SecurityCentric is your source for Blog Aggregation in the Security industry
Yesterday, with just the Senate in session, there were 37 bills introduced. Two of those bills will receive additional coverage here: S 3943 A bill to require a plan to improve the cybersecurity and telecommunications of the U.S. Academic Research Fleet, and for other purposes. Padilla, Alex [Sen.-D-CA] S 3959 A bill to require the Transportatio...
NASA Engineers Make Progress Toward Understanding Voyager 1 Issue. Blogs.NASA.gov blog post. Pull quote: Because Voyager 1 is more than 15 billion miles (24 billion kilometers) from Earth, it takes 22.5 hours for a radio signal to reach the spacecraft and another 22.5 hours for the probes response to reach antennas on the ground. So the team receiv...
Today, CISAs NCCIC-ICS published fourteen control system security advisories for products from Mitsubishi Electric, Softing, Delta Electronics, and Siemens (11). They also updated an advisory for products from Mitsubishi.AdvisoriesMitsubishi Advisory - This advisory describes five vulnerabilities in the Mitsubishi MELSEC-Q/L Series products.Softing...
Last month, Rep Carter (D,LA) introduced HR 7223, a bill requiring TSA to develop guidelines to improve returning [from incarceration] citizens access to the TWIC program. No new funding is authorized by the bill. Moving Forward Carter, and all three of his cosponsors {Rep Higgins (R,LA), Rep Thompson (D,MS), and Rep Goldman (D,NY)} are members o...
Generative AI companies are popping up everywhere and quickly. They range from established companies adding generative AI to their software products to new generative AI startups. As generative AI rapidly develops, it can be difficult to distinguish between the leading generative AI companies and the hundreds of others that are beginning to tap int...
Posted by Jasika Bawa, Xinghui Lu, Google Chrome Security & Jonathan Li, Alex Wozniak, Google Safe Browsing For more than 15 years, Google Safe Browsing has been protecting users from phishing, malware, unwanted software and more, by identifying and warning users about potentially abusive sites on more than 5 billion devices around the world....
An affiliate of the LockBit ransomware gang has been sentenced to almost four years in jail after earlier pleading guilty to charges of cyber extortion and weapons charges. 34-year-old Mikhail Vasiliev, who has dual Russian and Canadian nationality, was arrested in 2022 as part of a multinational law enforcement investigation into LockBit that star...
Yesterday, with just the House in session there were 44 bills introduced. Of those bills, there were two that may receive additional coverage in this blog: HR 7655 To amend title 49, United States Code, to improve the safety of pipeline transportation, and for other purposes. Duncan, Jeff [Rep.-R-SC-3] HR 7659 To authorize and amend authorities, ...
Surface Forces: Unmanned LUSV Ships at Sea. StrategyPage.com article. Pull quote: It is possible that by 2040 over 50 percent of all commercial shipping will be fully autonomous, making the LUSV market at that time worth roughly $65 billion a year. This represents a significant opportunity to expand smaller shipyards, providing a commercial export ...
A year in review: Major cloud outages of 2023 and the lessons learned for better digital infrastructure. The post ThousandEyes Report: Top Cloud Outages of 2023 appeared first on eWEEK.
Today, the DOTs Pipeline and Hazardous Materials Safety Administration (PHMSA) published a notice I the Federal Register (89 FR 18479-18482) listing the latest additions to their list of frequently asked questions (FAQ). Back in March of 2022, PHMSA began the process of converting existing Letters of Interpretation (LOI) into frequently asked quest...
Lumen Orbit emerges from stealth and raises $2.4M to put data centers in space. GeekWire.com article. Pull quote: Lumen Spaces founders arent the only ones aiming to put data centers in orbit: ASCEND, a project funded by the European Union, has been looking into the feasibility of creating a fleet of space-based data centers, with Thales Alenia Spa...
According to the Verizon 2023 Data Breach Investigations Report , Basic Web Application Attacks accounted for nearly one-fourth of the entire breach data set. Although not the most sophisticated threats in the bunch, common web attacks like credential stuffing and SQL injection attacks continue to wreak havoc on the cybersecurity landscape, just li...
What Is a Host-Based Intrusion Detection System (HIDS)? A host-based intrusion detection system, or HIDS , is a network application that monitors suspicious and malicious behavior, both internally and externally. The HIDS job is to flag any unusual patterns of behavior that could signify a breach. By bringing this activity to the teams attention, t...
Damage a Distillation Column. LinkedIn discussion. Pull quote: Actually so far I havent found that many process equipment inherently secure against cyber attack. Attackers require very specific knowledge of the local system, and it depends on the type of production process, but once a threat actor gains access into the automation system also disti...
When I first started scanning through the final rule that the EPA published on Monday on Accidental Release Prevention Requirements two items caught my attention in the List of Abbreviations and Acronyms: CFATS and CVI. Given my interest in chemical security issues, I had to investigate. Both terms were used multiple times in the discussion about ...
Discover the top AI productivity tools to streamline workflows, boost efficiency, and optimize your tasks with cutting-edge AI technology. The post 12 Best AI Productivity Tools 2024 appeared first on eWEEK.
Todays VERT Alert addresses Microsofts March 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the March Patch Tuesday release. CVE Breakdown by Tag While historica...
Today, CISAs NCCIC-ICS published one control system security advisory for products from Schneider Electric. Schneider published two other new advisories today (in addition to this one) and four updates. I will be covering those this weekend. Advisories Schneider Advisory - This advisory describes a deserialization of untrusted data vulnerability ...
Posted by Sarah Jacobus, Vulnerability Rewards Team Last year, we again witnessed the power of community-driven security efforts as researchers from around the world contributed to help us identify and address thousands of vulnerabilities in our products and services. Working with our dedicated bug hunter community, we awarded $10 million to our ...
Having been in the military myself many years ago, it always astounds me when I read about military personnel who blatantlyuse drugswhile in the service, even though they know it is not allowed. I guess with easy access to a variety of drugs, especially overseas, the temptation is too much
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved an information collection request (ICR) from CISA on Secure Software Self-Attestation Common Form. This form was developed by CISA in coordination with the Office of Management and Budget to meet the secure software development attestation require...
Yesterday, with both the House and Senate in session, there were 26 bills introduced. None of the bills introduced will receive additional coverage in this blog, but there are two bills that I would like to mention in passing: HR 7610 To amend the Homeland Security Act of 2002 to clarify that utility line technicians qualify as emergency response ...
Protecting sensitive data and other assets requires an organization to be adaptable and stay informed on things like the digital landscape and threat trends. While some aspects of security are within an organizations control, it can be extremely difficult to manage all of the risks and vulnerabilities that are likely to arise. Security configuratio...
Learn to Say No. SCADAMag.Infracritical.com article. Another practical security type from Jake Brodsky. Pull quote: Tell them to pound sand and do it in such a way that they wont come back until theyre willing to understand your concerns as well. And by the way, this especially goes for people who are pushing technological solutions to problems you...
Today, the EPA (finally) published a final rule in the Federal Register (89 FR 17622-17692) on Accidental Release Prevention Requirements: Risk Management Programs Under the Clean Air Act; Safer Communities by Chemical Accident Prevention. The notice of proposed rulemaking (NPRM) was published on August 31st, 2022. The regulations will be effective...
Reporting Background See this post for explanation. Data from PHMSAs online database of transportation related chemical incidents that have been reported to the agency. NOTE: The database was under maintenance this weekend so this is the first chance I have had to get last weeks report done. Incidents Summary Number of incidents 75 (70 highwa...
Historically, cyber-attacks were labor-intensive, meticulously planned, and needed extensive manual research. However, with the advent of AI , threat actors have harnessed their capabilities to orchestrate attacks with exceptional efficiency and potency. This technological shift enables them to execute more sophisticated, harder-to-detect attacks a...
On Thursday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking (NPRM) from FAR on Federal Acquisition Regulation (FAR); FAR Case 2023-002, Supply Chain Software Security. According to the Fall 2023 Unified Agenda entry for this rulemaking: This rule will require suppliers ...
NOTE: See here for series background. Clinton Township, MI 3-4-24 Local news reports: Here, here, and here. A warehouse fire with multiple small flammable-gas cylinders, cylinders exploded during fire. Multiple injuries and one dead. CSB reportable. Buffalo, NY 3-4-24 Local news reports: Here, here, and here. Fire in external pipe rack at ...
This week the Government Accountability Office (GAO) published a report on Cybersecurity: Improvements Needed in Addressing Risks to Operational Technology. This report outlines actions taken by CISA to support critical infrastructure organizations and sector risk management agencies in securing operational technology. The 70-page report concludes...
This week we have 12 vendor disclosures from Aruba Networks, Commend, Moxa, Omron, QNAP (5), SEL, VMware (2), and Western Digital. There are four vendor updates from Cisco and HP (3). We also have three researcher reports of vulnerabilities for products from Lenovo. Finally, we have five exploits for Petrol Pump (3), RAD, and Solar-Log. Advisories...
Prefer eSIMs. WHMurray.blogspot.com blog post. Pull quote: This is where the eSIM comes in. Instead of storing the IMSI on an IC, in late model phones it can be stored in a High Security Module (HSM) on the phone. Instead of being provisioned by support personnel at your wireless provider, it is provisioned by you either by running an app on your...
Last month, Rep Holmes (D,DC) introduced HR 7237, the Protecting Homes from Trains Act of 2024. The bill would require DOT to establish a new grant program to design or construct a barrier to mitigate rail activity that may negatively impact a residential structure or its use. The bill would authorize $100 million per year through 2029 to support t...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a notice of availability from the FDA on Select Updates for the Premarket Cybersecurity Guidance: Section 524B of the Federal Food, Drug, and Cosmetic Act; Draft Guidance for Industry and Food and Drug Administration Staff; Availability. This guid...
Sinema exit could put Senate filibuster in peril. TheHill.com article. Pull quote: Sinema, along with Sen. Joe Manchin (D-W.Va.), had drawn the ire of progressives by refusing to weaken the 60-vote threshold in order to codify abortion or voting rights legislation and both are retiring at the end of the year. SpaceX eyes March 14 for next Starshi...
Today, CISAs NCCIC-ICS published a security system security advisory for products from Chirp Systems. Advisory Chirp Advisory - This advisory describes a hard-coded credential vulnerability in the Chirp Access product. For more information about this advisory, and a brief look at a coordinated disclosure issue with the CISAs latest KEV catalo...
Last month, Rep Eshoo (D,CA) introduced HR 7197, the Artificial Intelligence Environmental Impacts Act of 2024. The bill would require the EPA to conduct a study on the environmental impacts of artificial intelligence. It would then require the National Institute of Standards and Technology (NIST) to convene a consortium to identify the future meas...
Yesterday, after the House passed H Res 1061 and sent HR 4366, the Consolidated Appropriations Act, 2024, back to the Senate with an amendment turning the bill into a six-bill minibus spending bill, the Senate began consideration of the amendment. A cloture motion was filed to close further debate on the motion to concur in the amendment of the Hou...
Yesterday, with both the House and Senate in Washington, there were 47 bills introduced. One of those bills will receive additional attention in this blog: H Res 1061 Providing for the concurrence by the House in the Senate amendment to H.R. 4366, with an amendment. Granger, Kay [Rep.-R-TX-12] Text here. This is the spending bill that was passed ...
New Hazmat Guide for Orphan Chlorine Container Response. HazmatNation.com article. Pull quote: In addition to conducting free training for first responders (in cooperation with other TRANSCAER sponsors), CI has developed publications and focused guidance to enhance chlorine emergency response efforts. This month, CI published a new resource for fir...
This afternoon, the House took up H Res 1061, describes as a resolution Providing for the concurrence by the House in the Senate amendment to HR 4366, with an amendment.", making this the vehicle for the first FY 2024 minibus that I described on Monday. While we will not know for sure until the language for H Res 1061 is published but this should b...
Exploring the generative AI landscape? Find out how 2024 trends are molding the future of artificial intelligence. The post Generative AI Landscape: Trends of 2024 and Beyond appeared first on eWEEK.
SpaceX fuels up massive Starship megarocket in test for 3rd launch (photos). Space.com article. Pull quote: The gleaming, stainless-steel Starship rocket and its Super Heavy booster, which together stand 400 feet tall (122 meters), were filled with more than 10 million pounds of liquid methane and liquid oxygen propellant during the recent launch d...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had received a final rule from the EPA on Procedures for Chemical Risk Evaluation Under the Toxic Substances Control Act (TSCA). The EPA published the notice of proposed rulemaking (NPRM) for this action on October 30th, 2023. According to the Fall 2023 Unifi...
Yesterday, with both the House and Senate in session, there were 67 bills introduced. One of those bills may receive additional attention in this blog: HR 7556 To establish a working group to coordinate regulatory oversight of liquefied natural gas facilities, and for other purposes. Weber, Randy K. [Rep.-R-TX-14] I suspect that this bill is desi...
Is the FAA Ready for More Space Travelers? GAO.gov blog post. Love it, a GAO blog post about a GAO report. Pull quote: But up until now, FAA has only been reviewing commercial space operations to ensure they dont damage innocent bystanders or nearby propertynot to ensure the safety of people onboard. Congress temporarily prohibited FAA from issuing...
Once again, CISA has updated the landing page for the officially defunct Chemical Facility Anti-Terrorism Standards (CFATS) program. Hoping against continued Senate inaction {or more appropriately, opposition of Sen Rand (R,KY)} that the program will be resurrected, CISA moves the standard fare of the pre-termination page further down the page and ...
- Welcome!
- SecurityCentric aggregates blogs for the Security industry.
- Custom Feeds
- Add any RSS feed to the information you read daily.
- Blocked Feeds
- Block feeds to remove blogs you’re not interested in.
- Account Settings
- Customize the site by adding or removing feeds.
Don’t have an account yet?
- Customize your settings
- Edit how your blog displays
- Add or remove blogs you read. Sign Up.
About Us
SecurityCentric is your source for all your Security news.
Have a Suggestion for Us?
|
Know of a Security blog that we're missing? Let us know!
|
Share SecurityCentric.com
| 
