Patrick C Miller
@patrickcmiller.bsky.social
Critical Infrastructure & Industrial Security Advisor. Ampyx Cyber CEO. Public speaker. Airport dweller. Recovering regulator. BEERISAC member. CCI US Coordinator. Former SANS Instructor.
#ICS #OT #NERCCIP #NIST #IEC62443 #NIS2 #CRA #SlavaUkraini
#ICS #OT #NERCCIP #NIST #IEC62443 #NIS2 #CRA #SlavaUkraini
Pinned
"The more advanced the automated system, the more crucial the contribution of the human operator..." The Automation Paradox
UK asks cyberspies to probe whether Chinese buses can be switched off remotely www.theregister.com/2025/11/11/u...
UK.gov probes security risks of Chinese electric buses
: Norwegian testers claim maker has remote access, while UK importer says supplier complies with the law
www.theregister.com
November 11, 2025 at 3:12 PM
UK asks cyberspies to probe whether Chinese buses can be switched off remotely www.theregister.com/2025/11/11/u...
European Countries Probing ‘Security Loophole’ in China-Made Electric Buses gizmodo.com/european-cou...
European Countries Probing 'Security Loophole' in China-Made Electric Buses
Norway, Denmark, and the UK are investigating buses from China’s Yutong over fears they could be disabled remotely.
gizmodo.com
November 11, 2025 at 2:42 PM
European Countries Probing ‘Security Loophole’ in China-Made Electric Buses gizmodo.com/european-cou...
Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site www.securityweek.com/nearly-30-al...
Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site
The Cl0p website lists major organizations such as Logitech, The Washington Post, Cox Enterprises, Pan American Silver, LKQ Corporation, and Copeland.
www.securityweek.com
November 11, 2025 at 2:12 PM
Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site www.securityweek.com/nearly-30-al...
Two New Web Application Risk Categories Added to OWASP Top 10 www.securityweek.com/two-new-web-...
Two New Web Application Risk Categories Added to OWASP Top 10
OWASP has added two new categories to the revised version of its Top 10 list of the most critical risks to web applications.
www.securityweek.com
November 11, 2025 at 1:42 PM
Two New Web Application Risk Categories Added to OWASP Top 10 www.securityweek.com/two-new-web-...
ISA position paper explores industrial AI in automation, covering opportunities, risks, cybersecurity considerations - Industrial Cyber industrialcyber.co/ai/isa-posit...
ISA position paper explores industrial AI in automation, covering opportunities, risks, cybersecurity considerations - Industrial Cyber
New ISA position paper explores industrial AI in automation, covering opportunities, risks, and cybersecurity considerations.
industrialcyber.co
November 11, 2025 at 1:12 PM
ISA position paper explores industrial AI in automation, covering opportunities, risks, cybersecurity considerations - Industrial Cyber industrialcyber.co/ai/isa-posit...
APT37 hackers abuse Google Find Hub in Android data-wiping attacks www.bleepingcomputer.com/news/securit...
APT37 hackers abuse Google Find Hub in Android data-wiping attacks
North Korean hackers from the KONNI activity cluster are abusing Google's Find Hub tool to track their targets' GPS positions and trigger remote factory resets of Android devices.
www.bleepingcomputer.com
November 11, 2025 at 12:42 PM
APT37 hackers abuse Google Find Hub in Android data-wiping attacks www.bleepingcomputer.com/news/securit...
Enforcement begins for New York’s algorithmic pricing law therecord.media/enforcement-...
Enforcement begins for New York’s algorithmic pricing law
California’s legislature also has enacted an algorithmic pricing law, but it has not yet taken effect, making New York the first state in the country to regulate the practice.
therecord.media
November 11, 2025 at 12:12 PM
Enforcement begins for New York’s algorithmic pricing law therecord.media/enforcement-...
Cisco detects new attack variant targeting vulnerable firewalls www.cybersecuritydive.com/news/cisco-f...
Cisco detects new attack variant targeting vulnerable firewalls
Hackers may be able to overload unpatched devices, the company said.
www.cybersecuritydive.com
November 11, 2025 at 11:42 AM
Cisco detects new attack variant targeting vulnerable firewalls www.cybersecuritydive.com/news/cisco-f...
Reposted by Patrick C Miller
Same as last night… Tonight’s BEER-ISAC meeting for #ISCCPH in Copenhagen is at Not Your Usual Wine Bar (maps.app.goo.gl/Vtj3U78pHo9P...) starting at 20:00 or whenever you want to get there. No coin or alcohol required. Just bring your awesome self.
maps.app.goo.gl
November 11, 2025 at 11:40 AM
Same as last night… Tonight’s BEER-ISAC meeting for #ISCCPH in Copenhagen is at Not Your Usual Wine Bar (maps.app.goo.gl/Vtj3U78pHo9P...) starting at 20:00 or whenever you want to get there. No coin or alcohol required. Just bring your awesome self.
As AI enables bad actors, how are 3,000+ teams responding? www.theregister.com/2025/11/10/a...
As AI enables bad actors, how are 3,000+ teams responding?
Partner Content: Breaking down trends in exposure management with insights from 3,000+ organizations and Intruder's security experts
www.theregister.com
November 11, 2025 at 11:12 AM
As AI enables bad actors, how are 3,000+ teams responding? www.theregister.com/2025/11/10/a...
OSCE Technical Guide urges unified physical and cyber defenses for critical infrastructure security - Industrial Cyber industrialcyber.co/threats-atta...
OSCE Technical Guide urges unified physical and cyber defenses for critical infrastructure security - Industrial Cyber
Governments, operators urged to align physical, cyber defenses in OSCE Technical Guide on critical infrastructure security
industrialcyber.co
November 11, 2025 at 10:42 AM
OSCE Technical Guide urges unified physical and cyber defenses for critical infrastructure security - Industrial Cyber industrialcyber.co/threats-atta...
Russian missile barrage disrupts internet, customs databases in Ukraine therecord.media/russian-miss...
Russian missile barrage disrupts internet, customs databases in Ukraine
Emergency blackouts lasting up to 12 hours were introduced following the attack, with Kyiv and other regions facing widespread internet and communication outages, according to internet watchdog…
therecord.media
November 11, 2025 at 10:12 AM
Russian missile barrage disrupts internet, customs databases in Ukraine therecord.media/russian-miss...
Short-term renewal of cyber information sharing law appears in bill to end shutdown therecord.media/cisa-2015-in...
Short-term renewal of cyber information sharing law appears in bill to end shutdown
An expired 2015 law that gives companies liability protection when they share cyberthreat information with the federal government would be renewed through January 30 under Senate legislation to end…
therecord.media
November 11, 2025 at 9:42 AM
Short-term renewal of cyber information sharing law appears in bill to end shutdown therecord.media/cisa-2015-in...
Runc Vulnerabilities Can Be Exploited to Escape Containers www.securityweek.com/runc-vulnera...
Runc Vulnerabilities Can Be Exploited to Escape Containers
The flaws tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 have been patched.
www.securityweek.com
November 11, 2025 at 9:12 AM
Runc Vulnerabilities Can Be Exploited to Escape Containers www.securityweek.com/runc-vulnera...
OSCE Technical Guide urges unified physical and cyber defenses for critical infrastructure security industrialcyber.co/threats-atta...
OSCE Technical Guide urges unified physical and cyber defenses for critical infrastructure security - Industrial Cyber
Governments, operators urged to align physical, cyber defenses in OSCE Technical Guide on critical infrastructure security
industrialcyber.co
November 10, 2025 at 9:42 PM
OSCE Technical Guide urges unified physical and cyber defenses for critical infrastructure security industrialcyber.co/threats-atta...
AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack securityaffairs.com/184372/hacki...
AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack
Microsoft uncovered Whisper Leak side-channel attack that lets network snoopers infer AI chat topics despite encryption, risking user privacy.
securityaffairs.com
November 10, 2025 at 9:12 PM
AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack securityaffairs.com/184372/hacki...
CISOs must prove the business value of cyber — the right metrics can help www.csoonline.com/article/4083...
CISOs must prove the business value of cyber — the right metrics can help
CISOs still struggle to prove the value of their security programs using metrics that their business leaders so desperately seek.
www.csoonline.com
November 10, 2025 at 8:42 PM
CISOs must prove the business value of cyber — the right metrics can help www.csoonline.com/article/4083...
Dangerous runC flaws could allow hackers to escape Docker containers www.bleepingcomputer.com/news/securit...
Dangerous runC flaws could allow hackers to escape Docker containers
Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to bypass isolation restrictions and get access to the host system.
www.bleepingcomputer.com
November 10, 2025 at 8:12 PM
Dangerous runC flaws could allow hackers to escape Docker containers www.bleepingcomputer.com/news/securit...
Cisco creating new security model using 30 years of data www.theregister.com/2025/11/10/c...
Cisco creating new security model using 30 years of data
Exclusive: Doubles parameters to over 17 billion, to detect threats and recommend actions
www.theregister.com
November 10, 2025 at 7:42 PM
Cisco creating new security model using 30 years of data www.theregister.com/2025/11/10/c...
A Fundamental ‘Constant’ of the Universe May Not Be Constant At All, Study Finds www.404media.co/a-fundamenta...
A Fundamental ‘Constant’ of the Universe May Not Be Constant At All, Study Finds
New research “suggests that dark energy may no longer be a cosmological constant” and that the universe’s expansion is slowing down.
www.404media.co
November 10, 2025 at 7:12 PM
A Fundamental ‘Constant’ of the Universe May Not Be Constant At All, Study Finds www.404media.co/a-fundamenta...
NASA wants you to help kick some tires — on the moon www.nextgov.com/emerging-tec...
NASA wants you to help kick some tires — on the moon
The Rock and Roll with NASA Challenge offers $155,000 in prizes for top designs that can handle the punishing surface of the moon.
www.nextgov.com
November 10, 2025 at 6:42 PM
NASA wants you to help kick some tires — on the moon www.nextgov.com/emerging-tec...
Ed tech company fined $5.1 million for poor data security practices leading to hack therecord.media/ed-tech-comp...
Ed tech company fined $5.1 million for poor data security practices leading to hack
The ed tech firm also allegedly failed to monitor its systems for suspicious activity and did not separately secure backup and active databases.
therecord.media
November 10, 2025 at 6:12 PM
Ed tech company fined $5.1 million for poor data security practices leading to hack therecord.media/ed-tech-comp...
Faking Receipts with AI - Schneier on Security www.schneier.com/blog/archive...
Faking Receipts with AI - Schneier on Security
Over the past few decades, it’s become easier and easier to create fake receipts. Decades ago, it required special paper and printers—I remember a company in the UK advertising its services to people…
www.schneier.com
November 10, 2025 at 5:42 PM
Faking Receipts with AI - Schneier on Security www.schneier.com/blog/archive...
Sora 2 Makes Videos So Believable, Reality Checks Are Required www.darkreading.com/application-...
Sora 2 Creates Believable Videos,Reality Checks Needed
Threat actors will keep abusing deepfakes for fraud. Organizations must implement strong security protocols, despite added user friction.
www.darkreading.com
November 10, 2025 at 5:12 PM
Sora 2 Makes Videos So Believable, Reality Checks Are Required www.darkreading.com/application-...
Scientists Need a Positive Vision for AI www.schneier.com/blog/archive...
Scientists Need a Positive Vision for AI - Schneier on Security
For many in the research community, it’s gotten harder to be optimistic about the impacts of artificial intelligence. As authoritarianism is rising around the world, AI-generated “slop” is…
www.schneier.com
November 10, 2025 at 4:42 PM
Scientists Need a Positive Vision for AI www.schneier.com/blog/archive...