SecurityCentric is your source for Blog Aggregation in the Security industry
Earlier this month, Sen Markey (D,MI) introduced S 3732, the Artificial Intelligence Environmental Impacts Act of 2024. The bill would require the EPA to conduct a study on the environmental impacts of artificial intelligence. It would then require the National Institute of Standards and Technology (NIST) to convene a consortium to identify the fut...
Odysseus moon lander is tipped over but sending data. CosmicLog.com article. Pull quote: In normal software development for spacecraft, this is the kind of thing that would have taken a month of writing down the math, cross-checking it with your colleagues, doing some simple calculations to prove the theory by putting it into a simulation, running...
This week we have 13 vendor disclosures from ADT-TEC Industrial IT, B&R, Elecom (2), Hitachi, HP, HPE, Palo Alto Networks, Sierra Wireless, VMware (2), WAGO, and Zyxel. There are two vendor updates from Cisco and Elecom. There are also 14 researcher reports for products from Imaging Data Commons, Inductive Automation, Sante, SourceForge (8), We...
Yesterday, with the House and Senate meeting in pro forma session, there were 27 bills introduced. One of those bills will receive additional coverage in this blog: HR 7447 To amend the Help America Vote Act of 2002 to require the Election Assistance Commission to provide for the conduct of penetration testing as part of the testing and certificat...
GOP shutdown fears grow: We could be in a world of hurt. TheHill.com article. Pull quote: Appropriations bills being the key issue of just basic job performance Its like showing up to work on time and passing your drug test. Its like that basic level. Its not saying youre competent or good or anything else, McHenry told CBS. But weve done a terrib...
Yesterday, the CG published a notice of proposed rulemaking for Cybersecurity in the Marine Transportation System. The proposed regulations would update the maritime security regulations by adding regulations specifically focused on establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and U.S...
CISA ready to take CDM program into the world of OT. FederalNewsNetwork interview. Pull quote: From an asset management perspective, its starting to tackle those or continuing to tackle those other asset classes. The path and timeline will vary as you think across those different assets in terms of what thats going to look like. But our objective i...
Today, the Coast Guard published a notice of proposed rulemaking in the Federal Register (89 FR 13404-13514) on Cybersecurity in the Marine Transportation System. The proposed regulations would update the maritime security regulations by adding regulations specifically focused on establishing minimum cybersecurity requirements for U.S.-flagged vess...
Today, CISAs NCCIC-ICS published a control system security advisory for products from Delta Electronics. Advisories Delta Advisory - This advisory describes an uncontrolled search path vulnerability in the Delta CNCSoft-B DOPSoft products. For more information about this advisory, as well as a brief look at the latest addition to CISAs Known ...
Varda Space, Rocket Lab nail first-of-its-kind spacecraft landing in Utah. TechCrunch.com article. Pull quote: The first-of-its-kind reentry and landing is also a major win for Rocket Lab, which partnered with Varda on the mission. Rocket Lab hosted Vardas manufacturing capsule inside its Photon satellite bus; through the course of the mission, Pho...
Yesterday, the Chemical Safety Board published an update about their ongoing investigation of a fire that occurred in November during the startup of the Marathon Renewables Facility in Martinez, California. The update provides a description of the events that occurred that night and points at a possible proximate cause of the incident. The investig...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule for the EPAs Clean Water Act Hazardous Substance Facility Response Plans. The final rule was sent to OMB on October 11th, 2023. The notice of proposed rulemaking was published on March 28th, 2022. According to the Fall 2023 Unified A...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had received an advanced notice of proposed regulation (ANPRM) for Federal Acquisition Regulation (FAR); FAR Case 2023-008, Prohibition on Certain Semiconductor Products and Services. According to the Fall 2023 Unified Agenda entry for this rulemaking: This ...
Why Bloat Is Still Softwares Biggest Vulnerability. Spectrum.IEEEE.com article. Pull quote: Another problem is that we often dont know what code we are actually shipping. Software has gotten huge. In 1995 Niklaus Wirth lamented that software had grown to megabytes in size. In his article A Plea for Lean Software, he went on to describe his Oberon o...
Today, the EPA published a final rule in the Federal Register (89 FR 12961-12979) for Fees for the Administration of the Toxic Substances Control Act (TSCA). The notice of proposed rulemaking for this action was published on January 11th, 2021. A supplemental NPRM was published on November 16th, 2022. The effective date for todays rule is April 22n...
Yesterday, the Chemical Safety Board updated their Recent Recommendation Status Updates page to reflect changes in the status of seven accident-investigation recommendations. All seven recommendations were from the Husky Energy Superior Refinery Explosion and Fire investigation and applied to recommendations made to the current owner of the refiner...
Toxic Brucine-Laced Letters Spark Alarm in Brussels Government Offices. BNNBreaking.com article. Purple prose lives. Pull quote: The day unfolded with an ordinary rhythm until the ordinary turned ominous. Employees at the Palais de Justice, among Brussels' most iconic buildings, were the first to encounter the hazardous letters. Their discovery pro...
Earlier this month, DOT Federal Motor Carrier Safety Administration (FMCSA) and Pipeline and Hazardous Materials Safety Administration (PHMSA) published a Safety Advisory for Possible Catastrophic Failure of Nurse Tanks and Recommendation for Periodic Testing. The two agencies are recommending that owners of Anhydrous Ammonia Nurse Tanks manufactur...
Today, NOAAs National Hurricane Center published a New Product Update, explaining new sources of information and changes to information presentation for the 2024 Hurricane Season. It provides information on the following topics: Spanish language advisory text products, Issuance of U.S. watches and warnings on Intermediate advisories, Extens...
Today, CISAs NCCIC-ICS published three control system security advisories for products from Mitsubishi Electric, CISA and Commend. Advisories Mitsubishi Advisory - This advisory discusses an improper input validation vulnerability in the Mitsubishi Electrical discharge machines. CISA Advisory - This advisory describes two vulnerabilities in the ...
Earlier this month, Rep Boebert (R,CO) introduced HR 7190, the Fentanyl is a WMD Act. The very short (two sentences) bill would require the DHS Assistant Secretary for the Countering Weapons of Mass Destruction (CWMD) Office to treat illicit fentanyl as a weapon of mass destruction for purposes of title XIX of the Homeland Security Act of 2002 (6 U...
Plutonium to carbon double bond a first. ChemistryWorld.com article. More than a bit chem-geeky. Pull quote: The first organo-plutonium complex (Pu(C5H5)3) was reported in 1965 but research into the fundamental properties of plutonium has been held back due to experimental difficulties and availability of the element. Uranium is probably the last e...
Last month, Rep Weber (R,TX) introduced HR 7073, the Next Generation Pipelines Research. The bill would require the Department of Energy to establish a new grant program to carry out demonstration projects on low- to mid-technology readiness level subjects to achieve deployment of technologies. It would also require DOE and DOT to conduct a joint R...
Last year, the number of security clearance denials involving illegal drug use increased by 36% from the previous year. Quite a few of the denials involved security clearance holders who mistakenly thought they could partake in marijuana use because it was legal in their state. So far, 2024 is starting
For Part 2 we have four additional vendor disclosures from Schneider (3) and WatchGuard. There are also ten vendor updates from Dell, Schnieder, and Siemens (8). Finally, we have two exploits for products from Vimesa and Splunk. Advisories Schneider Advisory #1 - Schneider published an advisory that describes three vulnerabilities in multiple Sch...
Reporting Background See this post for explanation. Data from PHMSAs online database of transportation related chemical incidents that have been reported to the agency. Incidents Summary Number of incidents 25 (24 highway, 1 rail) Serious incidents 1 (1 Bulk release, 0 injuries, 0 deaths, 0 major artery closed) Largest container involved R...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking from the TSA on Enhancing Surface Cyber Risk Management. The advanced notice of proposed rulemaking for this rule was published [removed from paywall] on November 30th, 2022. The Fall 2023 Unified Agenda entry for ...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had received an advanced notice of proposed rulemaking from the DOCs Bureau of Industry and Standards (BIS) on Securing the Information and Communications Technology and Services Supply Chain: Connected Vehicles. This rulemaking was not listed in the Fall 2023...
NOTE: See here for series background. Wilmington, CA 2-15-24 Local News Stories: Here, here, and here. Explosion and fire of two 100-gal compressed natural gas fuel tanks on a semi-tractor. Two fire-fighters were hospitalized. No word on the cause of fire and explosion. Not CSB reportable, transportation accident not a fixed site.
This week we have vendor disclosures from B&R Automation, Buffalo, Hima, Hitachi, HP (7), HPE (5), Palo Alto Networks (6), Philips, and QNAP. Part 2 will include looks at advisories and updates from Schneider, Siemens, and VMware, along with two control system exploits. Advisories B&R Advisory - B&R published an advisory that discuss...
With a dire warning, concerns rise about conflict in space with Russia. WashingtonPost.com article. More on new Russian threat. Pull quote: This is not an active capability thats been deployed, White House spokesman John Kirby told reporters Thursday. Kirby didnt address questions about whether the system was designed to use a nuclear weapon or was...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that the Surface Transportation Board (STB) had withdrawn an emergency information collection request (ICR) for a new ICR on Expedited Relief for Service Emergencies. This ICR would have supported the information reporting requirements of the STBs recent final rule on...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule from the EPA on Accidental Release Prevention Requirements: Risk Management Program Under the Clean Air Act; Safer Communities by Chemical Accident Prevention. The rule was sent to the OMB on September 25th, 2023. The notice of propos...
Intuitive Machines Odysseus Lander Begins Its Moon Odyssey. UniverseToday.com article. Pull quote: Odysseuss science mission is scheduled to last about a week. The end will come when the sun drops beneath the moons horizon, cutting off the solar-powered landers ability to charge up its batteries. But that wont be the end for commercial moon mission...
Today, CISAs NCCIC-ICS published 16 control system security advisories for products from Rockwell Automation and Siemens (15). They also updated an advisory for products from Mitsubishi. CISA addressed each of the 15 advisories that Siemens published on Tuesday. As per their policy from last year, they did not publish updates for the eight Siemens...
Today, CISA published a 60-day information collection request (ICR) in the Federal Register (89 FR 11861-11862) for Service Request Form for Enterprise Assessment Services. This new ICR supports the Agencys cybersecurity assessments that help reduce risk for Federal, State, local, Tribal, Territorial and private sector critical infrastructure partn...
New legislation mandates a governmentwide repository of records dealing with "unidentified anomalous phenomena." NextGov.com article. Pull quote: Agencies have until the end of the current fiscal year to "review, identify, and organize each UAP record in its custody for disclosure to the public and transmission to the National Archives," according ...
Last week, the Senate Commerce, Science, and Technology Committee held an executive session to look at S 1939, FAA Reauthorization Act of 2023. Substitute language was considered, 81 amendments were proposed. The bill was approved (presumably after approving the substitute language and perhaps multiple additional amendments were adopted), and order...
Earlier this month, the DOLs Occupational Health and Safety Administration (OSHA) published a notice of proposed rulemaking in the Federal Register (89 FR 7774-8023) on Emergency Response Standard. This is the third part of a series of articles looking at that complex rule making. Here, I will look at the requirements for WEREs and ESOs to establis...
Space startup plans to beam hyperspectral insights to US government. TheNextWeb.com article. Pull quote: It [hyperspectral camera] can also be tuned in orbit for specific use cases. The agricultural sector, for instance, can optimise the sensors to monitor crops. Defence ministries can tap the data for surveillance. Industrial sites can deploy the...
Earlier this month, Rep Stauber (R,MN) introduced HR 7241, the Rural Water System Disaster Preparedness and Assistance Act. The bill would require the USDA to establish a new grant program to assist associations that operate rural water or wastewater systems in preparing for and responding to natural or man-made disasters. The bill provides authori...
Today, CISAs NCCIC-ICS published a control system security advisory for products from Mitsubishi. Advisories Mitsubishi Advisory - This advisory describes an incorrect privilege assignment vulnerability in the Mitsubishi MELSEC iQ-R Series Safety CPU and SIL2 Process CPU modules. For more information about this advisory, including a look at some...
This week, with the Senate heading home for a late start to their two week homestand and the House just arriving in town, there is a fairly light hearing schedule and its mainly political. There is one markup hearing of potential interest here. Markup Hearing On Thursday the Subcommittee on Communications and Technology of the House Energy and Co...
The Governments Former UFO Hunter Found Something More Concerning than Aliens. ScientificAmerican.com article. Pull quote: So most of my time [was] spent trying to figure out how to investigate conspiracy, and you cant prove a negative, right? So now youre faced with laying out as much evidence as you can, but you find that the policy makers have t...
Last month, Sen Cotton (R,AR) introduced S 3661, the Farm and Food Cybersecurity Act of 2024. The bill would require USDA to periodically assess cybersecurity threats to, and vulnerabilities in, the agriculture and food critical infrastructure sector. Additionally, it would be required to conduct an annual cross-sector simulation exercise relating ...
I ran across a rather unusual Defense Office of Hearing and Appeals (DOHA) case involving serious criminal conduct occurring in 2007. In most cases, the time elapsed since then would have mitigated the concerns, but in this particular instance, they did not. Here are the highlights of the case. In
Rust Wont Save Us: An Analysis of 2023s Known Exploited Vulnerabilities. Horizon3.ai article. Pull quote: Google Chromium, the engine used by the majority of browsers around the world, reports that approximately 70% of their high severity issues are memory safety issues. Microsoft reports the same percent of issues affecting its Windows OS are also...
Posted by Eugene Liderman, Director of Mobile Security Strategy, Google From its founding, Android has been guided by principles of openness, transparency, safety, and choice. Android gives you the freedom to choose which device best fits your needs, while also providing the flexibility to download apps from a variety of sources, including preloa...
Posted by Lars Bergstrom Director, Android Platform Tools & Libraries and Chair of the Rust Foundation Board Back in 2021, we announced that Google was joining the Rust Foundation. At the time, Rust was already in wide use across Android and other Google products. Our announcement emphasized our commitment to improving the security reviews o...
Background investigators can tell you they hate it when they are interviewing someone who has listed information way beyond what the scope of the questions are asking for on the Questionnaire for National Security Positions (SF-86). That is because the investigator has to cover all of the information listed by
- Welcome!
- SecurityCentric aggregates blogs for the Security industry.
- Custom Feeds
- Add any RSS feed to the information you read daily.
- Blocked Feeds
- Block feeds to remove blogs you’re not interested in.
- Account Settings
- Customize the site by adding or removing feeds.
Don’t have an account yet?
- Customize your settings
- Edit how your blog displays
- Add or remove blogs you read. Sign Up.
About Us
SecurityCentric is your source for all your Security news.
Have a Suggestion for Us?
|
Know of a Security blog that we're missing? Let us know!
|
Share SecurityCentric.com
| 
