SecurityCentric is your source for Blog Aggregation in the Security industry
This week we have 18 vendor disclosures from Advantech, Aruba Networks, Bosch, Broadcom (3), Cisco (2), Eaton (2), Festo, GE Gas Power, Helmholz, HP (2), HPE, JTEKT, and mb Connect. Advisories Advantech Advisory - Advantech published an advisory that describes an exposure of sensitive information to an unauthorized actor vulnerability in their R-...
ISA MLM-38A Identifying Control System Cyber Incidents has been issued. ScadaMag.Infracritical.com article. Pull quote: Those people that can identify control system cyber incidents are not under the purview of the CISO. Cyber security requirements, technologies, monitoring, testing, and incident response planning are based on lessons learned from ...
A reader pointed me at this PHMSA job posting, asking me to spread the word about these Compliance Investigator positions. This is actually three entry level positions in PHMSAs Office of Hazardous Materials Safety Field Operations, with openings in Ontario, CA, Atlanta, GA, and Kansas City, MO. I do not have any recent experience with USAJobs.gov...
Yesterday, with both the House (kinda) and Senate in session, there were 52 bills introduced. One of those bills may receive additional attention in this blog: S 3082 A bill to amend the Federal Water Pollution Control Act to make changes with respect to water quality certification, and for other purposes. Barrasso, John [Sen.-R-WY] I will be wat...
Lone senator stymies cyber legislation in Senate. WashingtonPost.com article. Pull quote: Paul has also blocked other avenues for them to get full Senate consideration, such as amendments to the annual defense policy bill, said a Senate source who spoke on the condition of anonymity to discuss internal procedures. Senate procedures usually require ...
Today, CISAs NCCIC-ICS published an update for a control system security advisory for products from Hitachi Energy. Hitachi Energy Update - This update provides updated information on an advisory that was originally published on May 23rd, 2023 (not May 5th) and most recently updated on September 28th, 2023. For more details about this advisory...
Speaker saga sparks revolution among mainstream Republicans. TheHill.com article. Pull quote: The January 20 [against McCarthy] were all trying to extract something. it was transactional, Womack said. The October 20 Ive talked to these people. Theres not an ask. There is nothing that the candidate can offer that can move these members from their p...
Last month, Sen Markey (D,MA) introduced S 2980, the Penalizing and Improving Prevention of Emergencies (PIPE) Act of 2023 (not to be confused with the annual PIPES Act). The bill would make several changes to existing US Code pipeline safety requirements, including removing the requirement for the consideration of cost-benefit analysis in new pipe...
Israeli tanks add drone protection cages, a lesson from Ukraine war. WashingtonPost.com article. Pull quote: An interesting question is whether these structures will become standard for armored vehicles in conflict, Cancian said. The United States has not equipped its tanks with cages, but this may be a lesson armies need to learn the hard way. In...
The House held their second vote for a Speaker of the House to replace Rep McCarthy who was removed from that position earlier this month. Rep Jordan (R,OH), the Republican nominee, did not receive the requisite majority of the votes cast (433), losing 22 Republican votes to other, unnominated candidates (including McCarthy and Scalise). The House ...
Last month, Rep Carbajal (D,CA) introduced HR 5758, a bill to establish in the National Nuclear Security Administration (NNSA) a Cybersecurity Risk Inventory, Assessment, and Mitigation Working Group. The bill would amend Subtitle A of title XXXII of the National Defense Authorization Act for Fiscal Year 2000 (PL 10665) adding a new 3222, Cybersecu...
Posted by Steve Kafka, Group Product Manager and Roman Kirillov, Senior Engineering Manager Mobile devices have supercharged our modern lives, helping us do everything from purchasing goods in store and paying bills online to storing financial data, health records, passwords and pictures. According to Data.ai, the pandemic accelerated existing m...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule for the EPA on Changes to Reporting Requirements for Per- and Polyfluoroalkyl Substances and to Supplier Notifications for Chemicals of Special Concern; Community Right-to-Know Toxic Chemical Release Reporting. EPA sent the draft rul...
Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure. NVLPubs.NIST.gov publication (NIST IR 8473). Abstract: This document is the Cybersecurity Framework Profile (Profile) developed for the Electric Vehicle Extreme Fast Charging (EV/XFC) ecosystem, including the four domains that relies on the ecosystem (i) Elec...
Tomorrow it will be three months since the Chemical Facility Anti-Terrorism Standards (CFATS) program was officially closed by CISA after congress failed to renew the program authorization. Since July 28th, the 3,242 facilities (as of the last official accounting [removed from paywall]) covered by the program have continued to operate without facil...
The House held their first vote for a Speaker of the House to replace Rep McCarthy who was removed from that position earlier this month. Rep Jordan (R,OH), the Republican nominee, did not receive the requisite majority of the votes cast (432), losing20 Republican votes [added link to vote tally, 21:56 10-17-23] to other, unnominated candidates (in...
Security Executive Agent Directive (SEAD) 3 establishes reporting requirements for all security clearance holders. Among the various categories of reporting is a section called financial anomalies. Clearance holders are required to report bankruptcies, wage garnishments, debts that are more than 120 days past due (no matter the amount), and unusual
There are many cleared workers who have to report to a Sensitive Compartmented Information Facility (SCIF) every day to do their work. With the recent changes in allowing more telework and remote work across the federal government, there has been an increase in the number of SCIF employees considering finding
Ayush Khandelwal, Software Engineer, Michael Torres, Security Engineer, Hemil Patel, Technical Program Manager, Sameer Ladiwala, Software EnginnerIn July 2023, four Googlers from the Enterprise Security and Access Security organizations developed a tool that aimed at revolutionizing the way Googlers interact with Access Control Lists - SpeakACL. Th...
Posted by Andrew Walbran, Android Rust Team Last year we wrote about how moving native code in Android from C++ to Rust has resulted in fewer security vulnerabilities. Most of the components we mentioned then were system services in userspace (running under Linux), but these are not the only components typically written in memory-unsafe language...
Back in July, Rep Cole (R,OK) introduced HR 4820, the Transportation, Housing and Urban Development, and Related Agencies [THUD] Appropriations Act, 2024. The House Appropriations Committee published their Report on the Bill. While there are only limited mentions of the topics of cybersecurity, counter-UAS operations and chemical safety in the bill...
NTSB: How Not to Blow a Gasket. RailwayAge.com article. Pull quote: NTSB said the AAR needs to update its Certificate of Construction approval procedures to ensure that tank cars comply with this revised specification. We also recommended that the AAR, after PHMSA revises the DOT-117 specification, revise the inspection requirements for welds assoc...
NOTE: See here for series background. Gillette, WY 9-26-23 Local news reports: Here, and here. Forklift pierced totebin of monoethanolamine in warehouse at power station. 150-gallon spill. No injuries. Building evacuated and spill cleaned up by fire department. Not CSB reportable; no serious injuries, deaths, or substantial property damage.
This week we have 22 vendor disclosures from Broadcom (3), Cisco, Eaton, Hitachi (6), HP (2), Honeywell, Moxa, Palo Alto Networks, QNAP (3), Sick (2), and Wireshark. There are five vendor updates from Broadcom, CODESYS, HPE (2), and Palo Alto Networks. Finally, we have a researcher report for products from Zavio. Advisories Broadcom Advisory #1 -...
Yesterday, with the House meeting in pro forma session, there were 29 bills introduced. Two of those bills will receive additional attention in this blog: HR 5893 - Making appropriations for the Departments of Commerce and Justice, Science, and Related Agencies for the fiscal year ending September 30, 2024, and for other purposes. Rogers, Harold [...
Detroit man steals 800 gallons using Bluetooth to hack gas pumps at station. Fox2Detroit.com article. Pull quote: When Mo says "open the pump" the thief overrides the system, basically hacking in using a Bluetooth connection from his phone, as a kind of remote. Then, its a free-for-all. Temporary Speaker Patrick McHenry Steers House on the Fly. W...
Back in July, Sen Merkley (D,OR) introduced S 2605, the Department of the Interior, Environment, and Related Agencies (IER) Appropriations Act, 2024. The Senate Appropriations Committee published their Report on the bill. Like the House bill (HR 4821), the two cybersecurity mentions in the bill are buried in other funding, and there are two cyberse...
Stephen Roettger and Marios Pomonis, Google Software EngineersIn 2020, we launched a novel format for our vulnerability reward program (VRP) with the kCTF VRP and its continuation kernelCTF. For the first time, security researchers could get bounties for n-day exploits even if they didnt find the vulnerability themselves. This format proved valuabl...
Dramatically lower the cost of producing green hydrogen. Newswise.com article. More than a little geeky. Pull quote: A research team led by Dr. Yoo Sung Jong of the Hydrogen and Fuel Cell Research Center at the Korea Institute of Science and Technology (KIST) have succeeded in significantly reducing the cost of green hydrogen production by implemen...
Today, CISAs NCCIC-ICS published three control system security advisories for products from Mitsubishi Electric, Qognify, and Hitachi Energy. Advisories Mitsubishi Advisor - This advisory discusses two vulnerabilities in the Mitsubishi CC-Link IE TSN Industrial Managed Switch. Qognify Advisory - This advisory describes a use of hard-coded creden...
Back in July, Rep Simpson (R,ID) introduced HR 4821, the Department of the Interior, Environment, and Related Agencies [IER] Appropriations Act, 2024. The House Appropriations Committee published their Report on the bill. There is no specific cybersecurity funding mentioned in the bill. The bill does contain reduced funding for the Chemical Safety ...
Yesterday, the White House published Executive Order 14109 in the Federal Register (88 FR 68447-68450) that extends the charters for a number of Federal Advisory Committees through September 30th, 2025. Those FACs include: Federal Advisory Council on Occupational Safety and Health; Executive Order 11612, as amended (Department of Labor), Presid...
A New Satellite Outshines Some of the Brightest Stars in the Sky. NYTimes.com article. Pull quote: AST SpaceMobile made BlueWalker 3s array so large in order to beam strong cellular coverage directly to phones on Earth. The satellite is made of many small antennas that can connect existing smartphones, which is an approach that distinguishes the co...
CISA implements OASIS CSAF 2.0 standard to security advisories for ICS, OT, medical devices. IndustrialCyber.co article. Pull quote: With this strategy in consideration, CISA now provides machine-readable CSAF documents alongside every new ICS Advisory and those dating back to 2017, the CISA executives wrote. Our ICS CSAF advisories will be located...
Today, the House took up Rep Gaetz (R,FL) motion to vacate the Office of the Speaker of the House, H Res 757. The House passed the resolution by a vote of 216 to 210 [link added, 5:44 pm EDT]. Rep McCarthy (R,CA) is no longer Speaker of the House. In accordance with House Rules, Rep McHenry (R,NC) is now the Speaker Pro Tempore. House is currently ...
As expected, the House is scheduled to take up HR 4394, the Energy and Water Development and Related Agencies [EWR] Appropriations Act, 2024, under a structured rule. The House Rules Committee met yesterday to formulate that rule. That rule adopts one of the spending-reduction proposed amendments and provides for the consideration of 60 amendments ...
Yesterday, with just the House in session (the Senate returns to Washington today) there were 15 bills introduced. One of those bills may received additional attention in this blog: HR 5871 To enhance safety requirements for trains, and for other purposes. Stansbury, Melanie Ann [Rep.-D-NM-1] I will be watching this bill for language and definiti...
Derailment Performance of DOT-117J Tank Cars. NTSB.gov investigation report. Pull quote: The majority of the ethanol released leaked from tank car service equipment (such as manway covers and bottom outlet valves) that remained intact during the derailment but sustained damage from the pool fire. We found that the gaskets used in the service equipm...
Today, the House took up HR 4502 [removed from paywall], the Modernizing the Acquisition of Cybersecurity Experts Act, under the suspension of the rules process. With only 16 minutes of debate, the legislation was passed by a strongly bipartisan vote of 394 to 1. Rep Lesko (R,AZ) was the only vote against the bill. The bill would restrict agencies...
I recently came across a rather unusual security clearance appeal case involving an applicant who had filed a false insurance claim on his wifes lost ring. Here is a summary of the Defense Office of Hearing and Appeals (DOHA) case: In 2017 the applicant bought his wife a $2,000 ring
On Friday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule from DOCs Bureau of Industry and Security (BIS) on Implementation of 2022 Wassenaar Arrangement Decisions. The rule was submitted to OIRA on July 18th, 2023. According to the entry for this rule making in the Spring 2023 Unified Agen...
The House Rules Committee will hold a rule hearing this afternoon that would include HR 4394, the Energy and Water Development and Related Agencies [EWR] Appropriations Act, 2024. The deadline for submitting amendments for the Committee to consider including in the Rule was last Friday, 122 amendments have been submitted. Three of the 122 amendmen...
Back in June, Rep Amodei (R,NV) introduced HR 4364, the Legislative Branch Appropriations Act, 2024. At the same time, the House Appropriations Committee published their Report on the bill. While there are a couple of cybersecurity mentions in the bill, they are entirely (and legitimately) focused on protecting the information technology systems us...
I've been working on this project for a couple of weeks, and it's pretty close to finished. I've been trying to build some more skills in the embedded systems, microcontroller and Internet of Things realm, and when I decided it was time to expand my experience to ESP32, I wanted a dev kit with a little bit of everything built in. I already have bre...
WATCH OUT! CVE-2023-5129 IN LIBWEBP LIBRARY AFFECTS MILLIONS APPLICATIONS. SecurityAffairs.com article. Pull quote: While the vulnerability initially seems to target Chromium-based applications, now that we know better, we understand that it possesses the potential to affect a much wider range of software and applications relying on the ubiquitous ...
This evening, after hours of backroom dealing, the Senate took up HR 5860, the clean continuing resolution that the House pressed through earlier today, and passed it by a vote of 88 to 9. The Senate needed an unanimous consent process to consider the bill today and there was an open question about whether deals were in place to ensure that no one ...
On Wednesday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that that it had approved a DOD notice of proposed rulemaking for National Industrial Security Program Operating Manual (NISPOM); Second Amendment. According to the Spring 2023 Unified Agenda entry for this rulemaking: Based on public comments, DoD is proposing ad...
Posted by Eugene Liderman and Roger Piqueras Jover SMS texting is frozen in time. People still use and rely on trillions of SMS texts each year to exchange messages with friends, share family photos, and copy two-factor authentication codes to access sensitive data in their bank accounts. Its hard to believe that at a time where technologies l...
Yesterday, OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule from DOCs Bureau of Industry and Security on Revisions to the Export Administration Regulations Based on 2018, 2019, 2021, and 2022 Missile Technology Control Regime Plenary Agreements; and Revisions to License Exception Eligibility. The ...
Space Force chief says commercial satellites may need defending. ArsTechnica.com article. Pull quote: In a modern war, "there are going to be commercial entities, commercial organizations, commercial capabilities and assets that get caught up in the conflicts," Saltzman said. "Space is no different than sea lanes. Its no different than civilian air...
- Welcome!
- SecurityCentric aggregates blogs for the Security industry.
- Custom Feeds
- Add any RSS feed to the information you read daily.
- Blocked Feeds
- Block feeds to remove blogs you’re not interested in.
- Account Settings
- Customize the site by adding or removing feeds.
Don’t have an account yet?
- Customize your settings
- Edit how your blog displays
- Add or remove blogs you read. Sign Up.
About Us
SecurityCentric is your source for all your Security news.
Have a Suggestion for Us?
|
Know of a Security blog that we're missing? Let us know!
|
Share SecurityCentric.com
| 
