SecurityCentric is your source for Blog Aggregation in the Security industry

Achieving continuous compliance with Tripwires Security Configuration Manager

 Mark As Read    

Security and compliance are often tightly intertwined. The main difference is that sometimes security can outpace compliance efforts. While it is easy to infer that a more secure system exceeds a compliance requirement, an auditor should not be expected to deduce the state of a system; the evidence needs to be clear. There are many factors that can...

Short Takes 3-18-24

 Mark As Read    

Iceland Volcano Erupts in Plumes of Fire With Little Notice. NYTimes.com article. Pull quote: Lava fountains burst out of the ground, and a nearly two-mile-long fissure opened up on the Reykjanes Peninsula around 8:30 p.m., the Icelandic Meteorological Office said. The eruption occurred near the town of Grindavik, the Svartsengi Power Plant and the...

Top 10 AI Retail Solutions Transforming the Industry

 Mark As Read    

Discover the top AI retail solutions that have been revolutionizing the industry with enhanced efficiency, personalization and customer experience. The post Top 10 AI Retail Solutions Transforming the Industry appeared first on eWEEK.

Requirements for Special Access Programs

 Mark As Read    

Special Access Programs (SAP) are established to protect national security by employing enhanced security measures to strictly enforce need-to-know and have access requirements that exceed those normally required for information at the same classification level. SAPs can be classified at all clearance levels but are heavily restricted when it comes

Review S 3792 Introduced Technology Workforce

 Mark As Read    

Last month, Sen Peters introduced S 3792, the Technology Workforce Framework Act of 2024. The bill would add development of workforce frameworks to the description of duties for NIST as well as updating the NICE Workforce Development for Cybersecurity and requiring the development of a new workforce framework for artificial intelligence. No new fun...

VA Adopts CISAs Software Attestation Form

 Mark As Read    

On Friday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a request for common form (RCF) use from the Veterans Administration for Secure Software Self-Attestation Common Form. This CISA sponsored form was approved last week. Agencies wanting to use the form now must submit a request to OIRA (pg 90) to u...

Firmware Monitoring is Just a Snapshot Away

 Mark As Read    

Any time the television news presents a story about cybersecurity, there is always a video of a large data center with thousands of blinking lights. Even most cybersecurity blogs will include an image of many lights on the front panels of servers, routers, and other hardware. However, most people dont notice that the lights are usually green or som...

Federated Learning for Cybersecurity: Collaborative Intelligence for Threat Detection

 Mark As Read    

The demand for innovative threat detection and intelligence approaches is more pressing than ever. One such paradigm-shifting technology gaining prominence is Federated Learning (FL). This emerging concept harnesses the power of collaborative intelligence, allowing disparate entities to pool their insights without compromising sensitive data. A rep...

Short Takes 3-16-24

 Mark As Read    

Houthis Threaten to Target Merchant Ships in Indian Ocean. News.USNI.org article. Pull quote: Their weapons can go at least 650 kilometers, while the drones can go up to 2,000, Ben Taleblu said. But they cannot hit ships that are going around the Cape of Good Hope. The first test of a magnetic levitation train on an existing track. TheNextWeb.com ...

Review Public ICS Disclosures Week of 2-9-24 Part 2

 Mark As Read    

For Part 2 we have four additional vendor disclosures from Schneider, Softing, WAGO, and Western Digital. We also have 17 vendor updates from Dell, HP (5), and Siemens (11). There is a researcher report about vulnerabilities in products from FortiGuard. Finally, we have five exploits for products from FortiGuard, Hitachi, Honeywell, Solar View, and...

Chemical Incident Reporting Week of 3-2-24

 Mark As Read    

NOTE: See here for series background. Bath, NY 3-11-24 Local news reports: Here, here, here and here. Three-alarm fire at manufacturing facility. No injuries were reported. Building destroyed. Google satellite view does not show any external chemical storage tanks, but there were almost certainly chemicals (drums and totebins) in the building,...

CRS Reports Week of 3-9-24 Change Healthcare

 Mark As Read    

This week the Congressional Research Service (CRS) published a report on The Change Healthcare Cyberattack and Response Considerations for Policymakers. The report provides a brief look at the BlackCat ransomware attack on Change Healthcare and the wide spread consequences of that attack. It concludes by introducing a new term to cybersecurity cons...

Transportation Chemical Incidents Week of 3-5-24

 Mark As Read    

Reporting Background See this post for explanation. Data from PHMSAs online database of transportation related chemical incidents that have been reported to the agency. Incidents Summary Number of incidents 137 (127 highway, 6 air, 4 rail)Serious incidents 2 (2 Bulk release, 0 injuries, 0 deaths, 0 major artery closed)Largest container involv...

Review Public ICS Disclosures Week of 2-9-24 Part 1

 Mark As Read    

This week we have 25 vendor disclosures from Bosch (2), FortiGuard (3), Fujitsu, GE Vernova, Hitachi (6), Honeywell, HP (4), Insyde, Korenix, Palo Alto Networks (3), Philips, and Phoenix Contact. Advisories Bosch Advisory #1 - Bosch published an advisory that discusses seven vulnerabilities in multiple Bosch products. Bosch Advisory #2 - Bosch p...

Short Takes 3-15-24

 Mark As Read    

Caffeine makes fuel cells more efficient, cuts cost of energy storage. TheRegister.com article. Pull quote: If you are wondering (as we were) how they came to be experimenting with this, the paper explains that modifying electrodes with hydrophobic material is known to be an effective method for enhancing ORR. Caffeine is less toxic than other hydr...

Review - S 3758 Introduced DETECT Act

 Mark As Read    

Last month, Sen Warner (D,VA) introduced S 3758, the Drone Evaluation To Eliminate Cyber Threats (DETECT) Act. The bill would require NIST to establish guidelines for federal agencies for managing cybersecurity risks associated with unmanned aircraft systems (UAS) operated by those agencies. It would also require OMB to publish guidance for vulnera...

8 Top AI Healthcare Software in 2024

 Mark As Read    

Need top healthcare AI software for 2024? Discover leading solutions enhancing care. The post 8 Top AI Healthcare Software in 2024 appeared first on eWEEK.

Security - RSS Feeds 12 days ago

Bills Introduced 3-14-24

 Mark As Read    

Yesterday, with just the Senate in session, there were 37 bills introduced. Two of those bills will receive additional coverage here: S 3943 A bill to require a plan to improve the cybersecurity and telecommunications of the U.S. Academic Research Fleet, and for other purposes. Padilla, Alex [Sen.-D-CA] S 3959 A bill to require the Transportatio...

Short Takes 3-14-24

 Mark As Read    

NASA Engineers Make Progress Toward Understanding Voyager 1 Issue. Blogs.NASA.gov blog post. Pull quote: Because Voyager 1 is more than 15 billion miles (24 billion kilometers) from Earth, it takes 22.5 hours for a radio signal to reach the spacecraft and another 22.5 hours for the probes response to reach antennas on the ground. So the team receiv...

Review 14 Advisories and 1 Update Published 3-14-24

 Mark As Read    

Today, CISAs NCCIC-ICS published fourteen control system security advisories for products from Mitsubishi Electric, Softing, Delta Electronics, and Siemens (11). They also updated an advisory for products from Mitsubishi.AdvisoriesMitsubishi Advisory - This advisory describes five vulnerabilities in the Mitsubishi MELSEC-Q/L Series products.Softing...

Review - HR 7223 Introduced Felons and TWIC

 Mark As Read    

Last month, Rep Carter (D,LA) introduced HR 7223, a bill requiring TSA to develop guidelines to improve returning [from incarceration] citizens access to the TWIC program. No new funding is authorized by the bill. Moving Forward Carter, and all three of his cosponsors {Rep Higgins (R,LA), Rep Thompson (D,MS), and Rep Goldman (D,NY)} are members o...

20 Top Generative AI Companies Leading In 2024

 Mark As Read    

Generative AI companies are popping up everywhere and quickly. They range from established companies adding generative AI to their software products to new generative AI startups. As generative AI rapidly develops, it can be difficult to distinguish between the leading generative AI companies and the hundreds of others that are beginning to tap int...

Security - RSS Feeds 13 days ago

Real-time, privacy-preserving URL protection

 Mark As Read    

Posted by Jasika Bawa, Xinghui Lu, Google Chrome Security & Jonathan Li, Alex Wozniak, Google Safe Browsing For more than 15 years, Google Safe Browsing has been protecting users from phishing, malware, unwanted software and more, by identifying and warning users about potentially abusive sites on more than 5 billion devices around the world....

LockBit affiliate jailed for almost four years after guilty plea

 Mark As Read    

An affiliate of the LockBit ransomware gang has been sentenced to almost four years in jail after earlier pleading guilty to charges of cyber extortion and weapons charges. 34-year-old Mikhail Vasiliev, who has dual Russian and Canadian nationality, was arrested in 2022 as part of a multinational law enforcement investigation into LockBit that star...

Bills Introduced 3-13-24

 Mark As Read    

Yesterday, with just the House in session there were 44 bills introduced. Of those bills, there were two that may receive additional coverage in this blog: HR 7655 To amend title 49, United States Code, to improve the safety of pipeline transportation, and for other purposes. Duncan, Jeff [Rep.-R-SC-3] HR 7659 To authorize and amend authorities, ...

Short Takes 3-13-24

 Mark As Read    

Surface Forces: Unmanned LUSV Ships at Sea. StrategyPage.com article. Pull quote: It is possible that by 2040 over 50 percent of all commercial shipping will be fully autonomous, making the LUSV market at that time worth roughly $65 billion a year. This represents a significant opportunity to expand smaller shipyards, providing a commercial export ...

ThousandEyes Report: Top Cloud Outages of 2023

 Mark As Read    

A year in review: Major cloud outages of 2023 and the lessons learned for better digital infrastructure. The post ThousandEyes Report: Top Cloud Outages of 2023 appeared first on eWEEK.

Security - RSS Feeds 14 days ago

Review - PHMSA Publishes Latest Additions to FAQ List HAZMAT Training

 Mark As Read    

Today, the DOTs Pipeline and Hazardous Materials Safety Administration (PHMSA) published a notice I the Federal Register (89 FR 18479-18482) listing the latest additions to their list of frequently asked questions (FAQ). Back in March of 2022, PHMSA began the process of converting existing Letters of Interpretation (LOI) into frequently asked quest...

Short Takes 3-13-24 Space Geek Edition

 Mark As Read    

Lumen Orbit emerges from stealth and raises $2.4M to put data centers in space. GeekWire.com article. Pull quote: Lumen Spaces founders arent the only ones aiming to put data centers in orbit: ASCEND, a project funded by the European Union, has been looking into the feasibility of creating a fleet of space-based data centers, with Thales Alenia Spa...

The 10 Most Common Website Security Attacks (and How to Protect Yourself)

 Mark As Read    

According to the Verizon 2023 Data Breach Investigations Report , Basic Web Application Attacks accounted for nearly one-fourth of the entire breach data set. Although not the most sophisticated threats in the bunch, common web attacks like credential stuffing and SQL injection attacks continue to wreak havoc on the cybersecurity landscape, just li...

The Importance of Host-Based Intrusion Detection Systems

 Mark As Read    

What Is a Host-Based Intrusion Detection System (HIDS)? A host-based intrusion detection system, or HIDS , is a network application that monitors suspicious and malicious behavior, both internally and externally. The HIDS job is to flag any unusual patterns of behavior that could signify a breach. By bringing this activity to the teams attention, t...

Short Takes 3-12-24

 Mark As Read    

Damage a Distillation Column. LinkedIn discussion. Pull quote: Actually so far I havent found that many process equipment inherently secure against cyber attack. Attackers require very specific knowledge of the local system, and it depends on the type of production process, but once a threat actor gains access into the automation system also disti...

EPA Accidental Release Rule and CFATS

 Mark As Read    

When I first started scanning through the final rule that the EPA published on Monday on Accidental Release Prevention Requirements two items caught my attention in the List of Abbreviations and Acronyms: CFATS and CVI. Given my interest in chemical security issues, I had to investigate. Both terms were used multiple times in the discussion about ...

12 Best AI Productivity Tools 2024

 Mark As Read    

Discover the top AI productivity tools to streamline workflows, boost efficiency, and optimize your tasks with cutting-edge AI technology. The post 12 Best AI Productivity Tools 2024 appeared first on eWEEK.

Security - RSS Feeds 15 days ago

VERT Threat Alert: March 2024 Patch Tuesday Analysis

 Mark As Read    

Todays VERT Alert addresses Microsofts March 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the March Patch Tuesday release. CVE Breakdown by Tag While historica...

Review 1 Advisory Published 3-12-24

 Mark As Read    

Today, CISAs NCCIC-ICS published one control system security advisory for products from Schneider Electric. Schneider published two other new advisories today (in addition to this one) and four updates. I will be covering those this weekend. Advisories Schneider Advisory - This advisory describes a deserialization of untrusted data vulnerability ...

Vulnerability Reward Program: 2023 Year in Review

 Mark As Read    

Posted by Sarah Jacobus, Vulnerability Rewards Team Last year, we again witnessed the power of community-driven security efforts as researchers from around the world contributed to help us identify and address thousands of vulnerabilities in our products and services. Working with our dedicated bug hunter community, we awarded $10 million to our ...

Covering Up Friends Death Due to an Overdose Results in Clearance Denial

 Mark As Read    

Having been in the military myself many years ago, it always astounds me when I read about military personnel who blatantlyuse drugswhile in the service, even though they know it is not allowed. I guess with easy access to a variety of drugs, especially overseas, the temptation is too much

OMB Approves CISA Software Attestation ICR

 Mark As Read    

Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved an information collection request (ICR) from CISA on Secure Software Self-Attestation Common Form. This form was developed by CISA in coordination with the Office of Management and Budget to meet the secure software development attestation require...

Bills Introduced 3-11-24

 Mark As Read    

Yesterday, with both the House and Senate in session, there were 26 bills introduced. None of the bills introduced will receive additional coverage in this blog, but there are two bills that I would like to mention in passing: HR 7610 To amend the Homeland Security Act of 2002 to clarify that utility line technicians qualify as emergency response ...

Reducing Cyber Risks with Security Configuration Management

 Mark As Read    

Protecting sensitive data and other assets requires an organization to be adaptable and stay informed on things like the digital landscape and threat trends. While some aspects of security are within an organizations control, it can be extremely difficult to manage all of the risks and vulnerabilities that are likely to arise. Security configuratio...

Short Takes 3-11-24

 Mark As Read    

Learn to Say No. SCADAMag.Infracritical.com article. Another practical security type from Jake Brodsky. Pull quote: Tell them to pound sand and do it in such a way that they wont come back until theyre willing to understand your concerns as well. And by the way, this especially goes for people who are pushing technological solutions to problems you...

Review - EPA Publishes Accidental Spill Prevention Final Rule

 Mark As Read    

Today, the EPA (finally) published a final rule in the Federal Register (89 FR 17622-17692) on Accidental Release Prevention Requirements: Risk Management Programs Under the Clean Air Act; Safer Communities by Chemical Accident Prevention. The notice of proposed rulemaking (NPRM) was published on August 31st, 2022. The regulations will be effective...

Transportation Chemical Incidents Week of 2-27-24

 Mark As Read    

Reporting Background See this post for explanation. Data from PHMSAs online database of transportation related chemical incidents that have been reported to the agency. NOTE: The database was under maintenance this weekend so this is the first chance I have had to get last weeks report done. Incidents Summary Number of incidents 75 (70 highwa...

Cybersecurity in the Age of AI: Exploring AI-Generated Cyber Attacks

 Mark As Read    

Historically, cyber-attacks were labor-intensive, meticulously planned, and needed extensive manual research. However, with the advent of AI , threat actors have harnessed their capabilities to orchestrate attacks with exceptional efficiency and potency. This technological shift enables them to execute more sophisticated, harder-to-detect attacks a...

FAR sends Supply Chain Software Security NPRM to OMB

 Mark As Read    

On Thursday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking (NPRM) from FAR on Federal Acquisition Regulation (FAR); FAR Case 2023-002, Supply Chain Software Security. According to the Fall 2023 Unified Agenda entry for this rulemaking: This rule will require suppliers ...

Chemical Incident Reporting Week of 3-2-24

 Mark As Read    

NOTE: See here for series background. Clinton Township, MI 3-4-24 Local news reports: Here, here, and here. A warehouse fire with multiple small flammable-gas cylinders, cylinders exploded during fire. Multiple injuries and one dead. CSB reportable. Buffalo, NY 3-4-24 Local news reports: Here, here, and here. Fire in external pipe rack at ...

GAO Reports Week of 3-2-24 CISA and OT Cybersecurity

 Mark As Read    

This week the Government Accountability Office (GAO) published a report on Cybersecurity: Improvements Needed in Addressing Risks to Operational Technology. This report outlines actions taken by CISA to support critical infrastructure organizations and sector risk management agencies in securing operational technology. The 70-page report concludes...

Review Public ICS Disclosures Week of 3-2-24

 Mark As Read    

This week we have 12 vendor disclosures from Aruba Networks, Commend, Moxa, Omron, QNAP (5), SEL, VMware (2), and Western Digital. There are four vendor updates from Cisco and HP (3). We also have three researcher reports of vulnerabilities for products from Lenovo. Finally, we have five exploits for Petrol Pump (3), RAD, and Solar-Log. Advisories...

Security
Welcome!
SecurityCentric aggregates blogs for the Security industry.
Custom Feeds
Add any RSS feed to the information you read daily.
Blocked Feeds
Block feeds to remove blogs you’re not interested in.
Account Settings
Customize the site by adding or removing feeds.

About Us

SecurityCentric is your source for all your Security news.

Have a Suggestion for Us?
Know of a Security blog that we're missing? Let us know!

Share SecurityCentric.com