SecurityCentric is your source for Blog Aggregation in the Security industry
Today, CISAs NCCIC-ICS published two control system security advisories for products from Schweitzer Engineering Laboratories and Hitachi Energy. I also briefly discuss an update from NIST on their NVD problems. Advisories SEL Advisory - This advisory describes an inclusion of undocumented features vulnerability in the SEL 700 series relays. Hit...
Google has issued a security advisory to owners of its Android Pixel smartphones, warning that it has discovered someone has been targeting some devices to bypass their built-in security . What makes the reported attacks particularly interesting is that traditional cybercriminals may not be behind them, but rather "forensic companies" exploiting tw...
Today, the Coast Guard published a meeting notice in the Federal Register (89 FR 23601-23602) for a scheduled meeting of the National Maritime Security Advisory Committee (NMSAC). The meeting will be held on May 10th. The main item on the agenda for this meeting will be the presentation of a new task for NMSAC on Notice of Proposed Rulemaking on Cy...
Since January 13th, I have been trying to report on chemical transportation incident as reported to PHMSA on their Form 5800.1. I have not been able to access the PHMSA database every weekend due to PHMSAs work on the site during the weekend, so I have tried accessing it on Friday or Monday. After publishing my last weeks post, I noticed that my we...
Security and compliance a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together. As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reeses cup, a recent gap analysis that I was part of rem...
White House directs NASA to create time standard for the moon. Reuters.com article. Pull quote: Defining how to implement Coordinated Lunar Time will require international agreements, the memo said, through "existing standards bodies" and among the 36 nations that have signed a pact called the Artemis Accords involving how countries act in space an...
Tripwire's March 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google, and Apple. First on the patch priority list are patches for Windows Kernel and Multiple Apple products. These CVEs (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog....
In any organization, unrestricted access to systems and resources poses significant security risks. Recent cybersecurity events have shown that attackers will target any organization of any size. The most common attack vector is through unauthorized access to a legitimate account, often preceded by a phishing technique. To protect against unauthori...
Trash from the International Space Station may have hit a house in Florida. ArsTechnica.com article. Pull quote: If NASA confirms the projectile that fell through Otero's house last month came from the ISS, it would join a small handful of incidents when an object falling out of orbit damaged someone's property. What we know about the xz Utils bac...
Today, CISAs NCCIC-ICS published a control system security advisory for products from IOSIX. Advisories IOSIX Advisory - This advisory describes three vulnerabilities in the IOSIX IO-1020 Micro ELD, an electronic commercial-truck logging device. For more information on this advisory, including a down-the-rabbit-hole look at ELD vulnerability ...
On Tuesday, April 16th at 11 AM PST, eWeek will host its monthly #eWEEKChat. The topic will be Managing Multicloud Computing, and it will be moderated by James Maguire, eWEEKs Editor-in-Chief. In this TweetChat, we'll discuss the enormous upside of multicloud, and also cover the sometimes frustrating and expensive challenges of a multicloud deploym...
Thanks to Richard Rosera, a long time reader and CSB commentator, for pointing me at the recently published Performance and Accountability Report Fiscal Year 2023 from the Chemical Safety Board. According to the introductory material from CSB Chair Steve Owens: The information provided in this Performance and Accountability Report (PAR) offers fis...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had received a final rule from the Environmental Protection Agency (EPA) on Revisions to the Air Emission Reporting Requirements (AERR). The notice of proposed rulemaking on this action was published on August 9th, 2023. According to the Fall 2023 Unified Age...
On an ordinary day, you're casually surfing the web and downloading some PDF files. The document icons seem pretty legitimate, so you click without a second thought. But, to your surprise, nothing happens. A closer look reveals that what you believed to be a harmless PDF was, in fact, an executable file. Panic sets in as your settings lock up, and ...
The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) was published in 2014 for the purpose of providing cybersecurity guidance for organizations in critical infrastructure. In the intervening years, much has changed about the threat landscape, the kinds of technology that organizations use, and the ways that operati...
Rapid AI-backed advancements have let bad actors craft more sophisticated deepfakes and other sham content that could sway election results, she said. NextGov.com article. Pull quote: Having defamatory videos about you is no fun. I can tell you that. But having them in a way that you really cant make the distinction [where] you have no idea whethe...
Reporting Background See this post for explanation. Data from PHMSAs online database of transportation related chemical incidents that have been reported to the agency. Incidents Summary Number of incidents 300 (294 highway, 4 air, 2 rail) Serious incidents 2 (2 Bulk release, 1 injury, 0 deaths, 0 major artery closed) Largest container i...
Illegal drug use appeals are piling up at the Defense Office of Hearing and Appeals, mostly due to marijuana being legalized for recreational and medical use in more and more states. As noted by the Director of National Intelligence in a memorandum published in 2021, marijuana use in and of itself is not automatically
Today, the DOLs Occupational Health and Safety Administration (OSHA) published a final rule in the Federal Register (89 FR 22558-22601) on Worker Walkaround Representative Designation Process. This final rule was approved by OMB on March 21st, 2024. The notice of proposed rulemaking was published on August 30th, 2023. This rulemaking revises the OS...
Water systems short on cyber expertise, state and local officials tell EPA. StateScoop.com article. Pull quote: At the meeting, Neuberger asked states to share by May 20 cybersecurity plans that include information about how they are working with drinking water and wastewater systems to determine vulnerabilities. CISA Community Bulletin April 2024...
For Part 2 we have eight additional vendor disclosures from SEL, SonicDICOM, Splunk (4), Watchguard, and Wireshark. There are also five vendor updates from ELECOM, Hitachi Energy (3), and HP. We also have three researcher reports for vulnerabilities in products from Hikvision, Kunbus, and Uniview. Finally, we have two exploits for products from Del...
This week the Congressional Research Service (CRS) published a report on Baltimore Bridge Collapse: Frequently Asked Questions (FAQ). The report provides a brief factual look at the circumstances that surround the incident and its aftermath, but it does not directly address issues related to the cause of the accident. The FAQ questions addressed i...
This week we have 14 vendor disclosures from Aruba Networks, Dell, ELECOM (2), Hitachi (2), Hitachi Energy (3), HP, HPE (2), and Keyence (2). Advisories Aruba Advisory - Aruba published an advisory that describes a denial-of-service vulnerability in their wired switching products. Dell Advisory - Dell published an advisory that discusses nine vu...
Yesterday, with the House meeting in pro forma session, there were 25 bills introduced. One of those bills will receive additional attention in this blog: HJ Res 123 Providing for congressional disapproval under chapter 8 of title 5, United States Code, of the rule submitted by the Environmental Protection Agency relating to "Accidental Release Pr...
Homeland Securitys CWMD unit loses 10% of staff, faces continued attrition concerns. FederalNewsNetwork.com article. Pull quote: The end of CFATS authorization has, in my opinion, affected our chemical readiness with regard to identifying threats that would be in chemical facilities, Callahan said. CFATS and CWMD are siblings. And they work togethe...
Yesterday, a long-time reader asked me if I would be posting about CISAs Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) notice of proposed rulemaking (NPRM). The question was asked because the Federal Register had published the NPRM the day before on their Public Inspection page. While normally this page lists the next days Feder...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule from the Environmental Protection Agency for NSPS for the Synthetic Organic Chemical Manufacturing Industry and NESHAP for the Synthetic Organic Chemical Manufacturing Industry and Group I & II Polymers and Resins Industry. The fi...
Requests for Comments; Clearance of a Renewed Approval of Information Collection: Unmanned Aircraft Remote Identification Message Elements. Federal Register FAA 30-day ICR renewal notice. Summary: The collection involves electronic information that is broadcast directly from certain unmanned aircraft, specifically standard remote identification unm...
Artificial intelligence (AI) lead generation software automates and improves the process of finding and capturing potential leads for a business. These AI tools can analyze data from various sources, including websites, social media platforms, and customer databases, to create highly targeted lead lists. AI lead generative software can analyze cust...
Today the EPA published a final rule in the Federal Register (89 FR 21924-21967) on Clean Water Act Hazardous Substance Facility Response Plans. The final rule was approved by OMBs Office of Information and Regulatory Affairs (OIRA) on February 21st, 2024. The notice of proposed rulemaking was published on March 28th, 2022 (with additional coverage...
Tianhao Chi and Puneet Sood, Google Public DNSThe Domain Name System (DNS) is a fundamental protocol used on the Internet to translate human-readable domain names (e.g., www.example.com) into numeric IP addresses (e.g., 192.0.2.1) so that devices and servers can find and communicate with each other. When a user enters a domain name in their browser...
Last month, Rep Spanberger (D,VA) introduced HR 7447, the Strengthening Election Cybersecurity to Uphold Respect for Elections through Independent Testing (SECURE IT) Act. The bill would amend the Help America Vote Act of 2002, by adding to the existing election system certification system a requirement to conduct 3rd party penetration testing of s...
In the intricate landscape of cybersecurity, Digital Forensics and Incident Response (DFIR) stand as the sentinels guarding against the onslaught of digital threats. It involves a multifaceted approach to identifying, mitigating, and recovering from cybersecurity incidents . In the physical world, the aftermath of a crime scene always yields vital ...
Ill start this one with an apology Ive been watching a lot of the TV show The Bear (which Id highly recommend!) and thus been thinking a lot about kitchen processes and the challenges of making everything come together nicely (both in life and in a recipe). If you are unfamiliar with the show, it is a comedy-drama about a chef who manages his dece...
NY Republican says House could end up having a Speaker Hakeem Jeffries as GOP majority narrows. TheHill.com article. Pull quote: Former Rep. Brian Higgins (D-N.Y.) seat is also vacant and will be filled by a special election on April 30. With that seat likely going to a Democrat, the GOP could be left with just a two-seat margin during the month of...
Today, the Environmental Protection Agency (EPA) published a notice of proposed rulemaking in the Federal Register (89 FR 20918-20924) on Certain Existing Chemicals; Request To Submit Unpublished Health and Safety Data Under the Toxic Substances Control Act (TSCA). The NPRM would amend 40 CFR 716.21(a), by adding a new paragraph (11) containing 16 ...
AI collaboration tools revolutionize how teams can boost productivity, improve efficiency, and streamline communication. Check out our best picks. The post 10 Best AI Collaboration Tools 2024 appeared first on eWEEK.
Today, CISAs NCCIC-ICS published four control system security advisories for products from Rockwell Automation (3) and AutomationDirect. Advisories Rockwell Advisory #1 - This advisory describes a cross-site scripting vulnerability in the Rockwell FactoryTalk View ME HMI software application. Rockwell Advisory #2 - This advisory describes six vu...
Read about the ultimate face-off between Perplexity AI and ChatGPT. Explore their features, capabilities, and find out which AI reigns supreme. The post Perplexity AI vs. ChatGPT: AI App Comparison 2024 appeared first on eWEEK.
Posted by Eugene Rodionov and Ivan Lozano, Android Team With steady improvements to Android userspace and kernel security, we have noticed an increasing interest from security researchers directed towards lower level firmware. This area has traditionally received less scrutiny, but is critical to device security. We have previously discussed how ...
Today, Siemens published an out-of-band advisory for a missing write protection for parametric data values vulnerability in PROFINET products. For more information about this newly reported vulnerability, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/siemens-publishes-out-of-band-advi sory - subscription required.
Compare Azure Synapse and Databricks for your data needs. Explore features, performance, and use cases to make an informed decision. The post Azure Synapse vs. Databricks: Data Platform Comparison 2024 appeared first on eWEEK.
With $109.5 billion of growth expected between now and 2030, the global AI cybersecurity market is booming and it's not hard to see why. According to a recent survey of security professionals, three-quarters ( 75% ) have observed an increase in cyberattacks. Of these, the research found that an even greater proportion (an overwhelming 85%) blamed ...
What Is Browser Security? Browser security is a set of measures and processes intended to protect users and their data when using web browsers. This includes mechanisms to prevent unauthorized access, safeguard against malicious software and other browser security threats , and ways to protect the privacy of online activities. Essential components ...
Water Utility Cybersecurity, EPA & CISA, and You. SCADAMag.Infracritical.com article. Another important piece of cybersecurity commentary by Jake Brodsky. Pull quote: In addition, most small water utilities are well-water, not surface water. Well water quality is very consistent and does not usually change much. Surface water utilities, such as...
Today, DOTs Pipeline and Hazardous Materials Safety Administration (PHMSA) published a 60-day ICR revision notice in the Federal Register (89 FR 20751-20755) for Mitigation of Ruptures on Onshore Gas Transmission and Gathering, Hazardous Liquid, and Carbon Dioxide Pipeline Segments Using Rupture-Mitigation Valves or Alternative Equivalent Technolog...
Nemesis Market, a notorious corner of the darknet beloved by cybercriminals and drug dealers, has been suddenly shut down after German police seized control of its systems. Germany's Federal Criminal Police (known as the BKA) has announced that it has seized the infrastructure of Nemesis and taken down its website. At the same time, cryptocurrency ...
The Department of States (DoS)Bureau of Diplomatic Security(DS) was accused of discriminatory and biased practices when it came to granting security clearances due to its assignment restrictions policies. Last year, the DoS ended their restrictions policy that had allowed the DS to deny applicants a security clearance for foreign service
In an era characterized by relentless digital transformation and interconnectedness, cybersecurity has evolved into a complex and dynamic battleground. Businesses, governments, and individuals find themselves locked in a perpetual struggle against a relentless flood of evolving threats. From sophisticated cybercriminal syndicates to state-sponsored...
In our interconnected world, the real estate industry has embraced technology to revolutionize its operations, enhance customer experiences, and streamline business processes. Yet, while this technological evolution has brought immense benefits to the property sector, it has also attracted the attention of nefarious actors keen on exploiting vulner...
- Welcome!
- SecurityCentric aggregates blogs for the Security industry.
- Custom Feeds
- Add any RSS feed to the information you read daily.
- Blocked Feeds
- Block feeds to remove blogs you’re not interested in.
- Account Settings
- Customize the site by adding or removing feeds.
Don’t have an account yet?
- Customize your settings
- Edit how your blog displays
- Add or remove blogs you read. Sign Up.
About Us
SecurityCentric is your source for all your Security news.
Have a Suggestion for Us?
|
Know of a Security blog that we're missing? Let us know!
|
Share SecurityCentric.com
| 
