Consideration HR 3935 FAA Reauthorization | Mark As Read |
Yesterday, the Senate resumed consideration of the motion to proceed to consideration of H.R. 3935. Sen Schumer (D,NY) entered a motion to close further debate on the motion to proceed to consideration of the bill. The vote on that cloture motion will take place when the Senate returns on March 30th, 2024, after the vote on the Georgia N. Alexakis ...
Review - CSB Updates Accidental Release Reporting Data 4-19-24 | Mark As Read |
Yesterday in preparation for their quarterly business meeting tomorrow, the CSB updated their published list of reported chemical release incidents. They added 26 new incidents that occurred since the previous version was published in January and inserted eight new incidents that occurred before January. These are not incidents that the CSB is inve...
UK IT Leaders Are Prioritizing Cybersecurity: But Is This a Good Thing? | Mark As Read |
Tech leaders taking cybersecurity seriously is something of a double-edged sword. While its undoubtedly good that organizations are waking up to the genuine threat cyberattacks pose, its depressing that they must siphon off so many resources to protect themselves rather than using them for growth and innovation. A recent survey of UK technology lea...
"All for One and One for All": The EU Cyber Solidarity Act Strengthens Digital Defenses | Mark As Read |
Alexandre Dumas's timeless novel "The Three Musketeers" immortalized the ideal of unyielding solidarity, the enduring motto "All for one and one for all." In the face of ever-evolving threats in the digital realm, the European Union echoes this spirit with its landmark Cyber Solidarity Act . This new legislation recognizes that collective defense i...
Short Takes 4-23-24 | Mark As Read |
Russia-linked hacking group claims to have targeted Indiana water plant. CNN.com article. Pull quote: While the video is sensational, the actions taken by the threat actor are amateur and would amount to a minor annoyance for plant operators, Fabela, who is CEO of Infinity Squared Group, a consulting firm, told CNN. A powerful volcano is erupting....
Review 2 Updates Published 4-23-24 | Mark As Read |
Today, CISAs NCCIC-ICS published updates for two control system security advisories for products from Chirp Systems and Mitsubishi Electric. Updates Chirp Systems Update - This update includes additional information on an advisory that was originally published on March 7th, 2024. Mitsubishi Update - This update includes additional information on...
Creating a Winning AI Business Strategy: 8 Steps | Mark As Read |
Developing a competitive artificial intelligence business strategy has quickly become an essential leadership strategy as AI has grown into an indispensable business tool. Businesses from all different industries are incorporating new enterprise AI use cases in their workflows to improve products and disrupt their respective industries. To keep up ...
Enhancing Endpoint Security with Advanced Host-Based Intrusion Detection Capabilities | Mark As Read |
In 2023, companies lost about $4.45 million on average because of data breaches. As cyber threats advance, securing endpoints is more important than ever. An advanced Host-based Intrusion Detection System (HIDS) provides a sturdy remedy to improve endpoint security . By monitoring and examining system responses and device status, HIDS identifies an...
University Cybersecurity Clinics Can Now Use the New CISA Resource Guide | Mark As Read |
Budgetary and resource constraints play a huge role in cyberattacks on smaller organizations. Amidst a strained global economy, many under-resourced organizations like non-profits, local governments, and hospitals struggle to keep their heads above water - they simply don't have the funds to invest in cybersecurity. To make matters worse, cybercrim...
Short Takes 4-22-24 | Mark As Read |
Syphilis case increase sparks Colorado public health order. TheHill.com article. Pull quote: People should know that this is a treatable disease for adults. A course of penicillin generally does the trick. Some adults have very mild symptoms, theres a lack of diagnosis, others who were symptomatic and treated with penicillin, Polis said. But the re...
6 Best Prompt Engineering Tools in 2024 | Mark As Read |
Prompt engineering tools are software platforms that help business owners, content creators and prompt engineers craft effective prompts that maximize output from their large language models (LLMs) and generative AI tools. In other words, the best prompt engineering tools provide you with the instructions and support for getting your AI tools to cr...
Spouses Failure to Pay Taxes is No Excuse | Mark As Read |
I have seen it time and again where security clearance applicants who are denied eligibility based onfinancial issuesclaim the reason for the delinquent debts is because the spouse was in charge of the finances, and they thought all the bills and taxes were being taken care of. A recent Defense
Review - S 3943 Introduced ANCHOR Act | Mark As Read |
Last month, Sen Padilla (D,CA) introduced S 3943, the Accelerating Networking, Cyberinfrastructure, and Hardware for Oceanic Research (ANCHOR) Act. The bill would require the National Science Foundation (NSF) to submit a plan to improve the cybersecurity and telecommunications of the Academic Research Fleet. No new funding is authorized by the legi...
Short Takes 4-22-24 Space Geek Edition | Mark As Read |
Dragonfly: NASA Just Confirmed The Most Exciting Space Mission Of Your Lifetime. Forbes.com article. Pull quote: Titan is the only other world in the solar system other than Earth that has weather and liquid on its surface. It has an atmosphere, rain, lakes, oceans, shorelines, valleys, mountain ridges, mesas and dunesand possibly the building bloc...
Senate Began Consideration HR 3935 FAA Reauthorization | Mark As Read |
On Friday, the Senate began debate on the consideration of HR 3935, the Securing Growth and Robust Leadership in American Aviation Act. That debate continued on Saturday. Debate will resume on Tuesday. No amendments have been submitted. No real action will occur until the Senate comes back from their upcoming recess on April 29th.
Exploring Cybersecurity Risks in Telemedicine: A New Healthcare Paradigm | Mark As Read |
The experience of seeing a doctor has transformed dramatically, thanks in part to the emergence of telemedicine. This digital evolution promises convenience and accessibility but brings with it a host of cybersecurity risks that were unimaginable up until a few years ago. The unique cybersecurity challenges facing telemedicine today underscore the ...
NSA Debuts Top 10 Cloud Security Mitigation Strategies | Mark As Read |
As businesses transition to hybrid and multi-cloud setups, vulnerabilities arising from misconfigurations and security gaps are escalating, attracting attention from bad actors. In response, the US National Security Agency (NSA) issued a set of ten recommended mitigation strategies, published earlier this year (with support from the US Cybersecurit...
CISA Publishes Secure Your Chemicals: Potential Threats | Mark As Read |
Recently, CISA added a new infographic to their stable of publications supporting the two agency chemical security programs, the currently inactive Chemical Facility Anti-Terrorism Standards (CFATS) program and the voluntary ChemLock program. The new SECURE CHEMICALS: POTENTIAL THREATS page shows a brief overview of the potential threats to chemica...
Chemical Incident Reporting Week of 4-13-24 | Mark As Read |
NOTE: See here for series background. Moosic, PA 4-15-24 Local news reports: Here, here, and here. Ammonia storage tank leak at food processing facility. 14 transported to hospital for ammonia exposure. Possible CSB reportable if any of the patients were admitted to the hospital. Naperville, IL 4-15-24 Local news reports: Here, here, and he...
GAO Reports Week of 4-13-24 Federal Cybersecurity EO Actions | Mark As Read |
This week, the Government Accountability Office (GAO) published a report on Cybersecurity - Implementation of Executive Order Requirements Is Essential to Address Key Actions. The report looks at the implementation of EO 14028 in CISA, NIST, and OMB. The table below shows the GAOs assessment of EO 14028 leadership and oversight requirements (see A...
CRS Reports Week of 4-13-24 Congressional Disapproval | Mark As Read |
This week, the Congressional Research Service (CRS) published a report on The Congressional Review Act: Defining a Rule and Overturning a Rule an Agency Did Not Submit to Congress. The 118th Congress has been fairly active in submitting and passing bills to overturn agency actions. This report outlines the processes under the Congressional Review A...
Transportation Chemical Incidents Week of 3-16-24 | Mark As Read |
Reporting Background See this post for explanation, with an update here (removed from paywall). Data from PHMSAs online database of transportation related chemical incidents that have been reported to the agency. Incidents Summary Number of incidents 470 (460 highway, 9 air, 1 rail) Serious incidents 4 (3 Bulk release, 0 injuries, 0 deaths...
Review Public ICS Disclosures Week of 4-13-24 | Mark As Read |
This week we have nine vendor disclosures from Hitachi, HPE (4), Peplink, Philips, and Rockwell (2). There are also five vendor updates from B&R (2), Contec, HPE, and Palo Alto Networks. We also have eleven researcher reports about vulnerabilities in products from Elber (10) and Silicon Labs. Finally, we have two exploits for products from Palo...
Short Takes 4-19-24 | Mark As Read |
The Trump Jury Has a Doxing Problem. Wired.com article. To be fair, should read Potential Doxing Problem. Pull quote: Armed with basic personal details about jurors and certain tools and databases, an OSINT researcher could potentially uncover a significant amount of personal information by cross-referencing all this together, Diachenko says. That...
Siemens Publishes Out-of-Zone Advisory 4-19-24 | Mark As Read |
Today, ten days after the publication of their monthly tranche of security advisories and updates, Siemens published a control system security advisory that discusses a command injection vulnerability in their RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW. This is a third-party (Palo Alto Networks) vulnerability that is ...
What is Retrieval Augmented Generation? How it Works & Use Cases | Mark As Read |
Retrieval-augmented generation, or RAG, is a technique for enhancing the output of large language models by incorporating information from external knowledge bases or sources. By retrieving relevant data or documents before generating a response, RAG improves the generated text's accuracy, reliability, and informativeness. This approach helps groun...
OMB Approves DOEs Foreign Entity Final Rule | Mark As Read |
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule for the DOE on U.S. Department of Energy Interpretation of Foreign Entity of Concern. The rule was submitted to OIRA on March 21st, 2024. This rulemaking was not listed in the Fall 2023 Unified Agenda. This rulemaking will probably b...
OMB Approves EPAs Methylene Chloride Final Rule | Mark As Read |
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule for the EPA on Methylene Chloride (MC); Regulation Under the Toxic Substances Control Act (TSCA). The final rule was submitted to OIRA on January 24th, 2024. The notice of proposed rulemaking was published on May 3rd, 2023. According...
Bills Introduced 4-18-24 | Mark As Read |
Yesterday, with both the House and Senate in session, there were 76 bills introduced. One of those bills will receive additional attention in this blog: HR 8070 To authorize appropriations for fiscal year 2025 for military activities of the Department of Defense, for military construction, and for defense activities of the Department of Energy, to...
Short Takes 4-18-24 | Mark As Read |
The race to produce rare earth elements. TechnologyReview.com article. Pull quote: That technology extracts rare earth elements from coal ash, leaving behind a solution rich in those elements and a residual solid containing iron and other metals. Through sequential steps of heating and cooling, rare earths are transferred into an ionic liquida salt...
Ultimate Guide to AI Deepfake Technology | Mark As Read |
A deepfake is a type of synthetic media where the likeness of someone in an existing image or video is replaced with someone elses likeness using artificial intelligence. This technology utilizes sophisticated AI algorithms to create or manipulate audio and video content with a high degree of realism. Deepfake technology represents one of the most ...
Review - 1 Advisory and 2 Updates Published 4-18-24 | Mark As Read |
Today, CISAs NCCIC-ICS published a control systems security advisory for products from Unitronics. They also updated two advisories for products from Mitsubishi. Advisories Unitronics Advisory - This advisory describes a storing passwords in a recoverable format vulnerability in the Unitronics Vision Standard PLCs. Updates Mitsubishi Update #1 ...
Prevent Generative AI Data Leaks with Chrome Enterprise DLP | Mark As Read |
Posted Kaleigh Rosenblat, Chrome Enterprise Senior Staff Software Engineer, Security Lead Generative AI has emerged as a powerful and popular tool to automate content creation and simple tasks. From customized content creation to source code generation, it can increase both our productivity and creative potential. Businesses want to leverage t...
37 Arrested as Police Smash LabHost International Fraud Network | Mark As Read |
Police have successfully infiltrated and disrupted the fraud platform "LabHost", used by more than 2,000 criminals to defraud victims worldwide. A major international operation, led by the UK's Metropolitan Police, has seized control of LabHost, which has been helping cybercriminals create phishing websites since 2021 to steal sensitive information...
Short Takes 4-18-24 Space Geek Edition | Mark As Read |
Launch of a Reentry Vehicle as a Payload That Requires a Reentry Authorization To Return to Earth. Federal Register FAA notice. Summary: This action provides notice that in general, the FAA will not authorize launch of a reentry vehicle as a payload that will require a reentry authorization to return to Earth unless the reentry vehicle operator has...
Supply Chain Cybersecurity the importance of everyone | Mark As Read |
Im always surprised and a little disappointed at how far we have to go before supply chain cybersecurity gets the respect and attention it deserves. I sat down this week with a new client who wanted some help addressing several internal issues surrounding their IT systems. When I asked them about their relationship with the supplier essentially,...
Short Takes 4-17-24 | Mark As Read |
Its an efficient machine to destroy nuclear waste: nuclear future powered by thorium beckons. ChemistryWorld.com article. Pull quote: The companys concept combines a particle accelerator called a cyclotron with a subcritical lead-cooled reactor. Its built with about 3% missing neutrons which is a very important safety feature for us if you pull th...
AI Model Optimization: 6 Key Techniques | Mark As Read |
Empower your AI with optimization. Discover 6 strategies to enhance efficiency through AI model optimization. The post AI Model Optimization: 6 Key Techniques appeared first on eWEEK.
Review - S 3959 Introduced TWIC-HME Applications | Mark As Read |
Last month, Sen Wicker (R,MS) introduced S 3959, the Transportation Security Screening Modernization Act. The bill would require the TSA to take actions (potentially including issuing an interim final rule) to streamline the procedures for individuals applying for or renewing enrollment in more than one TSA security threat assessment program, in pa...
Navigating AI and Cybersecurity: Insights from the World Economic Forum (WEF) | Mark As Read |
Cybersecurity has always been a complex field. Its adversarial nature means the margins between failure and success are much finer than in other sectors. As technology evolves, those margins get even finer, with attackers and defenders scrambling to exploit them and gain a competitive edge. This is especially true for AI. In February, the World Eco...
Short Takes 4-16-24 | Mark As Read |
Crickets from Chirp Systems in Smart Lock Key Leak. KrebsOnSecurity.com article. Pull quote: Its just a matter of them being motivated to do it [fix the vulnerability], he said. But theyre part of a private equity company now, so theyre not answerable to anybody. Its too bad, because its not like residents of [the affected] properties have another ...
Top 75 Generative AI Startups Innovating In 2024 | Mark As Read |
Generative AI startups have emerged as the newest and most formidable players in the tech world, using natural language processing, machine learning, and other forms of artificial intelligence to generate new, original content for a variety of business use cases. Larger tech companies like Google, Microsoft, and AWS are working hard to build their ...
Ciscos Splunk Acquisition: A Data-First AI Company Transformation | Mark As Read |
Cisco looks to leverage Splunk to be a world-class data company The post Cisco's Splunk Acquisition: A Data-First AI Company Transformation appeared first on eWEEK.
Review 4 Advisories Published 4-16-24 | Mark As Read |
CISAs NCCIC-ICS published four control system security advisories for products from RoboDK, Rockwell Automation, Electrolink, and Measuresoft. Advisories RoboDK Advisory - This advisory describes a heap-based buffer overflow vulnerability in the RoboDK RoboDK robotics development software. Rockwell Advisory - This advisory describes an improper ...
6 Best Large Language Models (LLMs) in 2024 | Mark As Read |
Looking to take your business to a new level through large language models (LLMs)? Check out our complete list of the best LLMs. The post 6 Best Large Language Models (LLMs) in 2024 appeared first on eWEEK.
Committee Hearings Week of 4-14-24 | Mark As Read |
This week, with both the House and Seante in session, there is a moderately busy hearing schedule. This includes a number of budget hearings as a part of the start of the certainly to be contentious FY 2025 spending process. There is one cybersecurity hearing looking at medical cybersecurity issues. Budget Hearings Budget Hearings ...
Review - CIRCIA NPRM Cyber Incident Definitions | Mark As Read |
Earlier this month, CISA published the official version of their Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) (Division Y, PL 117-103) notice of proposed rulemaking (NPRM). This is part of a continuing series of posts looking at the proposed rulemaking. In this post I will be looking at how CISA is proposing to deal with the pr...
SCM and NERC: What You Need to Know | Mark As Read |
Security configurations are an often ignored but essential factor in any organizations security posture: any tool, program, or solution can be vulnerable to cyberattacks or other security incidents if the settings are not configured correctly. Staying on top of all of these security configurations can be a daunting responsibility for security or IT...
Casting a Cybersecurity Net to Secure Generative AI in Manufacturing | Mark As Read |
Generative AI has exploded in popularity across many industries. While this technology has many benefits, it also raises some unique cybersecurity concerns. Securing AI must be a top priority for organizations as they rush to implement these tools. The use of generative AI in manufacturing poses particular challenges. Over one-third of manufacturer...
- Welcome!
- SecurityCentric aggregates blogs for the Security industry.
- Custom Feeds
- Add any RSS feed to the information you read daily.
- Blocked Feeds
- Block feeds to remove blogs you’re not interested in.
- Account Settings
- Customize the site by adding or removing feeds.
Don’t have an account yet?
- Customize your settings
- Edit how your blog displays
- Add or remove blogs you read. Sign Up.
About Us
SecurityCentric is your source for all your Security news.
Know of a Security blog that we're missing? Let us know! |