SecurityCentric is your source for Blog Aggregation in the Security industry

Review - EPA Publishes Worst Case Discharge Final Rule

 Mark As Read    

Today the EPA published a final rule in the Federal Register (89 FR 21924-21967) on Clean Water Act Hazardous Substance Facility Response Plans. The final rule was approved by OMBs Office of Information and Regulatory Affairs (OIRA) on February 21st, 2024. The notice of proposed rulemaking was published on March 28th, 2022 (with additional coverage...

Chemical Facility Security News 2 hours, 49 min ago

Review - HR 7447 Introduced Election System Pentests

 Mark As Read    

Last month, Rep Spanberger (D,VA) introduced HR 7447, the Strengthening Election Cybersecurity to Uphold Respect for Elections through Independent Testing (SECURE IT) Act. The bill would amend the Help America Vote Act of 2002, by adding to the existing election system certification system a requirement to conduct 3rd party penetration testing of s...

The Cyber Sleuth's Handbook: Digital Forensics and Incident Response (DFIR) Essentials

 Mark As Read    

In the intricate landscape of cybersecurity, Digital Forensics and Incident Response (DFIR) stand as the sentinels guarding against the onslaught of digital threats. It involves a multifaceted approach to identifying, mitigating, and recovering from cybersecurity incidents . In the physical world, the aftermath of a crime scene always yields vital ...

Bake-off: Ensuring Security in the Cyber Kitchen

 Mark As Read    

Ill start this one with an apology Ive been watching a lot of the TV show The Bear (which Id highly recommend!) and thus been thinking a lot about kitchen processes and the challenges of making everything come together nicely (both in life and in a recipe). If you are unfamiliar with the show, it is a comedy-drama about a chef who manages his dece...

Short Takes 3-26-24

 Mark As Read    

NY Republican says House could end up having a Speaker Hakeem Jeffries as GOP majority narrows. TheHill.com article. Pull quote: Former Rep. Brian Higgins (D-N.Y.) seat is also vacant and will be filled by a special election on April 30. With that seat likely going to a Democrat, the GOP could be left with just a two-seat margin during the month of...

Review - EPA Publishes TSCA Health Data Request NPRM 3-26-24

 Mark As Read    

Today, the Environmental Protection Agency (EPA) published a notice of proposed rulemaking in the Federal Register (89 FR 20918-20924) on Certain Existing Chemicals; Request To Submit Unpublished Health and Safety Data Under the Toxic Substances Control Act (TSCA). The NPRM would amend 40 CFR 716.21(a), by adding a new paragraph (11) containing 16 ...

10 Best AI Collaboration Tools 2024

 Mark As Read    

AI collaboration tools revolutionize how teams can boost productivity, improve efficiency, and streamline communication. Check out our best picks. The post 10 Best AI Collaboration Tools 2024 appeared first on eWEEK.

Review 4 Advisories Published 3-26-24

 Mark As Read    

Today, CISAs NCCIC-ICS published four control system security advisories for products from Rockwell Automation (3) and AutomationDirect. Advisories Rockwell Advisory #1 - This advisory describes a cross-site scripting vulnerability in the Rockwell FactoryTalk View ME HMI software application. Rockwell Advisory #2 - This advisory describes six vu...

Perplexity AI vs. ChatGPT: AI App Comparison 2024

 Mark As Read    

Read about the ultimate face-off between Perplexity AI and ChatGPT. Explore their features, capabilities, and find out which AI reigns supreme. The post Perplexity AI vs. ChatGPT: AI App Comparison 2024 appeared first on eWEEK.

Review - Siemens Publishes Out-of-Band Advisory 3-26-24

 Mark As Read    

Today, Siemens published an out-of-band advisory for a missing write protection for parametric data values vulnerability in PROFINET products. For more information about this newly reported vulnerability, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/siemens-publishes-out-of-band-advi sory - subscription required.

Azure Synapse vs. Databricks: Data Platform Comparison 2024

 Mark As Read    

Compare Azure Synapse and Databricks for your data needs. Explore features, performance, and use cases to make an informed decision. The post Azure Synapse vs. Databricks: Data Platform Comparison 2024 appeared first on eWEEK.

AI Platforms Name Cybersecurity Threats and Advice for 2024

 Mark As Read    

With $109.5 billion of growth expected between now and 2030, the global AI cybersecurity market is booming and it's not hard to see why. According to a recent survey of security professionals, three-quarters ( 75% ) have observed an increase in cyberattacks. Of these, the research found that an even greater proportion (an overwhelming 85%) blamed ...

Browser Security in 2024: Technologies and Trends

 Mark As Read    

What Is Browser Security? Browser security is a set of measures and processes intended to protect users and their data when using web browsers. This includes mechanisms to prevent unauthorized access, safeguard against malicious software and other browser security threats , and ways to protect the privacy of online activities. Essential components ...

Short Takes 3-25-24

 Mark As Read    

Water Utility Cybersecurity, EPA & CISA, and You. SCADAMag.Infracritical.com article. Another important piece of cybersecurity commentary by Jake Brodsky. Pull quote: In addition, most small water utilities are well-water, not surface water. Well water quality is very consistent and does not usually change much. Surface water utilities, such as...

Review - PHMSA Publishes 60-day ICR Notice for Revisions to Gas Pipeline Reporting

 Mark As Read    

Today, DOTs Pipeline and Hazardous Materials Safety Administration (PHMSA) published a 60-day ICR revision notice in the Federal Register (89 FR 20751-20755) for Mitigation of Ruptures on Onshore Gas Transmission and Gathering, Hazardous Liquid, and Carbon Dioxide Pipeline Segments Using Rupture-Mitigation Valves or Alternative Equivalent Technolog...

Notorious Nemesis Market Seized by German Police

 Mark As Read    

Nemesis Market, a notorious corner of the darknet beloved by cybercriminals and drug dealers, has been suddenly shut down after German police seized control of its systems. Germany's Federal Criminal Police (known as the BKA) has announced that it has seized the infrastructure of Nemesis and taken down its website. At the same time, cryptocurrency ...

Bill Introduced to Get More Transparency in State Departments Clearance Process

 Mark As Read    

The Department of States (DoS)Bureau of Diplomatic Security(DS) was accused of discriminatory and biased practices when it came to granting security clearances due to its assignment restrictions policies. Last year, the DoS ended their restrictions policy that had allowed the DS to deny applicants a security clearance for foreign service

Managed Cybersecurity Services Secure Modern Environments

 Mark As Read    

In an era characterized by relentless digital transformation and interconnectedness, cybersecurity has evolved into a complex and dynamic battleground. Businesses, governments, and individuals find themselves locked in a perpetual struggle against a relentless flood of evolving threats. From sophisticated cybercriminal syndicates to state-sponsored...

The Looming Cyber Threat in Real Estate

 Mark As Read    

In our interconnected world, the real estate industry has embraced technology to revolutionize its operations, enhance customer experiences, and streamline business processes. Yet, while this technological evolution has brought immense benefits to the property sector, it has also attracted the attention of nefarious actors keen on exploiting vulner...

Chemical Incident Reporting Week of 3-16-24

 Mark As Read    

NOTE: See here for series background. DEFIANCE, Ohio 3-20-24 Local news reports Here, here, here, and here. Explosion and fire at methanol refinery. One person taken to hospital, unquantified damages to facility. Possible CSB reportable.

OMB Approves CISAs Cyber Incident Reporting NPRM

 Mark As Read    

Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a notice of proposed rulemaking (NPRM) from the Cybersecurity and Infrastructure Security Agency (CISA) on Cyber Incident Reporting for Critical Infrastructure Act Regulations. The NPRM was submitted to OIRA on January 2nd, 2024. CISA published a...

OMB Approves FRA Train Crew Staffing Final Rule

 Mark As Read    

Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule from the DOTs Federal Railroad Administration (FRA) on Train Crew Staffing. The rule was submitted to OIRA on January 2nd, 2024. The notice of proposed rulemaking was published on July 28th, 2022. According to the Fall 2023 Unified A...

Review - HR 2882 Passed in Senate 2nd FY 2024 Minibus

 Mark As Read    

Yesterday, after the House passed H Res 1102, the Senate took up the new House amendment to HR 2882, Udall Foundation Reauthorization Act of 2023. After considering, and rejecting seven amendments and two motions, the Senate voted 74 to 24 to pass the bill. It subsequently passed H Con Res 100 to change the title of the bill, with the short title b...

Transportation Chemical Incidents Week of 3-13-24

 Mark As Read    

Reporting Background See this post for explanation. Data from PHMSAs online database of transportation related chemical incidents that have been reported to the agency. Incidents Summary Number of incidents 110 (101 highway, 9 air, 0 rail) Serious incidents 1 (1 Bulk release, 0 injuries, 0 deaths, 0 major artery closed) Largest container in...

Review Public ICS Disclosures Week of 3-16-24

 Mark As Read    

This week we have eight vendor disclosures from Belden, Bosch, Buffalo Tech, Honeywell, HP, Planet Technology, and Rockwell (2). There are five vendor updates from Eaton, HP (2), Palo Alto Networks, and QNAP. We have two researcher reports for vulnerabilities in products from FortiGuard and Unitronics. Finally, we have four exploits for products fr...

Bills Introduced 3-22-24

 Mark As Read    

Yesterday, with both the House and Senate in session and preparing to leave Washington for their two-week Easter recess, 65 bills were introduced. Three of those bills will receive additional attention in this blog: H Res 1102 Providing for the concurrence by the House in the Senate amendment to H.R. 2882, with an amendment. Granger, Kay [Rep.-R-T...

Short Takes 3-22-24

 Mark As Read    

Exploiting remote access the ultimate living off the land attack. ScadaMag.Infracritical.com blog post. Very concise description of the need for remote access leading to living-off-the-land attacks in OT systems. Apple Chip Flaw Lets Hackers Steal Encryption Keys. Zetter-ZeroDay.com article. Pull quote: The site includes an instruction to develop...

House Passes H Res 1102 FY 2024 2nd Minibus

 Mark As Read    

Today the House took up H Res 1102, House Passes H Res 1102 FY 2024 2nd Minibus. The resolution was considered under the suspension of the rules process. After 44 minutes of debate the House voted 286 to 134 to pass the resolution. While an official copy of the language of the resolution is not currently available, the resolution should contain t...

Report: Digital Trust Boosts Productivity and Revenue

 Mark As Read    

A recent survey conducted by DigiCert provides insights into the state of digital trust among global enterprises. Effective digital trust management ensures the security, privacy, and reliability of digital processes, systems, and interactions. Establishing and maintaining digital trust has become a significant differentiator for organizational suc...

OMB Approves BIS Advanced Computing Final Rule

 Mark As Read    

Yesterday the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule from the DOCs Bureau of Industry and Security (BIS) on Implementation of Additional Export Controls: Certain Advanced Computing Items and Semiconductor Manufacturing Items; Supercomputer and Semiconductor End Use; Updates to the Contro...

DOE Sends Foreign Entity Final Rule to OMB

 Mark As Read    

Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had received a final rule (direct final rule?) from the Department of Energy on U.S. Department of Energy Interpretation of Foreign Entity of Concern. This rulemaking was not listed in the Fall 2023 Unified Agenda.

Bills Introduced 3-21-24

 Mark As Read    

Yesterday, with both the House and Senate in session, there were 82 bills introduced. Three of those bills may receive additional attention in this blog: HR 7781 To require a report on the economic and national security risks posed by the use of artificial intelligence in the commission of financial crimes, including fraud and the dissemination of...

Short Takes 3-21-24

 Mark As Read    

National Guard ready to assist states with cyber response, say officials. StateScoop.com article. If this story were about a private cybersecurity company I would label it an advertorial. Pull quote: We want them to make a lot of money in the cyber field Monday through Friday and then I tell them they can come work for us on the weekend, Jarrard sa...

OpenAI vs. Vertex AI: Head-To-Head Comparison 2024

 Mark As Read    

Wondering how OpenAI compares to Vertex AI in 2024? Dive into our head-to-head analysis for insights. The post OpenAI vs. Vertex AI: Head-To-Head Comparison 2024 appeared first on eWEEK.

Review 1 Advisory Published 3-21-24

 Mark As Read    

Today, CISAs NCCIC-ICS published a control system security advisory for products from Advantech. Advisories Advantech Advisory - This advisory describes an SQL injection vulnerability in the Advantech WebAccess/SCADA. For more details about this advisory, including a down-the-rabbit-hole search for the researcher that discovered the vulnerabi...

ChatGPT 4 vs. 3.5: AI App Comparison

 Mark As Read    

Regardless of which version of ChatGPT users select, theyll benefit from a powerful and scalable generative AI model that can produce accurate, human-like content on a consistent basis and for a variety of use cases. However, there are some distinct differences between ChatGPT 4 (powered by GPT-4) and 3.5 (powered by GPT-3.5). Yet depending on [...

OMB Approves OSHA Walk Around Final Rule

 Mark As Read    

Yesterday the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved a final rule from the DOLs Occupational Safety and Health Administration (OSHA) on Worker Walkaround Representative Designation Process. The rule was submitted to OIRA on February 9th, 2024, a fairly rapid turnaround for OIRA. The notice of propose...

2nd FY 2024 Spending Minibus Published 3-20-24

 Mark As Read    

Late last night the House Appropriations Committee published the 2nd FY 2024 spending minibus. As with the earlier spending bill, this takes the form of a House Resolution (not yet numbered as it will be introduced today) providing a House amendment to the Senate amendment to a previously passed House bill (HR 2882, the Udall Foundation Reauthoriza...

AI Transparency: Why Explainable AI Is Essential for Modern Cybersecurity

 Mark As Read    

Modern cybersecurity has reached an exceptional level, particularly with the integration of AI technology . The complexity of cyberattacks and their methodologies has also increased significantly, even surpassing human comprehension . This poses a considerable challenge for cybersecurity professionals who struggle to keep pace with the scale and co...

Short Takes 3-20-24

 Mark As Read    

Pentagon Received Over 50,000 Vulnerability Reports Since 2016. SecurityWeek.com article. Pull quote: The success of the DC3 VDP is a powerful example of how a strong relationship with the global ethical hacker community translates to the consistent strengthening of cyber defenses. As proud partners, we look forward to continued collaboration as et...

Review - HR 7589 Introduced ROUTERS Act

 Mark As Read    

Earlier this month, Rep Latta (R,OH) introduced HR 7589, the Removing Our Unsecure Technologies to Ensure Reliability and Security (ROUTERS) Act. The bill would require the Department of Commerce to conduct a study on the national security risks of routers and modems manufactured in China. No new funding is authorized by the legislation. Moving Fo...

Top 8 Free AI Tools in 2024

 Mark As Read    

Free AI tools add value to almost any business. Compare the best free AI tools to discover how you can achieve maximum efficiency today. The post Top 8 Free AI Tools in 2024 appeared first on eWEEK.

Fraudsters Are Posing As The FTC To Scam Consumers

 Mark As Read    

The United States Federal Trade Commission (FTC) has warned the public to be cautious if contacted by people claiming to be... FTC staff. In a warning published on its website , the FTC said that scammers were using its employees' real names to steal money from consumers. A typical ruse will see the bogus FTC staffer advising someone to wire or tra...

HR 3404 Sponsor Added Gas Cylinder Safety

 Mark As Read    

Yesterday, Rep Orden (R,OH) was added as a cosponsor to HR 3404 [removed from paywall], the Compressed Gas Cylinder Safety and Oversight Improvements Act of 2023. Orden is a member of the House Transportation and Infrastructure Committee, to which this was assigned for consideration, the first sponsor that is a member. This means that there may now...

What Is Log Management and Why you Need it

 Mark As Read    

Thanks to the burgeoning supply chain, a host of IoT and work-from-home devices, and an expanding cloud presence, organizations are constantly ingesting new hardware into their IT environments. With each new line of code comes a fresh chance for a hidden vulnerability. With each unfound weakness, attackers gain one more opportunity to gain a footho...

Short Takes 3-19-24

 Mark As Read    

Drones and the US Air Force. Schneier.com blog post. Pull quote: He estimated that a single Chinese Sunflower suicide drone costs about $30,000so you could purchase 16,000 Sunflowers for the cost of one F-35A. And since the full mission capable rate of the F-35A has hovered around 50 percent in recent years, you need two to ensure that all missions...

Committee Hearings Week of 3-17-24

 Mark As Read    

This week, with the House and Senate both in session, there is a relatively heavy hearing schedule. Budget hearings are starting the FY 2025 spending cycle. And there are a lot of markup hearings with three of particular interest here. There will also be an oversight hearing on the DHS cWMD office. Budget Hearings: The FY 2025 spending process st...

Short Takes 3-19-24 Space Geek Edition -

 Mark As Read    

The US government seems serious about developing a lunar economy. ArsTechnica.com article. Pull quote: However, it seems clear that DARPA, which has an annual budget of $4 billion, is seriously interested in lunar commercial activity. The areas of interest cited above are all important precursors for a sustained presence on the Moon. So if US compa...

Review 1 Advisory Published 3-19-24

 Mark As Read    

Today, CISAs NCCIC-ICS published a control system security advisory for products from Franklin Fueling Systems. Advisories Franklin Advisory - This advisory describes a path traversal vulnerability in the Franklin EVO 550 and EVO 5000 automatic tank gauges (ATG). For more details about todays disclosure, including a look at a history of Frank...

Review - CSB Updates Six Accident Recommendations Status 3-14-24

 Mark As Read    

Yesterday, the Chemical Safety Board (CSB) updated their Recent Recommendation Status Updates web page to reflect changes to six recommendations. Three recommendations were changed to Closed Acceptable Response and three were changed to Open - Acceptable Response. The actual status changes were made on March 14th, 2024. For more information on...

Security
Welcome!
SecurityCentric aggregates blogs for the Security industry.
Custom Feeds
Add any RSS feed to the information you read daily.
Blocked Feeds
Block feeds to remove blogs you’re not interested in.
Account Settings
Customize the site by adding or removing feeds.

About Us

SecurityCentric is your source for all your Security news.

Have a Suggestion for Us?
Know of a Security blog that we're missing? Let us know!

Share SecurityCentric.com