospital. Naperville, IL 4-15-24 Local news reports: Here, here, and he...
This week, the Government Accountability Office (GAO) published a report on Cybersecurity - Implementation of Executive Order Requirements Is Essential to Address Key Actions. The report looks at the implementation of EO 14028 in CISA, NIST, and OMB. The table below shows the GAOs assessment of EO 14028 leadership and oversight requirements (see A...
This week, the Congressional Research Service (CRS) published a report on The Congressional Review Act: Defining a Rule and Overturning a Rule an Agency Did Not Submit to Congress. The 118th Congress has been fairly active in submitting and passing bills to overturn agency actions. This report outlines the processes under the Congressional Review A...
Reporting Background See this post for explanation, with an update here (removed from paywall). Data from PHMSAs online database of transportation related chemical incidents that have been reported to the agency. Incidents Summary Number of incidents 470 (460 highway, 9 air, 1 rail) Serious incidents 4 (3 Bulk release, 0 injuries, 0 deaths...
This week we have nine vendor disclosures from Hitachi, HPE (4), Peplink, Philips, and Rockwell (2). There are also five vendor updates from B&R (2), Contec, HPE, and Palo Alto Networks. We also have eleven researcher reports about vulnerabilities in products from Elber (10) and Silicon Labs. Finally, we have two exploits for products from Palo...
The Trump Jury Has a Doxing Problem. Wired.com article. To be fair, should read Potential Doxing Problem. Pull quote: Armed with basic personal details about jurors and certain tools and databases, an OSINT researcher could potentially uncover a significant amount of personal information by cross-referencing all this together, Diachenko says. That...
Today, ten days after the publication of their monthly tranche of security advisories and updates, Siemens published a control system security advisory that discusses a command injection vulnerability in their RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW. This is a third-party (Palo Alto Networks) vulnerability that is ...
Retrieval-augmented generation, or RAG, is a technique for enhancing the output of large language models by incorporating information from external knowledge bases or sources. By retrieving relevant data or documents before generating a response, RAG improves the generated text's accuracy, reliability, and informativeness. This approach helps groun...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule for the DOE on U.S. Department of Energy Interpretation of Foreign Entity of Concern. The rule was submitted to OIRA on March 21st, 2024. This rulemaking was not listed in the Fall 2023 Unified Agenda. This rulemaking will probably b...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule for the EPA on Methylene Chloride (MC); Regulation Under the Toxic Substances Control Act (TSCA). The final rule was submitted to OIRA on January 24th, 2024. The notice of proposed rulemaking was published on May 3rd, 2023. According...
Yesterday, with both the House and Senate in session, there were 76 bills introduced. One of those bills will receive additional attention in this blog: HR 8070 To authorize appropriations for fiscal year 2025 for military activities of the Department of Defense, for military construction, and for defense activities of the Department of Energy, to...
The race to produce rare earth elements. TechnologyReview.com article. Pull quote: That technology extracts rare earth elements from coal ash, leaving behind a solution rich in those elements and a residual solid containing iron and other metals. Through sequential steps of heating and cooling, rare earths are transferred into an ionic liquida salt...
A deepfake is a type of synthetic media where the likeness of someone in an existing image or video is replaced with someone elses likeness using artificial intelligence. This technology utilizes sophisticated AI algorithms to create or manipulate audio and video content with a high degree of realism. Deepfake technology represents one of the most ...
Today, CISAs NCCIC-ICS published a control systems security advisory for products from Unitronics. They also updated two advisories for products from Mitsubishi. Advisories Unitronics Advisory - This advisory describes a storing passwords in a recoverable format vulnerability in the Unitronics Vision Standard PLCs. Updates Mitsubishi Update #1 ...
Posted Kaleigh Rosenblat, Chrome Enterprise Senior Staff Software Engineer, Security Lead Generative AI has emerged as a powerful and popular tool to automate content creation and simple tasks. From customized content creation to source code generation, it can increase both our productivity and creative potential. Businesses want to leverage t...
Police have successfully infiltrated and disrupted the fraud platform "LabHost", used by more than 2,000 criminals to defraud victims worldwide. A major international operation, led by the UK's Metropolitan Police, has seized control of LabHost, which has been helping cybercriminals create phishing websites since 2021 to steal sensitive information...
Launch of a Reentry Vehicle as a Payload That Requires a Reentry Authorization To Return to Earth. Federal Register FAA notice. Summary: This action provides notice that in general, the FAA will not authorize launch of a reentry vehicle as a payload that will require a reentry authorization to return to Earth unless the reentry vehicle operator has...
Im always surprised and a little disappointed at how far we have to go before supply chain cybersecurity gets the respect and attention it deserves. I sat down this week with a new client who wanted some help addressing several internal issues surrounding their IT systems. When I asked them about their relationship with the supplier essentially,...
Its an efficient machine to destroy nuclear waste: nuclear future powered by thorium beckons. ChemistryWorld.com article. Pull quote: The companys concept combines a particle accelerator called a cyclotron with a subcritical lead-cooled reactor. Its built with about 3% missing neutrons which is a very important safety feature for us if you pull th...
Empower your AI with optimization. Discover 6 strategies to enhance efficiency through AI model optimization. The post AI Model Optimization: 6 Key Techniques appeared first on eWEEK.
Last month, Sen Wicker (R,MS) introduced S 3959, the Transportation Security Screening Modernization Act. The bill would require the TSA to take actions (potentially including issuing an interim final rule) to streamline the procedures for individuals applying for or renewing enrollment in more than one TSA security threat assessment program, in pa...
Cybersecurity has always been a complex field. Its adversarial nature means the margins between failure and success are much finer than in other sectors. As technology evolves, those margins get even finer, with attackers and defenders scrambling to exploit them and gain a competitive edge. This is especially true for AI. In February, the World Eco...
Crickets from Chirp Systems in Smart Lock Key Leak. KrebsOnSecurity.com article. Pull quote: Its just a matter of them being motivated to do it [fix the vulnerability], he said. But theyre part of a private equity company now, so theyre not answerable to anybody. Its too bad, because its not like residents of [the affected] properties have another ...
Generative AI startups have emerged as the newest and most formidable players in the tech world, using natural language processing, machine learning, and other forms of artificial intelligence to generate new, original content for a variety of business use cases. Larger tech companies like Google, Microsoft, and AWS are working hard to build their ...
Cisco looks to leverage Splunk to be a world-class data company The post Cisco's Splunk Acquisition: A Data-First AI Company Transformation appeared first on eWEEK.
CISAs NCCIC-ICS published four control system security advisories for products from RoboDK, Rockwell Automation, Electrolink, and Measuresoft. Advisories RoboDK Advisory - This advisory describes a heap-based buffer overflow vulnerability in the RoboDK RoboDK robotics development software. Rockwell Advisory - This advisory describes an improper ...
Looking to take your business to a new level through large language models (LLMs)? Check out our complete list of the best LLMs. The post 6 Best Large Language Models (LLMs) in 2024 appeared first on eWEEK.
This week, with both the House and Seante in session, there is a moderately busy hearing schedule. This includes a number of budget hearings as a part of the start of the certainly to be contentious FY 2025 spending process. There is one cybersecurity hearing looking at medical cybersecurity issues. Budget Hearings Budget Hearings ...
Earlier this month, CISA published the official version of their Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) (Division Y, PL 117-103) notice of proposed rulemaking (NPRM). This is part of a continuing series of posts looking at the proposed rulemaking. In this post I will be looking at how CISA is proposing to deal with the pr...
Security configurations are an often ignored but essential factor in any organizations security posture: any tool, program, or solution can be vulnerable to cyberattacks or other security incidents if the settings are not configured correctly. Staying on top of all of these security configurations can be a daunting responsibility for security or IT...
Generative AI has exploded in popularity across many industries. While this technology has many benefits, it also raises some unique cybersecurity concerns. Securing AI must be a top priority for organizations as they rush to implement these tools. The use of generative AI in manufacturing poses particular challenges. Over one-third of manufacturer...
- Welcome!
- SecurityCentric aggregates blogs for the Security industry.
- Custom Feeds
- Add any RSS feed to the information you read daily.
- Blocked Feeds
- Block feeds to remove blogs you’re not interested in.
- Account Settings
- Customize the site by adding or removing feeds.
Don’t have an account yet?
- Customize your settings
- Edit how your blog displays
- Add or remove blogs you read. Sign Up.
About Us
SecurityCentric is your source for all your Security news.
Have a Suggestion for Us?
|
Know of a Security blog that we're missing? Let us know!
|
Share SecurityCentric.com
| 
