SecurityCentric is your source for Blog Aggregation in the Security industry
As many on this site have said for security clearance applicants, it is better to tell all then try to hide stuff and hope no one finds out. Many times, the information you are trying to hide can be mitigated, but the fact that you lied about it cant. That
This week, with both the House and Senate in session, we are starting to see a fuller hearing scheduled, including some budget hearings (none of specific interest here this week). There are three hearings of interest here, a markup hearing, a pipeline safety hearing, and a look at the East Palestine train derailment. Markup Hearing On Wednesday, ...
Strengthen the security of physical, digital infrastructure. LPGasMagazine.com article. Pull quote: As technology continues to advance, threats are everywhere and anywhere and can happen at any time. Any breach impacts your business financially and can jeopardize the well-being of employees and customers. Taking time to think about your security pl...
On Friday, the Environmental Protection Agency (EPA) published their long-awaited memorandum on cybersecurity in the public water sector (PWS). The memo directs state water authorities to undertake cybersecurity reviews as part of their periodic sanitary surveys required under 40 CFR 142.16(b)(3). For every State, except Wyoming, State agencies hav...
MSIB: Transportation Worker Identification Credential (TWIC) reader rule delayed. Mariners.CoastGuard.blog post. Pull quote: On December 23, 2022, the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 (H.R. 7776) was signed into law, which includes section 11804(c) that delays implementation of Transportation Worker Identifica...
Yesterday, the DOTs Federal Railroad Administration (FRA) published a notice of Safety Advisory 2023-01 in the Federal Register (88 FR 13494-13497) for Evaluation of Policies and Procedures Related to the Use and Maintenance of Hot Bearing Wayside Detectors. This safety advisory is at least partially in response to the recent derailment with fire a...
This week the Congressional Research Service published a report on Monitoring the Sovereign Skies. The report looks at issues raised during the recent Chinese weather balloon incident about how the US military and civilian air space controllers monitor traffic in the National Air Space. This is a relatively low-tech coverage targeted at law makers....
This week we have 25 vendor disclosures from ABB (2), Aruba Networks, BaiCells, Bosch, B&R (2), Hitachi Energy, HPE (7), JTEKT Electronics, Milestone, Reillo, StrongSwan, Tanzu (2), VMware, WAGO, Western Digital, and Wireshark. We also have three vendor updates from HPE (2) and Mitsubishi. Finally we have ten researcher reports for products fro...
Yesterday, with just the House meeting in pro-forma session, there were 46 bills introduced. Four of those bills may receive additional attention in this blog: HR 1340 To provide outreach and technical assistance to small providers regarding Open RAN networks, and for other purposes. Allred, Colin Z. [Rep.-D-TX-32] HR 1345 To amend the National ...
The Chinese balloon saga could be part of a new space race closer to Earth. NPR.org article. Pull quote: Much of that research appears purely scientific, based on papers and patents published by near-space researchers, in line with Beijing's claim that the airship shot down over the U.S. was a civilian research balloon. Yet even simple meteorologic...
Last month, Rep Dingell (D,MI) introduced HR 774, the Manufacturing Economy and National Security (MEANS) Act. The bill would require the Department of Commerce to develop and implement a strategy taking a whole-of-Government approach to support the resilience, diversity, security, and strength of supply chains. The bill would authorize $35-billion...
National Cybersecurity Strategy 2023. WhiteHouse.gov publication. Highlights from the New U.S. Cybersecurity Strategy. KrebsOnSecurity.com article. Pull quote: Market forces are leading to a race to the bottom in certain industries, while contract law allows software vendors of all kinds to shield themselves from liability, Fox said. Regulations ...
Apologia. WHMurray.blogspot.com post. An interesting take on the recent InfraGard breach. Pull quote: As a matter of policy I do not do business with management in which I have lost confidence. Specifically I do not continue to use web sites that have proven unable to protect my personal data. The FBI has made it a condition of continued InfraGar...
Today, DOTs Pipeline and Hazardous Materials Safety Administration (PHMSA) published a Safety Advisory Notice for Tank Cars Equipped with Aluminum Manway Protective Housing. PHMSA is recommending that all hazmat tank car owners and offerors to survey their fleets for any tank cars currently equipped with aluminum protective housing and consider rep...
Today, the Chemical Safety and Hazard Investigation Board (CSB) published a 60-day information collection renewal notice in the Federal Register (88 FR 13086) for their CSB Accidental Release Reporting Form. This is the first renewal (there was a revision in 2021, but it did not change any burden information) for this collection since it was initia...
Today, CISAs NCCIC-ICS published three control system security advisories for products from Rittal, Baicells, and Mitsubishi. They also published a medical device security advisory for products from Medtronic. They updated a control system security advisory for products from Mitsubishi. Advisories Rittal Advisory - This advisory describes an impr...
Andy Warner, Google Trust Services, and Carl Krauss, Product Manager, Google DomainsWere excited to announce changes that make getting Google Trust Services TLS certificates easier for Google Domains customers. With this integration, all Google Domains customers will be able to acquire public certificates for their websites at no additional cost, w...
Yesterday, with both the House and Senate in session, there were 127 bills introduced. Three of those bills may receive additional coverage in this blog: HR 1285 To require a report from the Secretary of Homeland Security on the existence of programs and components of the Department of Homeland Security that are not explicitly authorized in statut...
Hackers Claim They Breached T-Mobile More Than 100 Times in 2022. KrebsOnSecurity.com article. Pull quote: They underestimate these actors and say this person isnt technically sophisticated, she [Allison Nixon] said. But if youre rolling around in millions worth of stolen crypto currency, you can buy that sophistication. I know for a fact some of t...
Today, CISAs Office of Chemical Security (OCS) published an updated responses to a FAQ on the Chemical Facility Anti-Terrorism Standards (CFATS) Knowledge Center. The revised FAQ responses were for FAQ #1275. This is the same FAQ that was updated yesterday. Yesterdays non-update is no longer listed. FAQ #1275 What needs to be done with the facilit...
Posted by Kiran Nair, Product Manager, Chrome Browser Your journey towards keeping your Google Workspace users and data safe, starts with bringing your Chrome browsers under Cloud Management at no additional cost. Chrome Browser Cloud Management is a single destination for applying Chrome Browser policies and security controls across Windows, Mac, ...
Yesterday, with both the House and Senate in Washington, there were 96 bills introduced. Two of those bills will receive additional coverage in this blog: HR 1238 To direct the Secretary of Transportation to issue certain regulations to define high-hazard flammable train, and for other purposes. Deluzio, Christopher R. [Rep.-D-PA-17] S 559 A bil...
On Monday, with both the House and Senate in session, there were 57 bills introduced. One of those bills will see additional coverage in this blog: HR 1219 To establish a food and agriculture cybersecurity clearinghouse in the National Telecommunications and Information Administration, and for other purposes. Pfluger, August [Rep.-R-TX-11]
CDC warns of drug-resistant stomach bug amid rise in cases. TheHill.com article. Pull quote: If your diarrhea lasts longer than usual or if its bloody or accompanied with severe stomach cramping, get to the doctor to determine whether its a run-of-the-mill norovirus or if its shigellosis, Hill explained. Fighting toxic air pollution. TheHill.com a...
Today the House Homeland Security Committee held a business meeting to approve their Oversight Plan for the 118th Congress. After considering and adopting two amendments, the Committee approved the amended Oversight Plan. Rep Thompson (D,MS) offered an amendment that would have added a Domestic Terrorism section to the portion of the Plan dealing ...
Today, CISAs Office of Chemical Security (OCS) published a new frequently asked questions (FAQs) and updated the responses to three other FAQs on the Chemical Facility Anti-Terrorism Standards (CFATS) Knowledge Center. The revised FAQ responses were for FAQ #1275. FAQ #1275 What needs to be done with the facility ID in the Chemical Security Assess...
Today, the DOTs Federal Highway Administration (FHWA) published a final rule in the Federal Register (88 FR 12724-12757) for the National Electric Vehicle Infrastructure Standards and Requirements. The rule establishes regulations setting minimum standards and requirements for projects funded under the National Electric Vehicle Infrastructure (NEVI...
Today, CISAs NCCIC-ICS published two control system security advisories for products from Hitachi. They also updated an advisory for products from Mitsubishi. Advisories Hitachi Advisory #1 - This advisory describes three vulnerabilities in the Hitachi Gateway Station (GWS). NOTE: I briefly reported on these vulnerabilities on February 18th, 20...
Posted by Michael Spaulding, Senior Product Manager, Ad Traffic QualityConnected TV (CTV) has not only transformed the entertainment world, it has also created a vibrant new platform for digital advertising. However, as with any innovative space, there are challenges that arise, including the emergence of bad actors aiming to siphon money away from...
Last-minute problem keeps SpaceX rocket, astronauts grounded. TheHill.com article. Pull quote: Officials said the problem involved ground equipment used for loading the engine ignition fluid. The launch team could not be sure there was a full load. A SpaceX engineer likened this critical system to spark plugs for a car. Periodic Graphics: Mucus, t...
Last week Rep Walberg (R,MI) introduced HR 1160, the Critical Electric Infrastructure Cybersecurity Incident Reporting Act. The bill would make DOE the designated agency to receive cybersecurity incident reports from critical electric infrastructure. It would also require DOE to publish regulations covering those reporting requirements. No spending...
This week, with the House and Senate back in Washington (House just for three days), we are starting to see a normal committee schedule with fewer organizational hearings. This includes a markup hearing and an oversight planning hearing in the House of potential interest here. Energy Markup On Tuesday, the Subcommittee on Energy, Climate, and Gri...
It is quite extraordinary to think someone who was charged with murdercan get a security clearance, but occasionally I run across an appealscase involving just that. In this particular case, the applicant, whois now 33 years old, was charged with murder and concealing the deathof another when she was 20
Ammonia Body to Host Webinar Examining Marine Ecosystem Impact. ShipAndBunker.com article. Pull quote: Ammonia is widely expected to take up a significant share of the marine energy mix in future decades as the shipping industry works to eliminate its GHG emissions. But for now shipowners remain wary of its toxicity and the potential impact on ship...
Yesterday, CISA sent out an email to registered recipient (register here) on the latest version of the Chemical Security Quarterly. These periodic (mostly quarterly) updates look at chemical security issues including, the CFATS and ChemLock programs, as well as cybersecurity issues related to the same. The CFATS Knowledge Center used to post these ...
Kubernetes relies on Linux containers and cgroups, so you can't run Kubernetes or even docker containers directly on OpenBSD, but Alpine Linux runs great under OpenBSD's VMM hypervisor. Alpine shares a lot of the same ideologies as OpenBSD, and it has become a favorite in the Linux container ecosystem. Caveat EmptorThis is not a good project for so...
Yesterday, with the House meeting in pro forma session, there were 57 bills introduced. Two of those bills may receive additional attention in this blog: HR 1160 To direct the Secretary of Energy to promulgate regulations to facilitate the timely submission of notifications regarding cybersecurity incidents and potential cybersecurity incidents wi...
This week the Congressional Research Service published a report on East Palestine, OH, Train Derailment and Hazardous Materials Shipment by Rail: Frequently Asked Questions. This report focuses on the federal safety standards, voluntary industry guidelines, railroad operating practices that may be considered in understanding how and why this derail...
This week we have 30 vendor disclosures from Aruba Networks, Cisco, GE Grid Solutions (19), Generex, GigaVUE, HP, HPE, Prosys OPC, Sick, VMware (2), and Zyxel. We have four vendor updates from HPE (3), and Software Toolbox. We also have six researcher reports for products from EIP Stack Group (3), Fortinet, Netmodule, and ODA. Finally, we have an e...
Dole production plants crippled by ransomware, stores run short. TheRegister.com article. No mention of control systems being affected. Pull quote: "The Dole attack is the perfect example of how ransomware can put organizations in a pressure cooker," Miller said. "If they are locked out of their systems, they can't fulfill customer orders, they're ...
As part of the revision of the CISA web site that I briefly discussed yesterday, CISA has revamped, again, the Industrial Control System Security portion of their site. Gone are all mentions of the old US-CERT and ICS-CERT, even from the URLs. This later change has been in the works for quite some time, with multiple changes in the past leading to ...
Most young men are single. Most young women are not. TheHill.com article. Pull quote: Social circles have been shrinking for men and women, especially since the pandemic, but men struggle more. Thirty years ago, 55 percent of men reported having six or more close friends. By 2021, that share had slipped to 27 percent. A Norfolk Southern Policy Let...
CISA has done an extensive update of their web site. There are new web site links, changes in format, and almost certainly changes in information. Major changes of interest to this web site include the following new pages: Industrial Control Systems, Coordinated Vulnerability Disclosure Program, Chemical Facility Anti-Terrorism Standards (CFATS...
Today, CISAs NCCIC-ICS published a control system security advisory for products from PTC. They also updated advisories for products from Moxa and BD. Advisories PTC Advisory - This advisory describes two vulnerabilities in the PTC ThingWorx Edge. NOTE: NCCIC-ICS reports that products from Rockwell Automation and GE Digital are affected by thes...
Posted by Eugene Liderman, Director of Mobile Security Strategy, Google As Mobile World Congress approaches, we have the opportunity to have deep and meaningful conversations across the industry about the present and future of connected device security. Ahead of the event, we wanted to take a moment to recognize and share additional details on the...
Posted by Sarah Jacobus, Vulnerability Rewards Team It has been another incredible year for the Vulnerability Reward Programs (VRPs) at Google! Working with security researchers throughout 2022, we have been able to identify and fix over 2,900 security issues and continue to make our products more secure for our users around the world. We are th...
Last month, Rep Jackson-Lee (D,TX) introduced HR 275, the First Responder Identification of Emergency Needs in Disaster Situations (FRIENDS) Act. The bill would require GAO to conduct a study on the circumstances which may impact the effectiveness and availability of first responders before, during, or after a terrorist threat or event. No funds ar...
Yesterday, with both the House and Senate meeting in pro forma session, there were 55 bills introduced. Three of those bills may receive additional coverage in this blog: HR 1123 To direct the Assistant Secretary of Commerce for Communications and Information to submit to Congress a report examining the cybersecurity of mobile service networks, an...
Florida's climate exodus has already begun and it's only going to get worse. BusinessInsider.com article. Pull quote: The storm [Hurricane Irma] had scared many people off, but it had also destroyed a quarter of the Keys's housing stock, which drove up prices for the homes that survived. In the meantime, the Faasts saw their friends start to leave...
- Welcome!
- SecurityCentric aggregates blogs for the Security industry.
- Custom Feeds
- Add any RSS feed to the information you read daily.
- Blocked Feeds
- Block feeds to remove blogs you’re not interested in.
- Account Settings
- Customize the site by adding or removing feeds.
Don’t have an account yet?
- Customize your settings
- Edit how your blog displays
- Add or remove blogs you read. Sign Up.
About Us
SecurityCentric is your source for all your Security news.
Have a Suggestion for Us?
|
Know of a Security blog that we're missing? Let us know!
|
Share SecurityCentric.com
| 
