Achieving continuous compliance with Tripwires Security Configuration Manager | Mark As Read |
Security and compliance are often tightly intertwined. The main difference is that sometimes security can outpace compliance efforts. While it is easy to infer that a more secure system exceeds a compliance requirement, an auditor should not be expected to deduce the state of a system; the evidence needs to be clear. There are many factors that can...
Short Takes 3-18-24 | Mark As Read |
Iceland Volcano Erupts in Plumes of Fire With Little Notice. NYTimes.com article. Pull quote: Lava fountains burst out of the ground, and a nearly two-mile-long fissure opened up on the Reykjanes Peninsula around 8:30 p.m., the Icelandic Meteorological Office said. The eruption occurred near the town of Grindavik, the Svartsengi Power Plant and the...
Top 10 AI Retail Solutions Transforming the Industry | Mark As Read |
Discover the top AI retail solutions that have been revolutionizing the industry with enhanced efficiency, personalization and customer experience. The post Top 10 AI Retail Solutions Transforming the Industry appeared first on eWEEK.
Requirements for Special Access Programs | Mark As Read |
Special Access Programs (SAP) are established to protect national security by employing enhanced security measures to strictly enforce need-to-know and have access requirements that exceed those normally required for information at the same classification level. SAPs can be classified at all clearance levels but are heavily restricted when it comes
Review S 3792 Introduced Technology Workforce | Mark As Read |
Last month, Sen Peters introduced S 3792, the Technology Workforce Framework Act of 2024. The bill would add development of workforce frameworks to the description of duties for NIST as well as updating the NICE Workforce Development for Cybersecurity and requiring the development of a new workforce framework for artificial intelligence. No new fun...
VA Adopts CISAs Software Attestation Form | Mark As Read |
On Friday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a request for common form (RCF) use from the Veterans Administration for Secure Software Self-Attestation Common Form. This CISA sponsored form was approved last week. Agencies wanting to use the form now must submit a request to OIRA (pg 90) to u...
Firmware Monitoring is Just a Snapshot Away | Mark As Read |
Any time the television news presents a story about cybersecurity, there is always a video of a large data center with thousands of blinking lights. Even most cybersecurity blogs will include an image of many lights on the front panels of servers, routers, and other hardware. However, most people dont notice that the lights are usually green or som...
Federated Learning for Cybersecurity: Collaborative Intelligence for Threat Detection | Mark As Read |
The demand for innovative threat detection and intelligence approaches is more pressing than ever. One such paradigm-shifting technology gaining prominence is Federated Learning (FL). This emerging concept harnesses the power of collaborative intelligence, allowing disparate entities to pool their insights without compromising sensitive data. A rep...
Short Takes 3-16-24 | Mark As Read |
Houthis Threaten to Target Merchant Ships in Indian Ocean. News.USNI.org article. Pull quote: Their weapons can go at least 650 kilometers, while the drones can go up to 2,000, Ben Taleblu said. But they cannot hit ships that are going around the Cape of Good Hope. The first test of a magnetic levitation train on an existing track. TheNextWeb.com ...
Review Public ICS Disclosures Week of 2-9-24 Part 2 | Mark As Read |
For Part 2 we have four additional vendor disclosures from Schneider, Softing, WAGO, and Western Digital. We also have 17 vendor updates from Dell, HP (5), and Siemens (11). There is a researcher report about vulnerabilities in products from FortiGuard. Finally, we have five exploits for products from FortiGuard, Hitachi, Honeywell, Solar View, and...
Chemical Incident Reporting Week of 3-2-24 | Mark As Read |
NOTE: See here for series background. Bath, NY 3-11-24 Local news reports: Here, here, here and here. Three-alarm fire at manufacturing facility. No injuries were reported. Building destroyed. Google satellite view does not show any external chemical storage tanks, but there were almost certainly chemicals (drums and totebins) in the building,...
CRS Reports Week of 3-9-24 Change Healthcare | Mark As Read |
This week the Congressional Research Service (CRS) published a report on The Change Healthcare Cyberattack and Response Considerations for Policymakers. The report provides a brief look at the BlackCat ransomware attack on Change Healthcare and the wide spread consequences of that attack. It concludes by introducing a new term to cybersecurity cons...
Transportation Chemical Incidents Week of 3-5-24 | Mark As Read |
Reporting Background See this post for explanation. Data from PHMSAs online database of transportation related chemical incidents that have been reported to the agency. Incidents Summary Number of incidents 137 (127 highway, 6 air, 4 rail)Serious incidents 2 (2 Bulk release, 0 injuries, 0 deaths, 0 major artery closed)Largest container involv...
Review Public ICS Disclosures Week of 2-9-24 Part 1 | Mark As Read |
This week we have 25 vendor disclosures from Bosch (2), FortiGuard (3), Fujitsu, GE Vernova, Hitachi (6), Honeywell, HP (4), Insyde, Korenix, Palo Alto Networks (3), Philips, and Phoenix Contact. Advisories Bosch Advisory #1 - Bosch published an advisory that discusses seven vulnerabilities in multiple Bosch products. Bosch Advisory #2 - Bosch p...
Short Takes 3-15-24 | Mark As Read |
Caffeine makes fuel cells more efficient, cuts cost of energy storage. TheRegister.com article. Pull quote: If you are wondering (as we were) how they came to be experimenting with this, the paper explains that modifying electrodes with hydrophobic material is known to be an effective method for enhancing ORR. Caffeine is less toxic than other hydr...
Review - S 3758 Introduced DETECT Act | Mark As Read |
Last month, Sen Warner (D,VA) introduced S 3758, the Drone Evaluation To Eliminate Cyber Threats (DETECT) Act. The bill would require NIST to establish guidelines for federal agencies for managing cybersecurity risks associated with unmanned aircraft systems (UAS) operated by those agencies. It would also require OMB to publish guidance for vulnera...
8 Top AI Healthcare Software in 2024 | Mark As Read |
Need top healthcare AI software for 2024? Discover leading solutions enhancing care. The post 8 Top AI Healthcare Software in 2024 appeared first on eWEEK.
Bills Introduced 3-14-24 | Mark As Read |
Yesterday, with just the Senate in session, there were 37 bills introduced. Two of those bills will receive additional coverage here: S 3943 A bill to require a plan to improve the cybersecurity and telecommunications of the U.S. Academic Research Fleet, and for other purposes. Padilla, Alex [Sen.-D-CA] S 3959 A bill to require the Transportatio...
Short Takes 3-14-24 | Mark As Read |
NASA Engineers Make Progress Toward Understanding Voyager 1 Issue. Blogs.NASA.gov blog post. Pull quote: Because Voyager 1 is more than 15 billion miles (24 billion kilometers) from Earth, it takes 22.5 hours for a radio signal to reach the spacecraft and another 22.5 hours for the probes response to reach antennas on the ground. So the team receiv...
Review 14 Advisories and 1 Update Published 3-14-24 | Mark As Read |
Today, CISAs NCCIC-ICS published fourteen control system security advisories for products from Mitsubishi Electric, Softing, Delta Electronics, and Siemens (11). They also updated an advisory for products from Mitsubishi.AdvisoriesMitsubishi Advisory - This advisory describes five vulnerabilities in the Mitsubishi MELSEC-Q/L Series products.Softing...
Review - HR 7223 Introduced Felons and TWIC | Mark As Read |
Last month, Rep Carter (D,LA) introduced HR 7223, a bill requiring TSA to develop guidelines to improve returning [from incarceration] citizens access to the TWIC program. No new funding is authorized by the bill. Moving Forward Carter, and all three of his cosponsors {Rep Higgins (R,LA), Rep Thompson (D,MS), and Rep Goldman (D,NY)} are members o...
20 Top Generative AI Companies Leading In 2024 | Mark As Read |
Generative AI companies are popping up everywhere and quickly. They range from established companies adding generative AI to their software products to new generative AI startups. As generative AI rapidly develops, it can be difficult to distinguish between the leading generative AI companies and the hundreds of others that are beginning to tap int...
Real-time, privacy-preserving URL protection | Mark As Read |
Posted by Jasika Bawa, Xinghui Lu, Google Chrome Security & Jonathan Li, Alex Wozniak, Google Safe Browsing For more than 15 years, Google Safe Browsing has been protecting users from phishing, malware, unwanted software and more, by identifying and warning users about potentially abusive sites on more than 5 billion devices around the world....
LockBit affiliate jailed for almost four years after guilty plea | Mark As Read |
An affiliate of the LockBit ransomware gang has been sentenced to almost four years in jail after earlier pleading guilty to charges of cyber extortion and weapons charges. 34-year-old Mikhail Vasiliev, who has dual Russian and Canadian nationality, was arrested in 2022 as part of a multinational law enforcement investigation into LockBit that star...
Bills Introduced 3-13-24 | Mark As Read |
Yesterday, with just the House in session there were 44 bills introduced. Of those bills, there were two that may receive additional coverage in this blog: HR 7655 To amend title 49, United States Code, to improve the safety of pipeline transportation, and for other purposes. Duncan, Jeff [Rep.-R-SC-3] HR 7659 To authorize and amend authorities, ...
Short Takes 3-13-24 | Mark As Read |
Surface Forces: Unmanned LUSV Ships at Sea. StrategyPage.com article. Pull quote: It is possible that by 2040 over 50 percent of all commercial shipping will be fully autonomous, making the LUSV market at that time worth roughly $65 billion a year. This represents a significant opportunity to expand smaller shipyards, providing a commercial export ...
ThousandEyes Report: Top Cloud Outages of 2023 | Mark As Read |
A year in review: Major cloud outages of 2023 and the lessons learned for better digital infrastructure. The post ThousandEyes Report: Top Cloud Outages of 2023 appeared first on eWEEK.
Review - PHMSA Publishes Latest Additions to FAQ List HAZMAT Training | Mark As Read |
Today, the DOTs Pipeline and Hazardous Materials Safety Administration (PHMSA) published a notice I the Federal Register (89 FR 18479-18482) listing the latest additions to their list of frequently asked questions (FAQ). Back in March of 2022, PHMSA began the process of converting existing Letters of Interpretation (LOI) into frequently asked quest...
Short Takes 3-13-24 Space Geek Edition | Mark As Read |
Lumen Orbit emerges from stealth and raises $2.4M to put data centers in space. GeekWire.com article. Pull quote: Lumen Spaces founders arent the only ones aiming to put data centers in orbit: ASCEND, a project funded by the European Union, has been looking into the feasibility of creating a fleet of space-based data centers, with Thales Alenia Spa...
The 10 Most Common Website Security Attacks (and How to Protect Yourself) | Mark As Read |
According to the Verizon 2023 Data Breach Investigations Report , Basic Web Application Attacks accounted for nearly one-fourth of the entire breach data set. Although not the most sophisticated threats in the bunch, common web attacks like credential stuffing and SQL injection attacks continue to wreak havoc on the cybersecurity landscape, just li...
The Importance of Host-Based Intrusion Detection Systems | Mark As Read |
What Is a Host-Based Intrusion Detection System (HIDS)? A host-based intrusion detection system, or HIDS , is a network application that monitors suspicious and malicious behavior, both internally and externally. The HIDS job is to flag any unusual patterns of behavior that could signify a breach. By bringing this activity to the teams attention, t...
Short Takes 3-12-24 | Mark As Read |
Damage a Distillation Column. LinkedIn discussion. Pull quote: Actually so far I havent found that many process equipment inherently secure against cyber attack. Attackers require very specific knowledge of the local system, and it depends on the type of production process, but once a threat actor gains access into the automation system also disti...
EPA Accidental Release Rule and CFATS | Mark As Read |
When I first started scanning through the final rule that the EPA published on Monday on Accidental Release Prevention Requirements two items caught my attention in the List of Abbreviations and Acronyms: CFATS and CVI. Given my interest in chemical security issues, I had to investigate. Both terms were used multiple times in the discussion about ...
12 Best AI Productivity Tools 2024 | Mark As Read |
Discover the top AI productivity tools to streamline workflows, boost efficiency, and optimize your tasks with cutting-edge AI technology. The post 12 Best AI Productivity Tools 2024 appeared first on eWEEK.
VERT Threat Alert: March 2024 Patch Tuesday Analysis | Mark As Read |
Todays VERT Alert addresses Microsofts March 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the March Patch Tuesday release. CVE Breakdown by Tag While historica...
Review 1 Advisory Published 3-12-24 | Mark As Read |
Today, CISAs NCCIC-ICS published one control system security advisory for products from Schneider Electric. Schneider published two other new advisories today (in addition to this one) and four updates. I will be covering those this weekend. Advisories Schneider Advisory - This advisory describes a deserialization of untrusted data vulnerability ...
Vulnerability Reward Program: 2023 Year in Review | Mark As Read |
Posted by Sarah Jacobus, Vulnerability Rewards Team Last year, we again witnessed the power of community-driven security efforts as researchers from around the world contributed to help us identify and address thousands of vulnerabilities in our products and services. Working with our dedicated bug hunter community, we awarded $10 million to our ...
Covering Up Friends Death Due to an Overdose Results in Clearance Denial | Mark As Read |
Having been in the military myself many years ago, it always astounds me when I read about military personnel who blatantlyuse drugswhile in the service, even though they know it is not allowed. I guess with easy access to a variety of drugs, especially overseas, the temptation is too much
OMB Approves CISA Software Attestation ICR | Mark As Read |
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved an information collection request (ICR) from CISA on Secure Software Self-Attestation Common Form. This form was developed by CISA in coordination with the Office of Management and Budget to meet the secure software development attestation require...
Bills Introduced 3-11-24 | Mark As Read |
Yesterday, with both the House and Senate in session, there were 26 bills introduced. None of the bills introduced will receive additional coverage in this blog, but there are two bills that I would like to mention in passing: HR 7610 To amend the Homeland Security Act of 2002 to clarify that utility line technicians qualify as emergency response ...
Reducing Cyber Risks with Security Configuration Management | Mark As Read |
Protecting sensitive data and other assets requires an organization to be adaptable and stay informed on things like the digital landscape and threat trends. While some aspects of security are within an organizations control, it can be extremely difficult to manage all of the risks and vulnerabilities that are likely to arise. Security configuratio...
Short Takes 3-11-24 | Mark As Read |
Learn to Say No. SCADAMag.Infracritical.com article. Another practical security type from Jake Brodsky. Pull quote: Tell them to pound sand and do it in such a way that they wont come back until theyre willing to understand your concerns as well. And by the way, this especially goes for people who are pushing technological solutions to problems you...
Review - EPA Publishes Accidental Spill Prevention Final Rule | Mark As Read |
Today, the EPA (finally) published a final rule in the Federal Register (89 FR 17622-17692) on Accidental Release Prevention Requirements: Risk Management Programs Under the Clean Air Act; Safer Communities by Chemical Accident Prevention. The notice of proposed rulemaking (NPRM) was published on August 31st, 2022. The regulations will be effective...
Transportation Chemical Incidents Week of 2-27-24 | Mark As Read |
Reporting Background See this post for explanation. Data from PHMSAs online database of transportation related chemical incidents that have been reported to the agency. NOTE: The database was under maintenance this weekend so this is the first chance I have had to get last weeks report done. Incidents Summary Number of incidents 75 (70 highwa...
Cybersecurity in the Age of AI: Exploring AI-Generated Cyber Attacks | Mark As Read |
Historically, cyber-attacks were labor-intensive, meticulously planned, and needed extensive manual research. However, with the advent of AI , threat actors have harnessed their capabilities to orchestrate attacks with exceptional efficiency and potency. This technological shift enables them to execute more sophisticated, harder-to-detect attacks a...
FAR sends Supply Chain Software Security NPRM to OMB | Mark As Read |
On Thursday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking (NPRM) from FAR on Federal Acquisition Regulation (FAR); FAR Case 2023-002, Supply Chain Software Security. According to the Fall 2023 Unified Agenda entry for this rulemaking: This rule will require suppliers ...
Chemical Incident Reporting Week of 3-2-24 | Mark As Read |
NOTE: See here for series background. Clinton Township, MI 3-4-24 Local news reports: Here, here, and here. A warehouse fire with multiple small flammable-gas cylinders, cylinders exploded during fire. Multiple injuries and one dead. CSB reportable. Buffalo, NY 3-4-24 Local news reports: Here, here, and here. Fire in external pipe rack at ...
GAO Reports Week of 3-2-24 CISA and OT Cybersecurity | Mark As Read |
This week the Government Accountability Office (GAO) published a report on Cybersecurity: Improvements Needed in Addressing Risks to Operational Technology. This report outlines actions taken by CISA to support critical infrastructure organizations and sector risk management agencies in securing operational technology. The 70-page report concludes...
Review Public ICS Disclosures Week of 3-2-24 | Mark As Read |
This week we have 12 vendor disclosures from Aruba Networks, Commend, Moxa, Omron, QNAP (5), SEL, VMware (2), and Western Digital. There are four vendor updates from Cisco and HP (3). We also have three researcher reports of vulnerabilities for products from Lenovo. Finally, we have five exploits for Petrol Pump (3), RAD, and Solar-Log. Advisories...
- Welcome!
- SecurityCentric aggregates blogs for the Security industry.
- Custom Feeds
- Add any RSS feed to the information you read daily.
- Blocked Feeds
- Block feeds to remove blogs you’re not interested in.
- Account Settings
- Customize the site by adding or removing feeds.
Don’t have an account yet?
- Customize your settings
- Edit how your blog displays
- Add or remove blogs you read. Sign Up.
About Us
SecurityCentric is your source for all your Security news.
Know of a Security blog that we're missing? Let us know! |