SecurityCentric is your source for Blog Aggregation in the Security industry
In 2023, companies lost about $4.45 million on average because of data breaches. As cyber threats advance, securing endpoints is more important than ever. An advanced Host-based Intrusion Detection System (HIDS) provides a sturdy remedy to improve endpoint security . By monitoring and examining system responses and device status, HIDS identifies an...
Budgetary and resource constraints play a huge role in cyberattacks on smaller organizations. Amidst a strained global economy, many under-resourced organizations like non-profits, local governments, and hospitals struggle to keep their heads above water - they simply don't have the funds to invest in cybersecurity. To make matters worse, cybercrim...
Syphilis case increase sparks Colorado public health order. TheHill.com article. Pull quote: People should know that this is a treatable disease for adults. A course of penicillin generally does the trick. Some adults have very mild symptoms, theres a lack of diagnosis, others who were symptomatic and treated with penicillin, Polis said. But the re...
Prompt engineering tools are software platforms that help business owners, content creators and prompt engineers craft effective prompts that maximize output from their large language models (LLMs) and generative AI tools. In other words, the best prompt engineering tools provide you with the instructions and support for getting your AI tools to cr...
I have seen it time and again where security clearance applicants who are denied eligibility based onfinancial issuesclaim the reason for the delinquent debts is because the spouse was in charge of the finances, and they thought all the bills and taxes were being taken care of. A recent Defense
Last month, Sen Padilla (D,CA) introduced S 3943, the Accelerating Networking, Cyberinfrastructure, and Hardware for Oceanic Research (ANCHOR) Act. The bill would require the National Science Foundation (NSF) to submit a plan to improve the cybersecurity and telecommunications of the Academic Research Fleet. No new funding is authorized by the legi...
Dragonfly: NASA Just Confirmed The Most Exciting Space Mission Of Your Lifetime. Forbes.com article. Pull quote: Titan is the only other world in the solar system other than Earth that has weather and liquid on its surface. It has an atmosphere, rain, lakes, oceans, shorelines, valleys, mountain ridges, mesas and dunesand possibly the building bloc...
On Friday, the Senate began debate on the consideration of HR 3935, the Securing Growth and Robust Leadership in American Aviation Act. That debate continued on Saturday. Debate will resume on Tuesday. No amendments have been submitted. No real action will occur until the Senate comes back from their upcoming recess on April 29th.
The experience of seeing a doctor has transformed dramatically, thanks in part to the emergence of telemedicine. This digital evolution promises convenience and accessibility but brings with it a host of cybersecurity risks that were unimaginable up until a few years ago. The unique cybersecurity challenges facing telemedicine today underscore the ...
As businesses transition to hybrid and multi-cloud setups, vulnerabilities arising from misconfigurations and security gaps are escalating, attracting attention from bad actors. In response, the US National Security Agency (NSA) issued a set of ten recommended mitigation strategies, published earlier this year (with support from the US Cybersecurit...
Recently, CISA added a new infographic to their stable of publications supporting the two agency chemical security programs, the currently inactive Chemical Facility Anti-Terrorism Standards (CFATS) program and the voluntary ChemLock program. The new SECURE CHEMICALS: POTENTIAL THREATS page shows a brief overview of the potential threats to chemica...
NOTE: See here for series background. Moosic, PA 4-15-24 Local news reports: Here, here, and here. Ammonia storage tank leak at food processing facility. 14 transported to hospital for ammonia exposure. Possible CSB reportable if any of the patients were admitted to the hospital. Naperville, IL 4-15-24 Local news reports: Here, here, and he...
This week, the Government Accountability Office (GAO) published a report on Cybersecurity - Implementation of Executive Order Requirements Is Essential to Address Key Actions. The report looks at the implementation of EO 14028 in CISA, NIST, and OMB. The table below shows the GAOs assessment of EO 14028 leadership and oversight requirements (see A...
This week, the Congressional Research Service (CRS) published a report on The Congressional Review Act: Defining a Rule and Overturning a Rule an Agency Did Not Submit to Congress. The 118th Congress has been fairly active in submitting and passing bills to overturn agency actions. This report outlines the processes under the Congressional Review A...
Reporting Background See this post for explanation, with an update here (removed from paywall). Data from PHMSAs online database of transportation related chemical incidents that have been reported to the agency. Incidents Summary Number of incidents 470 (460 highway, 9 air, 1 rail) Serious incidents 4 (3 Bulk release, 0 injuries, 0 deaths...
This week we have nine vendor disclosures from Hitachi, HPE (4), Peplink, Philips, and Rockwell (2). There are also five vendor updates from B&R (2), Contec, HPE, and Palo Alto Networks. We also have eleven researcher reports about vulnerabilities in products from Elber (10) and Silicon Labs. Finally, we have two exploits for products from Palo...
The Trump Jury Has a Doxing Problem. Wired.com article. To be fair, should read Potential Doxing Problem. Pull quote: Armed with basic personal details about jurors and certain tools and databases, an OSINT researcher could potentially uncover a significant amount of personal information by cross-referencing all this together, Diachenko says. That...
Today, ten days after the publication of their monthly tranche of security advisories and updates, Siemens published a control system security advisory that discusses a command injection vulnerability in their RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW. This is a third-party (Palo Alto Networks) vulnerability that is ...
Retrieval-augmented generation, or RAG, is a technique for enhancing the output of large language models by incorporating information from external knowledge bases or sources. By retrieving relevant data or documents before generating a response, RAG improves the generated text's accuracy, reliability, and informativeness. This approach helps groun...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule for the DOE on U.S. Department of Energy Interpretation of Foreign Entity of Concern. The rule was submitted to OIRA on March 21st, 2024. This rulemaking was not listed in the Fall 2023 Unified Agenda. This rulemaking will probably b...
Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule for the EPA on Methylene Chloride (MC); Regulation Under the Toxic Substances Control Act (TSCA). The final rule was submitted to OIRA on January 24th, 2024. The notice of proposed rulemaking was published on May 3rd, 2023. According...
Yesterday, with both the House and Senate in session, there were 76 bills introduced. One of those bills will receive additional attention in this blog: HR 8070 To authorize appropriations for fiscal year 2025 for military activities of the Department of Defense, for military construction, and for defense activities of the Department of Energy, to...
The race to produce rare earth elements. TechnologyReview.com article. Pull quote: That technology extracts rare earth elements from coal ash, leaving behind a solution rich in those elements and a residual solid containing iron and other metals. Through sequential steps of heating and cooling, rare earths are transferred into an ionic liquida salt...
A deepfake is a type of synthetic media where the likeness of someone in an existing image or video is replaced with someone elses likeness using artificial intelligence. This technology utilizes sophisticated AI algorithms to create or manipulate audio and video content with a high degree of realism. Deepfake technology represents one of the most ...
Today, CISAs NCCIC-ICS published a control systems security advisory for products from Unitronics. They also updated two advisories for products from Mitsubishi. Advisories Unitronics Advisory - This advisory describes a storing passwords in a recoverable format vulnerability in the Unitronics Vision Standard PLCs. Updates Mitsubishi Update #1 ...
Posted Kaleigh Rosenblat, Chrome Enterprise Senior Staff Software Engineer, Security Lead Generative AI has emerged as a powerful and popular tool to automate content creation and simple tasks. From customized content creation to source code generation, it can increase both our productivity and creative potential. Businesses want to leverage t...
Police have successfully infiltrated and disrupted the fraud platform "LabHost", used by more than 2,000 criminals to defraud victims worldwide. A major international operation, led by the UK's Metropolitan Police, has seized control of LabHost, which has been helping cybercriminals create phishing websites since 2021 to steal sensitive information...
Launch of a Reentry Vehicle as a Payload That Requires a Reentry Authorization To Return to Earth. Federal Register FAA notice. Summary: This action provides notice that in general, the FAA will not authorize launch of a reentry vehicle as a payload that will require a reentry authorization to return to Earth unless the reentry vehicle operator has...
Im always surprised and a little disappointed at how far we have to go before supply chain cybersecurity gets the respect and attention it deserves. I sat down this week with a new client who wanted some help addressing several internal issues surrounding their IT systems. When I asked them about their relationship with the supplier essentially,...
Its an efficient machine to destroy nuclear waste: nuclear future powered by thorium beckons. ChemistryWorld.com article. Pull quote: The companys concept combines a particle accelerator called a cyclotron with a subcritical lead-cooled reactor. Its built with about 3% missing neutrons which is a very important safety feature for us if you pull th...
Empower your AI with optimization. Discover 6 strategies to enhance efficiency through AI model optimization. The post AI Model Optimization: 6 Key Techniques appeared first on eWEEK.
Last month, Sen Wicker (R,MS) introduced S 3959, the Transportation Security Screening Modernization Act. The bill would require the TSA to take actions (potentially including issuing an interim final rule) to streamline the procedures for individuals applying for or renewing enrollment in more than one TSA security threat assessment program, in pa...
Cybersecurity has always been a complex field. Its adversarial nature means the margins between failure and success are much finer than in other sectors. As technology evolves, those margins get even finer, with attackers and defenders scrambling to exploit them and gain a competitive edge. This is especially true for AI. In February, the World Eco...
Crickets from Chirp Systems in Smart Lock Key Leak. KrebsOnSecurity.com article. Pull quote: Its just a matter of them being motivated to do it [fix the vulnerability], he said. But theyre part of a private equity company now, so theyre not answerable to anybody. Its too bad, because its not like residents of [the affected] properties have another ...
Generative AI startups have emerged as the newest and most formidable players in the tech world, using natural language processing, machine learning, and other forms of artificial intelligence to generate new, original content for a variety of business use cases. Larger tech companies like Google, Microsoft, and AWS are working hard to build their ...
Cisco looks to leverage Splunk to be a world-class data company The post Cisco's Splunk Acquisition: A Data-First AI Company Transformation appeared first on eWEEK.
CISAs NCCIC-ICS published four control system security advisories for products from RoboDK, Rockwell Automation, Electrolink, and Measuresoft. Advisories RoboDK Advisory - This advisory describes a heap-based buffer overflow vulnerability in the RoboDK RoboDK robotics development software. Rockwell Advisory - This advisory describes an improper ...
Looking to take your business to a new level through large language models (LLMs)? Check out our complete list of the best LLMs. The post 6 Best Large Language Models (LLMs) in 2024 appeared first on eWEEK.
This week, with both the House and Seante in session, there is a moderately busy hearing schedule. This includes a number of budget hearings as a part of the start of the certainly to be contentious FY 2025 spending process. There is one cybersecurity hearing looking at medical cybersecurity issues. Budget Hearings Budget Hearings ...
Earlier this month, CISA published the official version of their Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) (Division Y, PL 117-103) notice of proposed rulemaking (NPRM). This is part of a continuing series of posts looking at the proposed rulemaking. In this post I will be looking at how CISA is proposing to deal with the pr...
Security configurations are an often ignored but essential factor in any organizations security posture: any tool, program, or solution can be vulnerable to cyberattacks or other security incidents if the settings are not configured correctly. Staying on top of all of these security configurations can be a daunting responsibility for security or IT...
Generative AI has exploded in popularity across many industries. While this technology has many benefits, it also raises some unique cybersecurity concerns. Securing AI must be a top priority for organizations as they rush to implement these tools. The use of generative AI in manufacturing poses particular challenges. Over one-third of manufacturer...
Thermoset plastic made from wood waste catalyzes its own degradation. CEN.ACS.org article. Pull quote: lenty of researchers have tried making degradable thermoset plastics by incorporating functional groups whose bonds can be severed by a catalyst or other external trigger. Barta and coworkers designed their new biobased epoxy-amine polymer similar...
Employees who have a history of quitting or walking off the job without notice may find obtaining security clearance eligibility a challenge. Why? Because it shows the employee is unreliable, has poor judgment, and is not trustworthy, all elements in the adjudicative guidelines under personal conduct. A recent Department of Energy
Last Friday, during the consideration of HR 7888, the Reforming Intelligence and Securing America Act, the House took up Amendment #1 offered under H Rept 118-456 (pg 5). That amendment would have provided for a warrant requirement for reviewing/using information on US persons obtained under 702 of the Foreign Intelligence Surveillance Act. One of ...
The number of endpoints in an organization often exceeds the number of employees. Managing these often disparate entities is more than a full-time job. Moreover, keeping them secure is equally difficult, yet securing all of your endpoints against cyber threats has become paramount for organizations worldwide. A common oversight that undermines thes...
In the first quarter of every year, organizations around the world release reports summing up data breach trends from the previous twelve months. And every year, these reports say broadly the same thing: data breach numbers have gone up again. This year is no different. Or is it? Compromises Up, Victims Down However, the Identity Theft Resource Cen...
For part two we have three additional vendor disclosures from B&R, Schneider and Welotec. We also have 13 vendor updates from HP (2) and Siemens (11). Finally, there are four researcher reports for vulnerabilities in products from TP-Link. Advisories B&R Advisory - B&R published an advisory that discusses four vulnerabilities (one wit...
I do not normally cover State level legislative efforts, as each State legislature has their own peculiar ways of dealing with legislation, but today I was pointed at an article on NebraskaExaminer.com that includes a discussion about an unusual legislative effort to deal with the fallout from Senate inaction on HR 4470, the CFATS reauthorization b...
- Welcome!
- SecurityCentric aggregates blogs for the Security industry.
- Custom Feeds
- Add any RSS feed to the information you read daily.
- Blocked Feeds
- Block feeds to remove blogs you’re not interested in.
- Account Settings
- Customize the site by adding or removing feeds.
Don’t have an account yet?
- Customize your settings
- Edit how your blog displays
- Add or remove blogs you read. Sign Up.
About Us
SecurityCentric is your source for all your Security news.
Have a Suggestion for Us?
|
Know of a Security blog that we're missing? Let us know!
|
Share SecurityCentric.com
| 
