SecurityCentric is your source for Blog Aggregation in the Security industry

Fix for Logitech Setpoint won't open on Windows 10 in 2023

 Mark As Read    

Back in 2016, I wrote a blog article detailing how I got Logitech SetPoint to startup with Windows. Until I found the fix, SetPoint installed and I could open and manage it, but it simply wouldn't auto-launch when I logged into Windows or install its icon in the "System Tray." Fast forward 7 years and a new problem popped up with SetPoint not worki...

Downfall and Zenbleed: Googlers helping secure the ecosystem

 Mark As Read    

Tavis Ormandy, Software Engineer and Daniel Moghimi, Senior Research ScientistFinding and mitigating security vulnerabilities is critical to keeping Internet users safe. However, the more complex a system becomes, the harder it is to secureand that is also the case with computing hardware and processors, which have developed highly advanced capabi...

An update on Chrome Security updates shipping security fixes to you faster

 Mark As Read    

Posted by Amy Ressler, Chrome Security Team To get security fixes to you faster, starting now in Chrome 116, Chrome is shipping weekly Stable channel updates. Chrome ships a new milestone release every four weeks. In between those major releases, we ship updates to address security and other high impact bugs. We currently schedule one of these ...

Android 14 introduces first-of-its-kind cellular connectivity security features

 Mark As Read    

Posted by Roger Piqueras Jover, Yomna Nasser, and Sudhi Herle Android is the first mobile operating system to introduce advanced cellular security mitigations for both consumers and enterprises. Android 14 introduces support for IT administrators to disable 2G support in their managed device fleet. Android 14 also introduces a feature that disabl...

Surreptitiously Videoing Men in Locker Room Sinks Clearance Eligibility

 Mark As Read    

Occasionally I run across news stories about men getting caught secretly recording women under their dresses while in changing rooms or bathrooms. In an unusual twist, I found a Department of Energy (DOE) Office of Hearing and Appeals case where the clearance applicant was caught recording other men with his

Pixel Binary Transparency: verifiable security for Pixel devices

 Mark As Read    

Jay Hou, Software Engineer, TrustFabric (transparency.dev) Pixel Binary Transparency was originally announced in 2021; the following blog post offers a closer look at how it works.Pixel Binary TransparencyWith Android powering billions of devices, weve long put security first. Theres the more visible security features you might interact with regula...

The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022

 Mark As Read    

Maddie Stone, Security Researcher, Threat Analysis Group (TAG)This is Googles fourth annual year-in-review of 0-days exploited in-the-wild [2021, 2020, 2019] and builds off of the mid-year 2022 review. The goal of this report is not to detail each individual exploit, but instead to analyze the exploits from the year as a whole, looking for trends, ...

Supply chain security for Go, Part 3: Shifting left

 Mark As Read    

Julie Qiu, Go Security & Reliability and Jonathan Metzman, Google Open Source Security TeamPreviously in our Supply chain security for Go series, we covered dependency and vulnerability management tools and how Go ensures package integrity and availability as part of the commitment to countering the rise in supply chain attacks in recent years....

A look at Chromes security review culture

 Mark As Read    

Posted by Alex Gough, Chrome Security Team Security reviewers must develop the confidence and skills to make fast, difficult decisions. A simplistic piece of advice to reviewers is just be confident but in reality that takes practice and experience. Confidence comes with time, and people are there to support each other as we learn. This post shares...

An important step towards secure and interoperable messaging

 Mark As Read    

Posted by Giles Hogben, Privacy Engineering Director Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but users today are limited to communicating with contacts who use the same platform. This is why Google is strongly supportive of regulatory efforts that require interoperability for large end-t...

Bills Introduced 7-17-23

 Mark As Read    

Yesterday, with just the House in session, there were 35 bills introduced. Three of those bills may receive additional coverage in this blog: HR 4664 Making appropriations for financial services and general government for the fiscal year ending September 30, 2024, and for other purposes. Womack, Steve [Rep.-R-AR-3] HR 4665 Making appropriations f...

Short Takes 7-17-23

 Mark As Read    

Marjorie Taylor Greenes latest moves make her an ultimate D.C. insider. WashingtonPost.com article. Pull quote: Well, thats what we do here. We negotiate, Greene told reporters after voting for the legislation Friday morning, 16 hours after telling them she would oppose it. This is just moving the bill, which has so many good things in it, to the n...

Committee Hearings Week of 7-16-23

 Mark As Read    

This week with both the House and Senate in Washington and the summer recess looming we see a typical load of hearings scheduled for both bodies. Spending bills are being marked up by both Appropriations Committees. We have an rule hearing (FAA authorization) of interest and an energy threats hearing in the House. And there are two markup hearings ...

CG Announces NMSAC Meeting August 2023

 Mark As Read    

Today, the Coast Guard published a meeting notice in the Federal Register (88 FR 45435-45436) for a two-day meeting of the National Maritime Security Advisory Committee (NMSAC) on August 22nd and 23rd in Arlington, VA. The public is invited to attend either the actual meeting or the virtual version. NOTE: The HomePort NMSAC link (https://homeport....

S 2178 Introduced CFATS Extension

 Mark As Read    

Last month, Sen Peter (D,MI) introduced S 2178, the Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2023. As expected, this bill is a clean extension of the Chemical Facility Anti-Terrorism Standards (CFATS) program through October 1, 2028. Moving Forward While Peters is the Chair of the Senate Homeland Security and Gove...

Review Public ICS Disclosures Week of 7-8-23 Part 2

 Mark As Read    

For Part 2 we have six vendor disclosures from Schneider (4) and Siemens (2). Finally, we have 16 vendor updates from Schneider (4) and Siemens (12). Advisories Schneider Advisory #1 - Schneider published an advisory that describes four vulnerabilities in their StruxureWare Data Center Expert. Schneider Advisory #2 - Schneider published an advis...

PHMSA Sends LNG by Rail Suspension Final Rule to OMB

 Mark As Read    

Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had received a final rule from DOTs Pipeline and Hazardous Materials Safety Administration (PHMSA) for Hazardous Materials: Suspension of HMR Amendments Authorizing Transportation of Liquefied Natural Gas by Rail. According to the Spring 2023 Unified Agenda e...

TWITTER Self-Awareness (NOT)

 Mark As Read    

I just saw this on my feed today: I guess they did not see the announcement by Siemens (or the Tweet about the same) that they were shutting down their Twitter feed. Or maybe they are trying to convince Siemens to stay on Twitter by increasing the number of followers that they have. Or, maybe Twitter is just clueless. On a side note. I did not fo...

CRS Reports Week of 7-8-23 Chemical Security

 Mark As Read    

This week the Congressional Research Service (CRS) published a short (3 pages) report on Chemical Security: Regulatory Implications of Terrorism Risk Assessment Methodology. It provides a broad discussion about the risk assessment methodologies used to determine facility involvement and risk tiering in the Chemical Facility Anti-Terrorism Standards...

Review Public ICS Disclosures Week of 7-8-23 Part 1

 Mark As Read    

This week we have 16 vendor disclosures from Aruba Networks, Eaton, Festo, FortiGuard (2), Insyde (3), Moxa (2), Palo Alto Networks, Setelsa, Sick, VMware, and Wireshark (2). We have one vendor update from Moxa. We also have six researcher reports for vulnerabilities in products from VMware (5) and Sante. Finally, we have an exploit for products fr...

Short Takes 7-14-23

 Mark As Read    

Biden orders 3,000 reservists to be ready for Europe deployments. Politico.com article. Pull quote: The presidents order also for the first time designates Operation Atlantic Resolve [link added], the U.S. effort in Europe, as a contingency operation, which allows the Pentagon to call up reserve forces and implement sped-up acquisition authorities ...

HR 2670 Passed in House FY 2024 NDAA

 Mark As Read    

Earlier today, the House completed action on H 2670, the FY 2024 National Defense Authorization Act by a near party-line vote of 219 to 210. The action was taken after a number of additional amendments were considered. Four Democrats voted for the bill and four Republicans voted against it. While there has been mention in the press (see here for i...

Bills Introduced 7-13-23

 Mark As Read    

Yesterday, with both the House and Senate in session, there were 102 bills introduced. Six of those bills will receive additional attention in this blog: HR 4623 To establish a voluntary program to identify and promote internet-connected products that meet industry-leading cybersecurity and data security standards, guidelines, best practices, meth...

HR 2670 Considered in the House 7-13-23 FY 2024 NDAA

 Mark As Read    

Yesterday the House continued their consideration of HR 2670, the FY 2024 National Defense Authorization Act. The consensus actions of the previous day were done, with the House grinding through Amendment 62 (of the 80 amendments approved by the House Rules Committee). While most of the amendments passed or failed by near party-line votes, there we...

Short Takes 7-13-23

 Mark As Read    

Beware of Big Head Ransomware: Spreading Through Fake Windows Updates. TheHackerNews.com article. Pull quote: "One Big Head ransomware variant displays a fake Windows Update, potentially indicating that the ransomware was also distributed as a fake Windows Update," Fortinet researchers said at the time. "One of the variants has a Microsoft Word ico...

Review 7 Advisories and 2 Updates Published 7-13-23

 Mark As Read    

Today CISAs NCCIC-ICS published six control system and 1 medical device security advisories for products from Honeywell, Rockwell Automation, Siemens (4), and BD. They also updated advisories for products from Enphase and Mitsubishi. There were two additional Siemens advisories (and 12 updates that CISA no longer covers) that were published this w...

Review - HR 4470 Mark Up 7-12-23 CFATS Extension

 Mark As Read    

Yesterday, the House Homeland Security Committee conducted a markup hearing that include consideration of HR 4470, the Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2023. Substitute language was adopted by voice vote. Ten other amendments were offered, but none were agreed to. The Chemical Facility Anti-Terrorism Standar...

Bill Introduced 7-13-23

 Mark As Read    

Yesterday, with both the House and Senate in session, there were 67 bills introduced. One of those bills will receive additional coverage on this blog: S 2256 A bill to authorize the Director of the Cybersecurity and Infrastructure Security Agency to establish an apprenticeship program and to establish a pilot program on cybersecurity training for...

HR 2670 Considered in House 7-12-13 FY 2024 NDAA

 Mark As Read    

Yesterday, the House began consideration of HR 2670, the FY 2024 National Defense Authorization Act. With one exception, the House considered each of the 290 amendments approved for consideration by the House Rules Committee in a series of five en bloc debates and votes. All except the amendments in en block #5 were adopted by voice votes. A record...

Short Takes 7-12-23

 Mark As Read    

Windows 95, 98, and other decrepit versions can grab online updates again. ArsTechnica.com article. Pull quote: These old versions of Windows relied primarily on a Windows Update web app to function rather than built-in updaters like the ones used in current Windows versions. Microsoft took down the version of the site that could scan and update Wi...

Review 1 Advisory Published 7-12-23

 Mark As Read    

Today in an unusual Wednesday notification, CISAs NCCIC-ICS published a control system security advisory for products from Rockwell. Advisory Rockwell Advisory - This advisory describes two out-of-bounds write vulnerabilities in a variety of Rockwell 1756-ENxx network bridges. By-The-Way: READ THE ROCKWELL ADVISORY. It includes potential indicat...

Bills Introduced 7-11-23

 Mark As Read    

Yesterday, with both the House and Senate in session, there were 80 bills introduced. Five of those bills may receive additional coverage in this blog. HR 4540 To amend the Safe Drinking Water Act to establish a program to provide grants to suppliers of water for the purpose of making infrastructure improvements to public water systems, and for ot...

Amendments for Consideration of HR 2670 FY 2024 NDAA

 Mark As Read    

Yesterday, the House Rules Committee met to prepare the Rule for the consideration of HR 2670, the FY 2024 National Defense Authorization Act. They formulated a structured rule with one hour of general debate and specified which of the 1556 amendments that has been proposed to the Committee could be offered during the consideration of the bill. Ame...

Short Takes 7-11-23

 Mark As Read    

McCarthy seeks to ward off GOP uproar on spending stopgap. TheHill.com article. Pull quote: Conservatives are not yet saying theyll flatly oppose a short-term funding patch, known as a continuing resolution (CR), as they push to secure sharp spending cuts in next years appropriations bills. But such an extension, by keeping spending at current leve...

HR 3960 Cosponsor Added Aviation Hydrogen

 Mark As Read    

HR 3960 Cosponsor Added Aviation Hydrogen Yesterday, the House added a cosponsor for HR 3960, the Hydrogen Aviation Development Act. Rep Carson (D,WA) was added as the sole cosponsor. Carson is a member of the House Transportation and Infrastructure Committee to which this bill was assigned for primary consideration. This means that there may now...

How to Handle Rogue APs (Without getting arrested)

 Mark As Read    

One of the primary ways weve been handling rogues is in direct violation of the FCC regulations in the United States, and Im told similarly illegal in other countries. Lets be honest, youre all too pretty for prison. So then, heres how to handle rogues without getting arrested or paying fines. For the purposes of […]

Security Uncorked 262 days ago

What Happens on TDY Doesnt Always Stay on TDY

 Mark As Read    

There is a saying in military circles about what happens when you are on travel to a temporary duty assignment (TDY) stays there. This also applies to DoD civilians and contractors. Well, one DoD contractor found out this is not necessarily true after having his clearance eligibility denied due to

Facebook Ads Scam

 Mark As Read    

If you run ads, or pay to boost posts on your Facebook (business) pages, you may have received an email with a subject similar to these: Your ad does not meet Facebook's advertising standards. Your ad will be suspended and your ad account will be restricted Your Ads Account Has Been Disabled Due To Violation Of Community Standards The e...

Contractor Uses Remote Clock-In Capability to Falsify Timecards

 Mark As Read    

Federal contractor companies are constantly looking for IT professionals to fill critical positions to support their contracts with government agencies. This in-demand career field is fast moving with constant changes in requirements. This puts pressure on IT specialists to keep up with the pace and sometimes leads to taking shortcuts

Gmail client-side encryption: A deep dive

 Mark As Read    

Nicolas Lidzborski, Principal Engineer and Jaishankar Sundararaman, Sr. Director of Engineering, Google WorkspaceIn February, we expanded Google Workspace client-side encryption (CSE) capabilities to include Gmail and Calendar in addition to Drive, Docs, Slides, Sheets, and Meet.CSE in Gmail was designed to provide commercial and public sector orga...

Lack of Candor on Background Investigation Forms Will Sink You

 Mark As Read    

More and more often, on all levels of background investigations I see applicants who fail to disclose required information. Some attribute it to oversight and failing to thoroughly read the questions and others claim an unfamiliarity with filling out government forms. Regardless, all applicants must check the box on the

My Last Email with W. Richard Stevens

 Mark As Read    

In the fall of 1998 I joined the AFCERT. I became acquainted with the amazing book TCP/IP Illustrated, Volume 1: The Protocols by W. Richard Stevens. About a year later I exchanged emails with Mr. Stevens. Here is the last exchange, as forwarded from my AFCERT email address to my home email.From "Capt Richard Bejtlich - Real Time Chief" Mon Sep 6 ...

TaoSecurity 277 days ago

Bejtlich Skills and Interest Radar from July 2005

 Mark As Read    

This is unusual. I found this "skills and interest radar" diagram I created in July 2005. It looks like my attempt to capture and prioritize technical interests. At the time I was about to start consulting on my own, IIRC.Copyright 2003-2020 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

TaoSecurity 277 days ago

Key Network Questions

 Mark As Read    

I wrote this on 7 December 2018 but never published it until today. The following are the "key network questions" which "would answer many key questions about [a] network, without having to access a third party log repository. This data is derived from mining Zeek log data as it is created, rather than storing and querying Zeek logs in a third part...

TaoSecurity 277 days ago

Cybersecurity Is a Social, Policy, and Wicked Problem

 Mark As Read    

Cybersecurity is a social and policy problem, not a scientific or technical problem. Cybersecurity is also a wicked problem. In a landmark 1973 article, Dilemmas in a General Theory of Planning, urban planners Horst W. J. Rittel and Melvin M. Webber described wicked problems in these terms:The search for scientific bases for confronting problems of...

TaoSecurity 277 days ago

Core Writing Word and Page Counts

 Mark As Read    

I want to make a note of the numbers of words and pages in my core security writings.The Tao of Network Security Monitoring / 236k words / 833 pagesExtrusion Detection / 113k words / 417 pagesThe Practice of Network Security Monitoring / 97k words / 380 pagesThe Best of TaoSecurity Blog, Vol 1 / 84k words / 357 pagesThe Best of TaoSecurity Blog, Vo...

TaoSecurity 277 days ago

Supply chain security for Go, Part 2: Compromised dependencies

 Mark As Read    

Julie Qiu, Go Security & Reliability, and Roger Ng, Google Open Source Security TeamSecure your dependenciesits the new supply chain mantra. With attacks targeting software supply chains sharply rising, open source developers need to monitor and judge the risks of the projects they rely on. Our previous installment of the Supply chain security ...

Google Cloud Awards $313,337 in 2022 VRP Prizes

 Mark As Read    

Anthony Weems, Information Security Engineer2022 was a successful year for Google's Vulnerability Reward Programs (VRPs), with over 2,900 security issues identified and fixed, and over $12 million in bounty rewards awarded to researchers. A significant amount of these vulnerability reports helped improve the security of Google Cloud products, which...

Protect and manage browser extensions using Chrome Browser Cloud Management

 Mark As Read    

Posted by Anuj Goyal, Product Manager, Chrome Browser Browser extensions, while offering valuable functionalities, can seem risky to organizations. One major concern is the potential for security vulnerabilities. Poorly designed or malicious extensions could compromise data integrity and expose sensitive information to unauthorized access. Moreover...

Phishing Email Purporting to be from DCSA Targets Clearance Holders

 Mark As Read    

A few weeks ago, security clearance holders started getting emails that looked like they came from the Defense Counterintelligence and Security Agency (DCSA) that referenced the collection of information needed from them on an SF-86F (which does not exist) or SF86. In reality, it is a sophisticated malicious phishing email

Security
Welcome!
SecurityCentric aggregates blogs for the Security industry.
Custom Feeds
Add any RSS feed to the information you read daily.
Blocked Feeds
Block feeds to remove blogs you’re not interested in.
Account Settings
Customize the site by adding or removing feeds.

About Us

SecurityCentric is your source for all your Security news.

Have a Suggestion for Us?
Know of a Security blog that we're missing? Let us know!

Share SecurityCentric.com