SecurityCentric is your source for Blog Aggregation in the Security industry
Vincent Winstead, Technical Program ManagerIts Google CTF time! Get your hacking toolbox ready and prepare your caffeine for rapid intake. The competition kicks off on June 23 2023 6:00 PM UTC and runs through June 25 2023 6:00 PM UTC. Registration is now open at g.co/ctf.Google CTF gives you a chance to challenge your skillz, show off your hacktas...
David Kluge, Technical Program Manager, and Andy Warner, Product ManagerNobody likes preventable site errors, but they happen disappointingly often. The last thing you want your customers to see is a dreaded 'Your connection is not private' error instead of the service they expected to reach. Most certificate errors are preventable and one of the b...
Brandon Lum and Mihai Maruseac, Google Open Source Security TeamToday, we are announcing the launch of the v0.1 version of Graph for Understanding Artifact Composition (GUAC). Introduced at Kubecon 2022 in October, GUAC targets a critical need in the software industry to understand the software supply chain. In collaboration with Kusari, Purdue Uni...
Posted by Chrome Root Program, Chrome Security Team What is the Chrome Root Program? A root program is one of the foundations for securing connections to websites. The Chrome Root Program was announced in September 2022. If you missed it, dont worry - well give you a quick summary below! Chrome Root Program: TL;DR Chrome uses digital cer...
In applying theWhole-Person Concept, an administrative judge or adjudicator must evaluate an applicants eligibility for a security clearance by considering the totality of the applicants conduct and all relevant circumstances. You will see this verbiage written in all of the case summaries by Defense Office of Hearing and Appeals judges.
Posted by Sarah Jacobus, Vulnerability Rewards Team As technology continues to advance, so do efforts by cybercriminals who look to exploit vulnerabilities in software and devices. This is why at Google and Android, security is a top priority, and we are constantly working to make our products more secure. One way we do this is through our Vulne...
Dongge Liu, Jonathan Metzman and Oliver Chang, Google Open Source Security TeamGoogles Open Source Security Team recently sponsored a fuzzing competition as part of ICSEs Search-Based and Fuzz Testing (SBFT) Workshop. Our goal was to encourage the development of new fuzzing techniques, which can lead to the discovery of software vulnerabilities and...
Increasingly I come across background investigations where the applicant fills out the Questionnaire for National Security Positions (SF-86) and they fail to list required information in the police record section of the form. As a result, the investigation is conducted, information is found that contradicts the applicants answers to the
Juan Jos Lpez Jaimez, Security Researcher and Meador Inge, Security EngineerToday, we are announcing Buzzer, a new eBPF Fuzzing framework that aims to help hardening the Linux Kernel.What is eBPF and how does it verify safety?eBPF is a technology that allows developers and sysadmins to easily run programs in a privileged context, like an operating ...
Silvia Convento, Senior UX Researcher, Court Jacinic, Senior UX Content Designer, Becca Shareff, User Experience ResearcherIn recognition of World Password Day 2023, Google announced its next step toward a passwordless future: passkeys. Passkeys are a new, passwordless authentication method that offer a convenient authentication experience for site...
Appu Goundan, Google Open Source Security TeamToday, we are announcing the General Availability 1.0 version of rules_oci, an open-sourced Bazel plugin (ruleset) that makes it simpler and more secure to build container images with Bazel. This effort was a collaboration we had with Aspect and the Rules Authors Special Interest Group. In this post, we...
By: Arnar Birgisson and Diana K Smetters, Identity Ecosystems and Google Account Security and Safety teamsStarting today, you can create and use passkeys on your personal Google Account. When you do, Google will not ask for your password or 2-Step Verification (2SV) when you sign in.Passkeys are a more convenient and safer alternative to passwords....
Companies welcome input from industry participants and advocacy groups on a draft specification to alert users in the event of suspected unwanted tracking Location-tracking devices help users find personal items like their keys, purse, luggage, and more through crowdsourced finding networks. However, they can also be misused for unwanted tr...
Posted by Rae Wang, Director of Product Management (Android Security and Privacy Team) Unlike other mobile OSes, Android is built with a transparent, open-source architecture. We firmly believe that our users and the mobile ecosystem at-large should be able to verify Androids security and safety and not just take our word for it. Weve demonst...
There Are Too Many Generals and Admirals, a Senator Stalling Military Promotions Argues. Military.com article. Pull quote: "I had not been aware that it was a controversial view that our military needs officers in charge of the 5th Fleet or the 7th Fleet," Warren said, alluding to two of the nominees caught in Tuberville's hold. "If the senator fro...
Today, the DOTs Federal Railroad Administration (FRA) published on their website a new safety advisory dealing with the operation of long trains. The instructions to railroad operators will not become official until they are published in the Federal Register, probably next week but, since these are non-regulatory instructions, that delay is not mat...
Today, CISA published a 60-day information collection request (ICR) notice in the Federal Register (88 FR 25670-25672) for Request for Comment on Secure Software Development Attestation Common Form. This is supporting requirements outlined in OMB Memorandum M-22-18 for suppliers of software for the federal agencies to attest to conformity with secu...
Today, CISAs NCCIC-ICS published a medical device security advisory for products from Illumina. Advisories Illumina Advisory - This advisory describes two vulnerabilities in the Illumina Universal Copy Service. For more details about the advisory, including a down-the-rabbit-hole look at research networks, see my article at CFSN Detailed Anal...
Yesterday, Rep Latta (R,OH) was added as a cosponsor to HR 1623, a bill that would add certain commercial propane storage facilities to the list of facilities excluded from the reporting requirements of the Chemical Facility Anti-Terrorism Standards (CFATS) program. Latta is a member of the House Energy and Commerce Committee to which this bill was...
Posted by Anu Yamunan and Khawaja Shams (Android Security and Privacy Team), and Mohet Saxena (Compute Trust and Safety) Keeping Google Play safe for users and developers remains a top priority for Google. Google Play Protect continues to scan billions of installed apps each day across billions of Android devices to keep users safe from threats l...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had received a final rule from the National Science Foundation on NSF CyberCorps Scholarship for Service Program. According to the listing for this rulemaking in the Fall 2022 Unified Agenda: NSF is finalizing amendments to the CyberCorps Scholarship for Serv...
Yesterday, with both the House and Senate in session, there were 102 bills introduced. One of those bills may receive additional attention in this blog: HR 2875 To direct the North American Electric Reliability Corporation, in consultation with the Secretary of Energy, the Federal Energy Regulatory Commission, Regional Transmission Organizations, ...
Used Routers Often Come Loaded With Corporate Secrets. Wired.com article. Pull quote: One of the big concerns I have is that, if somebody evil isnt doing this, it's almost hacker malpractice, because it would be so easy and obvious, Camp says. Unfortunately this research needs to be re-one and republished periodically because this is too easy to ex...
Bob Callaway, Staff Security Engineer, Google Open Source Security team Last week the Open Source Security Foundation (OpenSSF) announced the release of SLSA v1.0, a framework that helps secure the software supply chain. Ten years of using an internal version of SLSA at Google has shown that its crucial to warding off tampering and keeping softwa...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced, that it had received a notice of proposed rulemaking from DHS on Minimum Standards for Driver's Licenses and Identification Cards Acceptable by Federal Agencies for Official Purposes; Waiver for Mobile Driver's Licenses. According to the Fall 2022 Unified Agenda list...
Yesterday, with both the Senate and House in session, there were 106 bills introduced. One of those bills may receive additional attention in this blog: HR 2866 To amend the Homeland Security Act of 2002 to establish Critical Technology Security Centers in the Department of Homeland Security to evaluate and test the security of critical technology...
'High bio-hazard risk' in Sudan after laboratory seized, WHO says. MSN.com article. Pull quote: There is a "high risk of biological hazard" in the Sudanese capital Khartoum after one of the warring parties seized a laboratory holding measles and cholera pathogens and other hazardous materials, the World Health Organization said on Tuesday. Patient ...
Today, the House Transportation and Infrastructure Committee announced a markup hearing for HR 2741, the Coast Guard Authorization Act of 2023. The Committee will consider substitute language for the bill that adds a number of new sections. The hearing web page currently lists twenty amendments that will be considered during the markup. I have not...
Today, CISAs NCCIC-ICS published two control system security advisories for products from SCADA-LTS and Keysight. Advisories SCADAS-LTS Advisory - This advisory discusses a cross-site scripting vulnerability in the SCADA-LTS open-source HMI. Keysight Advisory - This advisory describes a deserialization of untrusted data vulnerabilities in the Ke...
Yesterday, the Chemical Safety Board announced the publication of their final report on the investigation of the fire and chlorine gas release at the Bio-Lab manufacturing facility in Westlake, LA immediately following the passage of Hurricane Laura in August 2020. The incident was initiated when the roof was blown off of a portion of the plant in ...
The Supreme Court is about to hear a landmark online threats case. TheVerge.com article. Pull quote: But in part because of the internets ubiquity and its norms of communication, the case has broad implications that make many civil liberties advocates uneasy. The case has drawn supporting briefs from the American Civil Liberties Union, the Electron...
Last month, Sen Scott (R,FL) introduced S 1050, the Protect American Power Infrastructure Act. The bill would prohibit owners of defense critical electrical infrastructure from buying covered electrical power supply equipment from companies owned or controlled by foreign adversaries. No funding is authorized by this legislation. Moving Forward Sc...
Christiaan Brand, Group Product ManagerWe are excited to announce an update to Google Authenticator, across both iOS and Android, which adds the ability to safely backup your one-time codes (also known as one-time passwords or OTPs) to your Google Account.Across all of your online accounts, signing in is the front door to your personal information....
Over the last year the Defense Counterintelligence and Security Agency (DCSA), in collaboration with the Office of Personnel Management (OPM), has been pushing all Federal agencies who are using OPMs Electronic Questionnaire for Investigations Processing (e-QIP) to start the transition over to the National Background Investigation Services (NBIS) r...
With both the House and Senate in Washington this week, we have a relatively normal hearing schedule, with budget issues predominating. There is one cybersecurity hearing of note. BTW: Fourteen weeks left before the current authorization for the Chemical Security Anti-Terrorism Standards (CFATS) program runs out on July 27th, 2023. No congressiona...
Discussion about reliability of fewer big engines vs more smaller engines. Twitter.com thread. Pull quote: It's arguably true--and James Oberg wrote about this years ago--that the success of Apollo was at least in part due to the reliability of the 5 huge Saturn V engines, as opposed to the Soviet Union's necessity to use 15-20 separate, smaller en...
Review - Last month, Sen Lee (R,UT) introduced S 896, the Stopping Harmful Incidents to Enforce Lawful Drone Use (SHIELD U) Act. The bill would give airport operators the authority to conduct counter-drone activities at commercial airports. It would also allow State and local law enforcement personnel broad authority to conduct counter drone operat...
This last week, the Congressional Research Service (CRS) published a report on Department of Defense Counter-Unmanned Aircraft Systems. It provides a brief look at detection and interdiction tools available to the military for engaging unmanned aircraft systems. Interestingly, the report fails to provide any mention of the tactical use of UAS in th...
NOTE: See here for series background. SW Oklahoma City, OK 4-10-23 News articles here, here, and here. 100-lb Anhydrous Ammonia released during maintenance activities at an ice making facility. No injuries reported. Probably not a CSB reportable. Kansas City, KS 4-11-23 News article here and here. CO and CO2 leak at meat processing plant, 26 t...
This week we have six vendor disclosures from Cisco, Draeger, Omron (2), Philips, and VMware. There are seven vendor updates from Palo Alto Networks, QNAP (5), and Schneider. Finally, we have two exploits for products from VMware. Advisories Cisco Advisory - Cisco published an advisory that describes two vulnerabilities in their Industrial Networ...
How Citizen is trying to remake itself by recruiting elderly Asians. TechnologyReview article. Pull quote: He says he has Citizen on his own phone and has been taken aback by how biased some user-generated comments submitted around certain incidents were. What kind of impact does that really have on the psyche of our community? he asks. And its cl...
OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had received a FAR regulation on FAR Case 2023-010, Prohibition on Using a Covered Application. This rulemaking was not listed in the Fall 2020 Unified Agenda, so there is no official listing of its purpose, but I suspect that this may just have something to do with the Tik ...
Yesterday, with both the House and Senate preparing to leave Washington for a long weekend, there were 108 bills introduced. Three of those bills will receive additional coverage in this blog: HR 2741 Coast Guard Authorization Act of 2023 Graves, Sam [Rep.-R-MO-6] HR 2745 To amend title 28, United States Code, to allow claims against foreign stat...
New data show that an old model of the brain's motor cortex is incomplete. NPR.org article. Pull quote: In other words, these areas integrate information from all over the body and brain in order to carry out a movement. Dosenbach says the finding, which appears in the journal Nature, contradicts a central belief about motor cortex. Russia Seeks t...
Back in February (finally published by GPO today), Rep Gonzales (R,TX) introduced HR 1127, the United States-Taiwan Advanced Research Partnership Act of 2023. The bill would specifically authorize DHS Science and Technology Directorate to enter into cooperative research activities with Taiwan to strengthen preparedness against cyber threats and enh...
Starship Flight Test. SpaceX.com article. Pull quote: At 8:33 a.m. CT, Starship successfully lifted off from the orbital launch pad for the first time. The vehicle cleared the pad and beach as Starship climbed to an apogee of ~39 km over the Gulf of Mexico the highest of any Starship to-date. The vehicle experienced multiple engines out during the...
Today, the DOCs Bureau of Industry and Security (BIS) published a notice of proposed rulemaking (NPRM) in the Federal Register (88 FR 24341-24346) for Section 1758 Technology Export Controls on Instruments for the Automated Chemical Synthesis of Peptides. The advanced notice of proposed rulemaking was published (this post is now open to the public ...
Today, CISAs NCCIC-ICS published a control system security advisory for products from INEA. Advisories INEA Advisory - This advisory describes an OS command injection vulnerability in the INEA ME RTU. For more details about this advisory, including a down-the-rabbit-hole look at a possible connection to the Mitsubishi smartRTU, see my article...
Today, CISA published a 30-day information collection request (ICR) revision and renewal notice in the Federal Register (88 FR 24435-24437) for the Request To Revise and Extend the Chemical Security Assessment Tool (CSAT) Information Collection Under the Paperwork Reduction Act. The 60-day ICR notice was published (post is now public instead of sub...
- Welcome!
- SecurityCentric aggregates blogs for the Security industry.
- Custom Feeds
- Add any RSS feed to the information you read daily.
- Blocked Feeds
- Block feeds to remove blogs you’re not interested in.
- Account Settings
- Customize the site by adding or removing feeds.
Don’t have an account yet?
- Customize your settings
- Edit how your blog displays
- Add or remove blogs you read. Sign Up.
About Us
SecurityCentric is your source for all your Security news.
Have a Suggestion for Us?
|
Know of a Security blog that we're missing? Let us know!
|
Share SecurityCentric.com
| 
