SecurityCentric is your source for Blog Aggregation in the Security industry

Bills Introduced 4-20-23

 Mark As Read    

Yesterday, with both the House and Senate preparing to leave Washington for a long weekend, there were 108 bills introduced. Three of those bills will receive additional coverage in this blog: HR 2741 Coast Guard Authorization Act of 2023 Graves, Sam [Rep.-R-MO-6] HR 2745 To amend title 28, United States Code, to allow claims against foreign stat...

Short Takes 4-20-23

 Mark As Read    

New data show that an old model of the brain's motor cortex is incomplete. NPR.org article. Pull quote: In other words, these areas integrate information from all over the body and brain in order to carry out a movement. Dosenbach says the finding, which appears in the journal Nature, contradicts a central belief about motor cortex. Russia Seeks t...

HR 1127 Introduced Cybersecurity Partnership

 Mark As Read    

Back in February (finally published by GPO today), Rep Gonzales (R,TX) introduced HR 1127, the United States-Taiwan Advanced Research Partnership Act of 2023. The bill would specifically authorize DHS Science and Technology Directorate to enter into cooperative research activities with Taiwan to strengthen preparedness against cyber threats and enh...

Short Takes 4-20-23 SpaceX Geek Edition

 Mark As Read    

Starship Flight Test. SpaceX.com article. Pull quote: At 8:33 a.m. CT, Starship successfully lifted off from the orbital launch pad for the first time. The vehicle cleared the pad and beach as Starship climbed to an apogee of ~39 km over the Gulf of Mexico the highest of any Starship to-date. The vehicle experienced multiple engines out during the...

Review - BIS Publishes Peptide Synthesis Export Controls NPRM

 Mark As Read    

Today, the DOCs Bureau of Industry and Security (BIS) published a notice of proposed rulemaking (NPRM) in the Federal Register (88 FR 24341-24346) for Section 1758 Technology Export Controls on Instruments for the Automated Chemical Synthesis of Peptides. The advanced notice of proposed rulemaking was published (this post is now open to the public ...

Review - 1 Advisory Published 4-20-23

 Mark As Read    

Today, CISAs NCCIC-ICS published a control system security advisory for products from INEA. Advisories INEA Advisory - This advisory describes an OS command injection vulnerability in the INEA ME RTU. For more details about this advisory, including a down-the-rabbit-hole look at a possible connection to the Mitsubishi smartRTU, see my article...

CISA Publishes CFATS CSAT 30-day ICR Revision/Renewal Notice

 Mark As Read    

Today, CISA published a 30-day information collection request (ICR) revision and renewal notice in the Federal Register (88 FR 24435-24437) for the Request To Revise and Extend the Chemical Security Assessment Tool (CSAT) Information Collection Under the Paperwork Reduction Act. The 60-day ICR notice was published (post is now public instead of sub...

Short Takes 4-19-23

 Mark As Read    

Enforcement of Cybersecurity Regulations: Part 3. LawFareBlog.com post. Pull quote: As cybersecurity assumes the role in economic stability that integrity of the banking system or the reliability of the stock exchanges have long had, regulators will need to expand their inspections or examinations capability. The TSA and other sector-specific regul...

Review S 905 Introduced Drone Zoning

 Mark As Read    

Last month, Sen Lee (R,UT) introduced S 905, the Drone Integration and Zoning Act. The bill would provide for State and local government authority over civil unmanned aircraft systems within 200-ft above the ground. Currently, sole jurisdiction over US airspace rest with the Federal Aviation Administration. This bill is very similar to S 600 introd...

CISA Announces CSTAC Meeting May 16th, 2023

 Mark As Read    

Today, CISA published a meeting notice in the Federal Register (88 FR 24205-24206) for Notice of President's National Security Telecommunications Advisory Committee Meeting to be held in Washington, DC on May 16th, 2023. Portions of the meeting will be open to the public via teleconference. The agenda for the public portion of the meeting includes...

Bills Introduced 4-18-23

 Mark As Read    

Yesterday, with both the House and Senate in session, there were 66 bills introduced. One of those bills will receive additional attention in this blog: HR 2670 National Defense Authorization Act (NDAA) for Fiscal Year 2024 Rogers, Mike D. [Rep.-R-AL-3] While the text of this bill is currently available, it is just the vaguest outline of the fina...

Review - S 914 Introduced DOE Threat Analysis Center

 Mark As Read    

Last month, Sen Risch (R,ID) introduced S 914, the Energy Threat Analysis Center (ETAC) Establishment Act of 2023. The bill would formally authorize the ETAC which DOE started last year as a pilot project (see here, here, and here). No separate funding is provided in the bill. Moving Forward Both Risch and his sole cosponsor (Sen Manchin {D,WV)} ...

Short Takes 4-18-23

 Mark As Read    

Pacific garbage patch providing a deep ocean home for coastal species. Arstechnica.com article. Pull quote: Finally, the researchers caution against a natural tendency to think of these plastic-borne coastal species as "misplaced species in an unsuitable habitat." Instead, it appears that they are well suited to life in the open ocean as long as th...

Review 2 Advisories and 2 Updates Published 4-18-23

 Mark As Read    

Today, CISAs NCCIC-ICS published two control system security advisories for products from Schneider and Omron. They also updated two advisories for products from Mitsubishi and Omron. Advisories Schneider Advisory - This advisory describes three vulnerabilities in the Schneider Easy UPS Online Monitoring Software. Omron Advisory - This advisory ...

Securely Hosting User Data in Modern Web Applications

 Mark As Read    

Posted by David Dworken, Information Security Engineer, Google Security Team Many web applications need to display user-controlled content. This can be as simple as serving user-uploaded images (e.g. profile photos), or as complex as rendering user-controlled HTML (e.g. a web development tutorial). This has always been difficult to do securely, s...

TSA Publishes 30-Day ICR Extension for Surface Trans Security Training

 Mark As Read    

Today, TSA published a 30-day information collection request (ICR) extension notice in the Federal Register (87 FR 23681-23682). The 60-day ICR notice for this ICR was published on January 10th, 2013. Todays notice repeats the revised burden estimate (218 respondents, 4,623 hours) from the earlier ICR notice, but again provides no explanation for t...

PHMSA Sends Gas Distribution Pipeline NPRM to OMB

 Mark As Read    

Yesterday, OMBs Office of Information and Regulatory Affairs announced that it had received a notice of proposed rulemaking from DOTs Pipeline and Hazardous Materials Safety Administration (PHMSA) on Pipeline Safety: Safety of Gas Distribution Pipelines and Other Pipeline Safety Initiatives. According to the listing for this rulemaking in the Fall ...

Committee Hearings Week of 4-16-23

 Mark As Read    

With both the House and Senate back in Washington from their Easter Recess, there is a relatively heavy schedule of hearings being held this week, mostly dealing with the budget. There is one cybersecurity hearing. Budget Hearings Budget Hearings House Senate Coast Guard Trans and Infra Subcommittee ...

Soliciting Prostitutes Is a No-No for Clearance Holders

 Mark As Read    

Even though it is practiced across the entire country, prostitution is illegal in the United States. There are countries where it is legal and regulated. Regardless of where it occurs, soliciting a prostitute is never a good idea for someone who has a security clearance. What is the big deal,

Review Public ICS Disclosures Week of 4-8-23 Part 3

 Mark As Read    

For Part 3, we have 35 vendor updates from Schneider (4) and Siemens (31). We also have a researcher report for products from Triangle Microworks. Finally, we have five exploits for products from Paradox Security, Palo Alto Networks, FortiGuard, Schneider Electric, and Franklin Fueling Systems. Updates Schneider Update #1 - Schneider published an...

Review Public ICS Disclosures Week of 4-8-23 Part 2

 Mark As Read    

For Part 2 we have 30 additional vendor disclosures from FortiGuard (22), Luxion, Schneider (6), and Siemens. Advisories FortiGuard Advisory #1 - FortiGuard published an advisory that discusses the DirtyPipe vulnerability in thier FortiProxy & FortiSIEM products. FortiGuard Advisory #2 - FortiGuard published an advisory that describes an OS ...

CRS Reports Week of 4-8-23 Cybersecurity

 Mark As Read    

This week the Congressional Research Service published a report to accompany the Homeland Security At 20 podcasts episode on cybersecurity. The report outlines a brief history of the federal governments cybersecurity efforts starting before the Homeland Security Act of 2002 was enacted, until today. It includes an overview of the major cybersecurit...

Chemical Incident Reporting Week of 4-1-23

 Mark As Read    

NOTE: See here for series background. Newfane, NY, March 30th, 2023 News reports here, here and here Explosions and fire reportedly caused by self-reacting organic peroxide in 5-gal containers. No reports of injury, no damage estimates, no photos of damage to facilities. May be a CSB reportable depending on the damage to the facility. Richmond...

Review Public ICS Disclosures Week of 4-8-23 Part 1

 Mark As Read    

And once again it is the Saturday after Cyber Tuesday. For Part 1, we have 34 vendor disclosures from B&R, Flexera, Hikvision, HMS, HP, HPE (3), Insyde (8), Meinberg, Palo Alto Networks (3), Phoenix Contact, Sick, Tanzu (9), and Wireshark (3). NOTE: It has become obvious that FortiGuard has joined the ranks of organizations that report vulnera...

Short Takes 4-14-23

 Mark As Read    

Is the US in a Space Race Against China? DefenseOne.com article. Pull quote: In the past, the space race was about who could reach the stars first and return home. Today, the goal has shifted to surviving and even thriving in the harsh environment of space. I believe it is not surprising that, despite its decisive lead, the U.S. has partnered with ...

Review - S 903 Introduced Civil Cyber Reserve Pilot

 Mark As Read    

Last month, Sen Rosen (D,NV) introduced S 903, the Department of Defense Civilian Cybersecurity Reserve Act. The bill would require the Army to carry out a pilot project to establish a Civilian Cybersecurity Reserve. No additional funding is authorized by the bill. The provisions of the bill are very similar to S 885, which was also introduced by R...

Short Takes 4-13-23

 Mark As Read    

U.S. intel agencies may change how they monitor social media, chatrooms after missing leaked U.S. documents for weeks. NBCNews.com article. Pull quote: Ronald Marks, a former CIA officer and a visiting professor at George Mason University, said the pendulum has swung back and forth over the past two decades over how much intelligence should be shar...

Review - HR 1633 Introduced RAIL Act

 Mark As Read    

Last month, Rep Johnson (R,OH) introduced HR 1633, the Reducing Accidents in Locomotives (RAIL) Act. Another in a series of legislative attempts to address the railroad hazardous material safety concerns that arose after the East Palestine derailment. Addresses a number of different issues and includes additional funding authorization for first res...

Review 16 Advisories Published 4-13-23

 Mark As Read    

Today, CISAs NCCIC-ICS published 15 control system security advisories for products from Mitsubishi Electric India, Datakit, and Siemens (13). They also published a medical device security advisory for products from Braun. Advisories Mitsubishi Advisory - This advisory describes a signal handler race condition vulnerability in the Mitsubishi Elec...

Supply chain security for Go, Part 1: Vulnerability management

 Mark As Read    

Posted by Julie Qiu, Go Security & Reliability and Oliver Chang, Google Open Source Security Team High profile open source vulnerabilities have made it clear that securing the supply chains underpinning modern software is an urgent, yet enormous, undertaking. As supply chains get more complicated, enterprise developers need to manage the tidal wa...

OMB Approves BIS Peptide Synthesis NPRM

 Mark As Read    

Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a notice of proposed rulemaking from the Bureau of Industry and Security on Section 1758 Technology Export Controls on Instruments for the Automated Chemical Synthesis of Peptides. The NPRM was sent to OIRA for review on March 29th, 2023. With the...

Short Takes 4-12-23

 Mark As Read    

NASA envisions international fleet of Apophis reconnaissance spacecraft. SpacePolicyOnline.com article. April 13, 2029, close (20,000 miles) approach. Pull quote: NASA already has a spacecraft that will observe Apophis after it passes by. The OSIRIS-REx mission is on its way back to Earth right now to deliver samples it collected from the asteroid ...

Review - HR 1674 Introduced Hazmat Train Safety

 Mark As Read    

Last month Rep Deluzio (D,PA) introduced HR 1674, the Railway Safety Act of 2023. The bill provides a variety of potential improvements for the shipment of hazardous materials by rail. Various funds are authorized to support some of the program proposed. The bill is very similar to S 576 that was introduced the same day as this bill. This is not t...

CSB Updates Status of Four Investigation Recommendations 4-10-23

 Mark As Read    

Yesterday, without fanfare or notice, the Chemical Safety Board updated the status of four accident investigation recommendations. The change of status documents were all dated April 10th, 2023, but the status was not updated on the CSB website until yesterday. The status updates include: Aghorn Operating Inc. Waterflood Station H2S Release, 2020...

FBI Sends Private Security Officer Vetting Final Rule to OMB

 Mark As Read    

Yesterday the OMBs Office of Information and Regulatory Affair announced that it had received a final rule from the Federal Bureau of Investigation on Implementation of the Private Security Officer Employment Authorization Act of 2004. An interim final rule on the topic was published on January 11th, 2006. According to the Fall 2022 Unified Agenda...

CISA Sends CFATS NPRM to OMB

 Mark As Read    

Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking (NPRM) from CISA on Chemical Facility Anti-Terrorism Standards (CFATS). This update of the CFATS regulations has been in the works since 2014 when an advanced notice of proposed rulemaking (ANPRM) was first publishe...

Short Takes 4-11-23

 Mark As Read    

Murphy's Law: When Better Is Not Worth It. StrategyPage.com article. Interesting look at recruiting problems. Pull quote: The problem is that Americans have, since the 1990s, become fat and physically unfit. A decade ago, there were 32 million male Americans of prime military age (17-24), but because of bad lifestyle choices only 13 percent of them...

Review 1 Advisory and 1 Update Published 4-11-23

 Mark As Read    

Today CISAs NCCIC-ICS published a new control system security advisory for products from FANUC. They also updated an update for an advisory for products from Mitsubishi Electric. Advisories FANUC Advisory - This advisory describes a path traversal vulnerability in the FANUC ROBOGUIDE-HandlingPRO robot simulation software. Updates Mitsubishi Upd...

Review - HR 1648 Introduced Smart Airports

 Mark As Read    

Last month, Rep Nehls (R,TX) introduced HR 1648, the Airport Technology and Efficiency Improvement Act of 2023. The bill would require the DOTs Federal Aviation Administration (FAA) to establish a new pilot grant program to support the acquisition and installation of internet of things technologies by airports to create a more consumer-friendly and...

Announcing the deps.dev API: critical dependency data for secure supply chains

 Mark As Read    

Posted by Jesper Sarnesjo and Nicky Ringland, Google Open Source Security Team Today, we are excited to announce the deps.dev API, which provides free access to the deps.dev dataset of security metadata, including dependencies, licenses, advisories, and other critical health and security signals for more than 50 million open source package versio...

Lynyrd Skynyrd Answers Who Should Create an Orgs BYOD Policy?

 Mark As Read    

The worst of LastPasss year-long battle with an attacker occurred through a personal device, on a home network, putting BYOD back in the spotlight. And for the past three months, most boards, CIOs, and CISOs I know are taking the opportunity to reevaluate their Bring Your Own Device (BYOD) policies. Here, I answer, Who should create an organizatio...

Security Uncorked 353 days ago

HR 1484 Introduced Pipeline Sabotage

 Mark As Read    

Last month Rep Bost, (R,IL) introduced HR 1484, the Pipeline Sabotage and Accident Prevention Act. The bill would make it a criminal offence to cause or threaten to cause a defect in a pipe, pump, or valve intended to be used or used in any pipeline facility. There is no funding authorized in this bill. The bill is fairly short and straightforward...

Behind the Scenes Teaching Secure Wi-Fi Design Special Edition at WLPC Phoenix

 Mark As Read    

Converting my Secure Wi-Fi Design course to a hands-on lab experience was no small feat. I'm grateful for the opportunity and invite you behind the scenes at my WLPC Deep Dive.

Security Uncorked 353 days ago

Multi-Millionaire Denied Clearance Eligibility

 Mark As Read    

I dont see more than a handful of Defense Office of Hearing and Appeal cases where the applicant is denied security clearance eligibility due to having monies, property and business dealing outside of the United States. This one caught my eye because it involved a multi-millionaire who had assets in

Short Takes 4-8-23

 Mark As Read    

Covid origins: Chinese scientists publish long-awaited data. BBC.com article. Not definitive but some real data. Pull quote: This new analysis, which has been validated by other scientists before being published in the journal Nature, includes more important detail about the content of those samples, which were collected from stalls, surfaces, cage...

Public Trust Applicant Denied Eligibility Due to Continued Intent to Smoke Weed

 Mark As Read    

Not to sound like a broken record here, but it amazes me when people want to work for the federal government as a civilian employee or contractor, but havent figured out that marijuana use is illegal at the federal level regardless of whether it is legal in their state. This

Clearance Reciprocity Still Lagging Among Intelligence Community Agencies

 Mark As Read    

Among all the security clearance reform initiatives over the last five years was an effort by Senator Mark Warner (D-Va) to modernize the way the government vetted applicants for security clearances andpositions of public trust. One specific area he wanted to focus on was expediting the reciprocity process for those

How and Why to Upgrade to the Latest Wi-Fi Security [Video]

 Mark As Read    

At the WLPC Conference in Phoenix a few weeks ago, I gave a short 30-minute talk on how and why to upgrade to WPA3 Security for business networks. Click the image in the blog header to watch the video. In this (accidentally) slide-free session, I cover: WPA3 security and when/why it's required moving forward Security […]

Security Uncorked 372 days ago

Embellished Excuses for Self-Inflicted Wounds Land Clearance Holder in Hot Water

 Mark As Read    

Every once in a while, I run across a security clearance appeals casewhere I ask myself did this really happen? There are some people outthere with mental disorders that impact their ability to thinkstraight when under stress, causing bizarre or abnormal behavior. Ifound a recent Department of Energy security clearance

Michigan Foundry Explosion Injures One

 Mark As Read    

An interesting and detailed article about an explosion and fire at an aluminum foundry reports that one employee was taken to the hospital and was being treated for burns. The cause of the explosion is still under investigation, but it appears to have involved one of the facilitys furnaces. As I have noted previously, the Chemical Safety Board tak...

Security
Welcome!
SecurityCentric aggregates blogs for the Security industry.
Custom Feeds
Add any RSS feed to the information you read daily.
Blocked Feeds
Block feeds to remove blogs you’re not interested in.
Account Settings
Customize the site by adding or removing feeds.

About Us

SecurityCentric is your source for all your Security news.

Have a Suggestion for Us?
Know of a Security blog that we're missing? Let us know!

Share SecurityCentric.com