SecurityCentric is your source for Blog Aggregation in the Security industry
The Trump Jury Has a Doxing Problem. Wired.com article. To be fair, should read Potential Doxing Problem. Pull quote: Armed with basic personal details about jurors and certain tools and databases, an OSINT researcher could potentially uncover a significant amount of personal information by cross-referencing all this together, Diachenko says. That...
Today, ten days after the publication of their monthly tranche of security advisories and updates, Siemens published a control system security advisory that discusses a command injection vulnerability in their RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW. This is a third-party (Palo Alto Networks) vulnerability that is ...
Retrieval-augmented generation, or RAG, is a technique for enhancing the output of large language models by incorporating information from external knowledge bases or sources. By retrieving relevant data or documents before generating a response, RAG improves the generated text's accuracy, reliability, and informativeness. This approach helps groun...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule for the DOE on U.S. Department of Energy Interpretation of Foreign Entity of Concern. The rule was submitted to OIRA on March 21st, 2024. This rulemaking was not listed in the Fall 2023 Unified Agenda. This rulemaking will probably b...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule for the EPA on Methylene Chloride (MC); Regulation Under the Toxic Substances Control Act (TSCA). The final rule was submitted to OIRA on January 24th, 2024. The notice of proposed rulemaking was published on May 3rd, 2023. According...
Yesterday, with both the House and Senate in session, there were 76 bills introduced. One of those bills will receive additional attention in this blog: HR 8070 To authorize appropriations for fiscal year 2025 for military activities of the Department of Defense, for military construction, and for defense activities of the Department of Energy, to...
The race to produce rare earth elements. TechnologyReview.com article. Pull quote: That technology extracts rare earth elements from coal ash, leaving behind a solution rich in those elements and a residual solid containing iron and other metals. Through sequential steps of heating and cooling, rare earths are transferred into an ionic liquida salt...
A deepfake is a type of synthetic media where the likeness of someone in an existing image or video is replaced with someone elses likeness using artificial intelligence. This technology utilizes sophisticated AI algorithms to create or manipulate audio and video content with a high degree of realism. Deepfake technology represents one of the most ...
Today, CISAs NCCIC-ICS published a control systems security advisory for products from Unitronics. They also updated two advisories for products from Mitsubishi. Advisories Unitronics Advisory - This advisory describes a storing passwords in a recoverable format vulnerability in the Unitronics Vision Standard PLCs. Updates Mitsubishi Update #1 ...
Police have successfully infiltrated and disrupted the fraud platform "LabHost", used by more than 2,000 criminals to defraud victims worldwide. A major international operation, led by the UK's Metropolitan Police, has seized control of LabHost, which has been helping cybercriminals create phishing websites since 2021 to steal sensitive information...
Launch of a Reentry Vehicle as a Payload That Requires a Reentry Authorization To Return to Earth. Federal Register FAA notice. Summary: This action provides notice that in general, the FAA will not authorize launch of a reentry vehicle as a payload that will require a reentry authorization to return to Earth unless the reentry vehicle operator has...
Im always surprised and a little disappointed at how far we have to go before supply chain cybersecurity gets the respect and attention it deserves. I sat down this week with a new client who wanted some help addressing several internal issues surrounding their IT systems. When I asked them about their relationship with the supplier essentially,...
Its an efficient machine to destroy nuclear waste: nuclear future powered by thorium beckons. ChemistryWorld.com article. Pull quote: The companys concept combines a particle accelerator called a cyclotron with a subcritical lead-cooled reactor. Its built with about 3% missing neutrons which is a very important safety feature for us if you pull th...
Empower your AI with optimization. Discover 6 strategies to enhance efficiency through AI model optimization. The post AI Model Optimization: 6 Key Techniques appeared first on eWEEK.
Last month, Sen Wicker (R,MS) introduced S 3959, the Transportation Security Screening Modernization Act. The bill would require the TSA to take actions (potentially including issuing an interim final rule) to streamline the procedures for individuals applying for or renewing enrollment in more than one TSA security threat assessment program, in pa...
Cybersecurity has always been a complex field. Its adversarial nature means the margins between failure and success are much finer than in other sectors. As technology evolves, those margins get even finer, with attackers and defenders scrambling to exploit them and gain a competitive edge. This is especially true for AI. In February, the World Eco...
Crickets from Chirp Systems in Smart Lock Key Leak. KrebsOnSecurity.com article. Pull quote: Its just a matter of them being motivated to do it [fix the vulnerability], he said. But theyre part of a private equity company now, so theyre not answerable to anybody. Its too bad, because its not like residents of [the affected] properties have another ...
Generative AI startups have emerged as the newest and most formidable players in the tech world, using natural language processing, machine learning, and other forms of artificial intelligence to generate new, original content for a variety of business use cases. Larger tech companies like Google, Microsoft, and AWS are working hard to build their ...
Cisco looks to leverage Splunk to be a world-class data company The post Cisco's Splunk Acquisition: A Data-First AI Company Transformation appeared first on eWEEK.
CISAs NCCIC-ICS published four control system security advisories for products from RoboDK, Rockwell Automation, Electrolink, and Measuresoft. Advisories RoboDK Advisory - This advisory describes a heap-based buffer overflow vulnerability in the RoboDK RoboDK robotics development software. Rockwell Advisory - This advisory describes an improper ...
Looking to take your business to a new level through large language models (LLMs)? Check out our complete list of the best LLMs. The post 6 Best Large Language Models (LLMs) in 2024 appeared first on eWEEK.
This week, with both the House and Seante in session, there is a moderately busy hearing schedule. This includes a number of budget hearings as a part of the start of the certainly to be contentious FY 2025 spending process. There is one cybersecurity hearing looking at medical cybersecurity issues. Budget Hearings Budget Hearings ...
Earlier this month, CISA published the official version of their Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) (Division Y, PL 117-103) notice of proposed rulemaking (NPRM). This is part of a continuing series of posts looking at the proposed rulemaking. In this post I will be looking at how CISA is proposing to deal with the pr...
Security configurations are an often ignored but essential factor in any organizations security posture: any tool, program, or solution can be vulnerable to cyberattacks or other security incidents if the settings are not configured correctly. Staying on top of all of these security configurations can be a daunting responsibility for security or IT...
Generative AI has exploded in popularity across many industries. While this technology has many benefits, it also raises some unique cybersecurity concerns. Securing AI must be a top priority for organizations as they rush to implement these tools. The use of generative AI in manufacturing poses particular challenges. Over one-third of manufacturer...
Thermoset plastic made from wood waste catalyzes its own degradation. CEN.ACS.org article. Pull quote: lenty of researchers have tried making degradable thermoset plastics by incorporating functional groups whose bonds can be severed by a catalyst or other external trigger. Barta and coworkers designed their new biobased epoxy-amine polymer similar...
Employees who have a history of quitting or walking off the job without notice may find obtaining security clearance eligibility a challenge. Why? Because it shows the employee is unreliable, has poor judgment, and is not trustworthy, all elements in the adjudicative guidelines under personal conduct. A recent Department of Energy
Last Friday, during the consideration of HR 7888, the Reforming Intelligence and Securing America Act, the House took up Amendment #1 offered under H Rept 118-456 (pg 5). That amendment would have provided for a warrant requirement for reviewing/using information on US persons obtained under 702 of the Foreign Intelligence Surveillance Act. One of ...
The number of endpoints in an organization often exceeds the number of employees. Managing these often disparate entities is more than a full-time job. Moreover, keeping them secure is equally difficult, yet securing all of your endpoints against cyber threats has become paramount for organizations worldwide. A common oversight that undermines thes...
In the first quarter of every year, organizations around the world release reports summing up data breach trends from the previous twelve months. And every year, these reports say broadly the same thing: data breach numbers have gone up again. This year is no different. Or is it? Compromises Up, Victims Down However, the Identity Theft Resource Cen...
For part two we have three additional vendor disclosures from B&R, Schneider and Welotec. We also have 13 vendor updates from HP (2) and Siemens (11). Finally, there are four researcher reports for vulnerabilities in products from TP-Link. Advisories B&R Advisory - B&R published an advisory that discusses four vulnerabilities (one wit...
I do not normally cover State level legislative efforts, as each State legislature has their own peculiar ways of dealing with legislation, but today I was pointed at an article on NebraskaExaminer.com that includes a discussion about an unusual legislative effort to deal with the fallout from Senate inaction on HR 4470, the CFATS reauthorization b...
Yesterday, OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule from the Environmental Protection Agency on Designating PFOA and PFOS as CERCLA Hazardous Substances. The notice of proposed rulemaking for this action was published on September 6th, 2022. According to the Fall 2023 Unified Agenda entry...
NOTE: See here for series background. San Mateo, CA 4-4-24 Local News Reports: Here, here, and here. Pool supply pickup truck overturned, spilling 24-gallons of chlorine bleach. No injuries. Not CSB reportable; a transportation incident, not a fixed site issue.
This week for Part 1 we have 20 vendor disclosures from B&R, Broadcom, FortiGuard (3), HP, HPE (3), Insyde, Palo Alto Networks (8), Pepperl+Fuchs, Philips, and Rockwell. Advisories B&R Advisory - B&R published an advisory that discusses five vulnerabilities (one with known exploit) in their APROL product. Broadcom Advisory - Broadcom...
Reporting Background See this post for explanation, with an update here (removed from paywall). Data from PHMSAs online database of transportation related chemical incidents that have been reported to the agency. Incidents Summary (links are to accident report) Number of incidents 484 (455 highway, 28 air, 1 rail) Serious incidents 3 (3 Bulk...
Japanese astronaut to be first non-American to set foot on moon. Phys.org article. Pull quote: "Two Japanese astronauts will join future American missions, and one will become the first non-American ever to land on the moon," Biden said in a press conference with Kishida. More states are finding bird flu in cattle. This is what scientists are watc...
Today, CISA published a notice that it had added a command injection vulnerability (CVE-2024-3400) in Palo Alto Networks PanOS product used in Palo Alto Network (PAN) firewall devices to their Known Exploited Vulnerability (KEV) Catalog. The vulnerability was discovered by Volexity on April 10th being actively exploited in multiple organizations. V...
Last month, Rep Garcia (R,CA) introduced HR 7630, the Accelerating Networking, Cyberinfrastructure, and Hardware for Oceanic Research (ANCHOR) Act. The bill would require the National Science Foundation (NSF) to submit a plan to improve the cybersecurity and telecommunications of the Academic Research Fleet. No new funding is authorized by the legi...
Holes in the holey graphyne story. ChemistryWorld.com commentary. Pull quote: This metric-driven enterprise generates a torrent of problematic papers, which leave an indelible mark on the global body of knowledge and create serious consequences for science and society. Peer-reviewed studies, regarded as credible and authoritative, inform clinical t...
Today, CISA added two new vulnerabilities to their Known Exploited Vulnerabilities Catalog, both for multiple NAS devices from D-Link. The two vulnerabilities are: Use of hard-coded credentials - CVE-2024-3272, and Command injection - CVE-2024-3273 NOTE: Both of the links above apply to both vulnerabilities. While not included in the KEV addi...
Today, CISAs NCCIC-ICS published nine control system security advisories for products from Rockwell Automation and Siemens (8). Advisories Rockwell Advisory - This advisory describes an improper input validation vulnerability in the Rockwell 5015-AENFTXT ethernet/IP adapter. Telecontrol Advisory - This advisory discusses 47 vulnerabilities in th...
Artificial intelligence (AI) social media tools are software built to enhance and optimize social media marketing efforts in a wide variety of ways. These AI social media apps help automate content creation, scheduling, monitoring, engagement, and audience-targeting tasks. Some AI tools even offer advanced capabilities that enable analyzing data, i...
What's going on? A relatively new strain of ransomware called DragonForce has making the headlines after a series of high-profile attacks. Like many other ransomware groups, DragonForce attempts to extort money from its victims in two ways - locking companies out of their computers and data through encryption, and exfiltrating data from compromised...
Yesterday, the Chemical Safety Board updated their Recent Recommendation Status Updates page to reflect changes to seven recommendations for actions that were taken on April 9th, 2024. Two of the recommendations were changes to the Open status of the recommendations, the other five recommendations were closed. The Recommendations were from the fol...
Yesterday, with both the House and the Senate in session, there were 48 bills introduced. One of those bills may receive additional coverage in this blog: HR 7922 To establish a Water Risk and Resilience Organization to develop risk and resilience requirements for the water sector. Crawford, Eric A. "Rick" [Rep.-R-AR-1] I will be watching this bi...
First entirely roll-to-roll system points way to cheap printed perovskite solar cells. ChemistryWorld.com article. Pull quote: The roll-to-roll printed perovskite cells exhibit efficiencies of up to 15.5% for small-area [devices] and 11% for large-area modules, says Bruno. Both figures improve the previous efficiency record for roll-to-roll perovsk...
Certainly there is massive hype about AI and its potential, and this excitement is as prevalent in cybersecurity as in any tech sector. The attitude among companies almost seems to be: sprinkle some AI magic on the network and voila! the perimeter is suddenly well protected. In contrast, SentinelOnes Gregor Stewart takes a […] The post Sent...
Why are AI CRM use cases crucial for modern CRM? Dive into our guide for examples and insights. The post AI CRM Use Cases: 10 Top Examples and Platforms Explored appeared first on eWEEK.
- Welcome!
- SecurityCentric aggregates blogs for the Security industry.
- Custom Feeds
- Add any RSS feed to the information you read daily.
- Blocked Feeds
- Block feeds to remove blogs you’re not interested in.
- Account Settings
- Customize the site by adding or removing feeds.
Don’t have an account yet?
- Customize your settings
- Edit how your blog displays
- Add or remove blogs you read. Sign Up.
About Us
SecurityCentric is your source for all your Security news.
Have a Suggestion for Us?
|
Know of a Security blog that we're missing? Let us know!
|
Share SecurityCentric.com
| 
