SecurityCentric is your source for Blog Aggregation in the Security industry
As AI usage increases, so does the need for governance and tools to manage and monitor it. Discover the top X AI governance and tools now. The post Top 9 AI Governance Tools 2024 appeared first on eWEEK.
This week with both the House and Senate back in Washington, there is a very light hearing schedule (only one day of hearings in the House). There is one cybersecurity hearing in the House Cybersecurity On Thursday the Subcommittee on Transportation and Maritime Security of the House Homeland Security Committee will hold a hearing on Port Cyberse...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a revision of an existing information collection request from DODs Pipeline and Hazardous Material Safety Administration (PHMSA) on Hazardous Materials Security Plans. During an otherwise routine renewal request for the ICR, PHMSA reduced the burd...
Yesterday, the OMBs Office of Information and Regulatory Affairs announced that it had approved an advanced notice of proposed rulemaking (ANPRM) from the DOCs Bureau of Industry and Security on Update for 15 CFR Part 7. This rulemaking was not listed in the Fall 2023 Unified Agenda. This Part of the Commerce and Foreign Trade regulations deals wi...
Ready to explore the 9 best AI art generators? Check out our expert selections for next-level creativity. The post Best AI Art Generators: Our 9 Pro Picks For 2024 appeared first on eWEEK.
Unmanaged third-party access threatens OT environments. HelpNetSecurity.com article. Pull quote: 73% of organizations permit third-party access to OT environments, with an average of 77 third parties per organization granted such access. Challenges to securing third-party access include preventing unauthorized access (44%), aligning IT and OT secur...
Last week, the CG published a notice of proposed rulemaking for Cybersecurity in the Marine Transportation System. The proposed regulations would update the maritime security regulations by adding regulations specifically focused on establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and U.S...
Today, CISAs NCCIC-ICS published a control system security advisories for products from Mitsubishi Electric and a medical device security advisory for products from Santesoft. Advisories Mitsubishi Advisory - This advisory describes an insufficient resources pool vulnerability in the Mitsubishi MELSEC iQ-F Series compact control platform. Santes...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a revision request for the Federal Energy Regulatory Commissions (FERCs) information collection request (ICR) on Critical Energy/Electric Infrastructure [CEII] Information Data Request. The ICR burden was revised downward based upon the recent his...
Japan Moon lander revives after lunar night. Phys.org article. Pull quote: It [JAXA] said that communications were "terminated after a short time, as it was still lunar midday and the temperature of the communication equipment was very high." Guest comment: Deja vu, all over again. ProgressiveRailroading.com commentary. By Robert Primus, STB Board...
This particular Defense Office of Hearing and Appeals (DOHA) case was certainly an interesting read just because of the audacity of the applicant in thinking he could keep a security clearance in the first place. The Department of Defense initially granted him eligibility in 2018. In May 2021 he completed
Reporting Background See this post for explanation. Data from PHMSAs online database of transportation related chemical incidents that have been reported to the agency. NOTE: I normally report on this on Saturdays, but the PHMSA database was under maintenance this weekend. Incidents Summary Number of incidents 41 (33 highway, 7 air, 1 rail) ...
Earlier this month, Sen Markey (D,MI) introduced S 3732, the Artificial Intelligence Environmental Impacts Act of 2024. The bill would require the EPA to conduct a study on the environmental impacts of artificial intelligence. It would then require the National Institute of Standards and Technology (NIST) to convene a consortium to identify the fut...
Odysseus moon lander is tipped over but sending data. CosmicLog.com article. Pull quote: In normal software development for spacecraft, this is the kind of thing that would have taken a month of writing down the math, cross-checking it with your colleagues, doing some simple calculations to prove the theory by putting it into a simulation, running...
This week we have 13 vendor disclosures from ADT-TEC Industrial IT, B&R, Elecom (2), Hitachi, HP, HPE, Palo Alto Networks, Sierra Wireless, VMware (2), WAGO, and Zyxel. There are two vendor updates from Cisco and Elecom. There are also 14 researcher reports for products from Imaging Data Commons, Inductive Automation, Sante, SourceForge (8), We...
Yesterday, with the House and Senate meeting in pro forma session, there were 27 bills introduced. One of those bills will receive additional coverage in this blog: HR 7447 To amend the Help America Vote Act of 2002 to require the Election Assistance Commission to provide for the conduct of penetration testing as part of the testing and certificat...
GOP shutdown fears grow: We could be in a world of hurt. TheHill.com article. Pull quote: Appropriations bills being the key issue of just basic job performance Its like showing up to work on time and passing your drug test. Its like that basic level. Its not saying youre competent or good or anything else, McHenry told CBS. But weve done a terrib...
Yesterday, the CG published a notice of proposed rulemaking for Cybersecurity in the Marine Transportation System. The proposed regulations would update the maritime security regulations by adding regulations specifically focused on establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and U.S...
CISA ready to take CDM program into the world of OT. FederalNewsNetwork interview. Pull quote: From an asset management perspective, its starting to tackle those or continuing to tackle those other asset classes. The path and timeline will vary as you think across those different assets in terms of what thats going to look like. But our objective i...
Today, the Coast Guard published a notice of proposed rulemaking in the Federal Register (89 FR 13404-13514) on Cybersecurity in the Marine Transportation System. The proposed regulations would update the maritime security regulations by adding regulations specifically focused on establishing minimum cybersecurity requirements for U.S.-flagged vess...
Today, CISAs NCCIC-ICS published a control system security advisory for products from Delta Electronics. Advisories Delta Advisory - This advisory describes an uncontrolled search path vulnerability in the Delta CNCSoft-B DOPSoft products. For more information about this advisory, as well as a brief look at the latest addition to CISAs Known ...
Varda Space, Rocket Lab nail first-of-its-kind spacecraft landing in Utah. TechCrunch.com article. Pull quote: The first-of-its-kind reentry and landing is also a major win for Rocket Lab, which partnered with Varda on the mission. Rocket Lab hosted Vardas manufacturing capsule inside its Photon satellite bus; through the course of the mission, Pho...
Yesterday, the Chemical Safety Board published an update about their ongoing investigation of a fire that occurred in November during the startup of the Marathon Renewables Facility in Martinez, California. The update provides a description of the events that occurred that night and points at a possible proximate cause of the incident. The investig...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule for the EPAs Clean Water Act Hazardous Substance Facility Response Plans. The final rule was sent to OMB on October 11th, 2023. The notice of proposed rulemaking was published on March 28th, 2022. According to the Fall 2023 Unified A...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had received an advanced notice of proposed regulation (ANPRM) for Federal Acquisition Regulation (FAR); FAR Case 2023-008, Prohibition on Certain Semiconductor Products and Services. According to the Fall 2023 Unified Agenda entry for this rulemaking: This ...
Why Bloat Is Still Softwares Biggest Vulnerability. Spectrum.IEEEE.com article. Pull quote: Another problem is that we often dont know what code we are actually shipping. Software has gotten huge. In 1995 Niklaus Wirth lamented that software had grown to megabytes in size. In his article A Plea for Lean Software, he went on to describe his Oberon o...
Today, the EPA published a final rule in the Federal Register (89 FR 12961-12979) for Fees for the Administration of the Toxic Substances Control Act (TSCA). The notice of proposed rulemaking for this action was published on January 11th, 2021. A supplemental NPRM was published on November 16th, 2022. The effective date for todays rule is April 22n...
Yesterday, the Chemical Safety Board updated their Recent Recommendation Status Updates page to reflect changes in the status of seven accident-investigation recommendations. All seven recommendations were from the Husky Energy Superior Refinery Explosion and Fire investigation and applied to recommendations made to the current owner of the refiner...
Toxic Brucine-Laced Letters Spark Alarm in Brussels Government Offices. BNNBreaking.com article. Purple prose lives. Pull quote: The day unfolded with an ordinary rhythm until the ordinary turned ominous. Employees at the Palais de Justice, among Brussels' most iconic buildings, were the first to encounter the hazardous letters. Their discovery pro...
Earlier this month, DOT Federal Motor Carrier Safety Administration (FMCSA) and Pipeline and Hazardous Materials Safety Administration (PHMSA) published a Safety Advisory for Possible Catastrophic Failure of Nurse Tanks and Recommendation for Periodic Testing. The two agencies are recommending that owners of Anhydrous Ammonia Nurse Tanks manufactur...
Today, NOAAs National Hurricane Center published a New Product Update, explaining new sources of information and changes to information presentation for the 2024 Hurricane Season. It provides information on the following topics: Spanish language advisory text products, Issuance of U.S. watches and warnings on Intermediate advisories, Extens...
Today, CISAs NCCIC-ICS published three control system security advisories for products from Mitsubishi Electric, CISA and Commend. Advisories Mitsubishi Advisory - This advisory discusses an improper input validation vulnerability in the Mitsubishi Electrical discharge machines. CISA Advisory - This advisory describes two vulnerabilities in the ...
Earlier this month, Rep Boebert (R,CO) introduced HR 7190, the Fentanyl is a WMD Act. The very short (two sentences) bill would require the DHS Assistant Secretary for the Countering Weapons of Mass Destruction (CWMD) Office to treat illicit fentanyl as a weapon of mass destruction for purposes of title XIX of the Homeland Security Act of 2002 (6 U...
Plutonium to carbon double bond a first. ChemistryWorld.com article. More than a bit chem-geeky. Pull quote: The first organo-plutonium complex (Pu(C5H5)3) was reported in 1965 but research into the fundamental properties of plutonium has been held back due to experimental difficulties and availability of the element. Uranium is probably the last e...
Last month, Rep Weber (R,TX) introduced HR 7073, the Next Generation Pipelines Research. The bill would require the Department of Energy to establish a new grant program to carry out demonstration projects on low- to mid-technology readiness level subjects to achieve deployment of technologies. It would also require DOE and DOT to conduct a joint R...
Last year, the number of security clearance denials involving illegal drug use increased by 36% from the previous year. Quite a few of the denials involved security clearance holders who mistakenly thought they could partake in marijuana use because it was legal in their state. So far, 2024 is starting
For Part 2 we have four additional vendor disclosures from Schneider (3) and WatchGuard. There are also ten vendor updates from Dell, Schnieder, and Siemens (8). Finally, we have two exploits for products from Vimesa and Splunk. Advisories Schneider Advisory #1 - Schneider published an advisory that describes three vulnerabilities in multiple Sch...
Reporting Background See this post for explanation. Data from PHMSAs online database of transportation related chemical incidents that have been reported to the agency. Incidents Summary Number of incidents 25 (24 highway, 1 rail) Serious incidents 1 (1 Bulk release, 0 injuries, 0 deaths, 0 major artery closed) Largest container involved R...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking from the TSA on Enhancing Surface Cyber Risk Management. The advanced notice of proposed rulemaking for this rule was published [removed from paywall] on November 30th, 2022. The Fall 2023 Unified Agenda entry for ...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had received an advanced notice of proposed rulemaking from the DOCs Bureau of Industry and Standards (BIS) on Securing the Information and Communications Technology and Services Supply Chain: Connected Vehicles. This rulemaking was not listed in the Fall 2023...
NOTE: See here for series background. Wilmington, CA 2-15-24 Local News Stories: Here, here, and here. Explosion and fire of two 100-gal compressed natural gas fuel tanks on a semi-tractor. Two fire-fighters were hospitalized. No word on the cause of fire and explosion. Not CSB reportable, transportation accident not a fixed site.
This week we have vendor disclosures from B&R Automation, Buffalo, Hima, Hitachi, HP (7), HPE (5), Palo Alto Networks (6), Philips, and QNAP. Part 2 will include looks at advisories and updates from Schneider, Siemens, and VMware, along with two control system exploits. Advisories B&R Advisory - B&R published an advisory that discuss...
With a dire warning, concerns rise about conflict in space with Russia. WashingtonPost.com article. More on new Russian threat. Pull quote: This is not an active capability thats been deployed, White House spokesman John Kirby told reporters Thursday. Kirby didnt address questions about whether the system was designed to use a nuclear weapon or was...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that the Surface Transportation Board (STB) had withdrawn an emergency information collection request (ICR) for a new ICR on Expedited Relief for Service Emergencies. This ICR would have supported the information reporting requirements of the STBs recent final rule on...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule from the EPA on Accidental Release Prevention Requirements: Risk Management Program Under the Clean Air Act; Safer Communities by Chemical Accident Prevention. The rule was sent to the OMB on September 25th, 2023. The notice of propos...
Intuitive Machines Odysseus Lander Begins Its Moon Odyssey. UniverseToday.com article. Pull quote: Odysseuss science mission is scheduled to last about a week. The end will come when the sun drops beneath the moons horizon, cutting off the solar-powered landers ability to charge up its batteries. But that wont be the end for commercial moon mission...
Today, CISAs NCCIC-ICS published 16 control system security advisories for products from Rockwell Automation and Siemens (15). They also updated an advisory for products from Mitsubishi. CISA addressed each of the 15 advisories that Siemens published on Tuesday. As per their policy from last year, they did not publish updates for the eight Siemens...
Today, CISA published a 60-day information collection request (ICR) in the Federal Register (89 FR 11861-11862) for Service Request Form for Enterprise Assessment Services. This new ICR supports the Agencys cybersecurity assessments that help reduce risk for Federal, State, local, Tribal, Territorial and private sector critical infrastructure partn...
New legislation mandates a governmentwide repository of records dealing with "unidentified anomalous phenomena." NextGov.com article. Pull quote: Agencies have until the end of the current fiscal year to "review, identify, and organize each UAP record in its custody for disclosure to the public and transmission to the National Archives," according ...
Last week, the Senate Commerce, Science, and Technology Committee held an executive session to look at S 1939, FAA Reauthorization Act of 2023. Substitute language was considered, 81 amendments were proposed. The bill was approved (presumably after approving the substitute language and perhaps multiple additional amendments were adopted), and order...
- Welcome!
- SecurityCentric aggregates blogs for the Security industry.
- Custom Feeds
- Add any RSS feed to the information you read daily.
- Blocked Feeds
- Block feeds to remove blogs you’re not interested in.
- Account Settings
- Customize the site by adding or removing feeds.
Don’t have an account yet?
- Customize your settings
- Edit how your blog displays
- Add or remove blogs you read. Sign Up.
About Us
SecurityCentric is your source for all your Security news.
Have a Suggestion for Us?
|
Know of a Security blog that we're missing? Let us know!
|
Share SecurityCentric.com
| 
