Bazzini Holdings, which employs 250 workers at the Allentown site, manufactures fine chocolates and nut products.

RELATED STORIES
Refinery has Safety History Woes
Trapped Worker Results in Safety Fine
F&B Maker Faces Repeat Safety Violations
Metal Fab Faces Safety Fine

OSHA’s inspection, initiated in November 2011 after the agency learned of the amputation, found three repeat, eight serious and four other-than-serious violations.

The repeat violations involve electrical hazards and uncovered projecting shafts. The same violations the company faced in 2008. A repeat violation exists when an employer previously has had the same or a similar violation of a standard, regulation, rule or order at any other facility in federal enforcement states within the last five years.

The serious violations include additional electrical hazards as well as the company’s failure to use specific procedures for controlling hazardous energy; provide general machine and power transmission guarding; develop and implement a hazard communication program; and implement a hearing conservation program that includes noise engineering controls, noise monitoring, audiometric testing and hearing conservation training. A serious violation occurs when there is substantial probability that death or serious physical harm could result from a hazard about which the employer knew or should have known.

The other-than-serious violations involve missing electrical covers, unsecured machinery and personal protective equipment deficiencies. An other-than-serious violation is one that has a direct relationship to job safety and health, but probably would not cause death or serious physical harm.

“Bazzini Holdings previously was cited for the same hazards and failed to correct them,” said Jean Kulp, director of OSHA’s Allentown Area Office, which conducted the inspection. “Employers are legally responsible for ensuring a safe and healthful workplace, and will be held liable should they fail to do so.”

This spike is coming from spammers needing unsullied email addresses since major spamming botnets shut down, and Internet service providers have become more successful at identifying and blocking email from botnets and other known spam sources, according to a report from security provider IID.

RELATED STORIES
Phishing Ploy Garners Logins
‘Free Storage’ Phishing Emails
Russian Cybercrime Consolidates, Grows
Spammers: It Just Keeps Working

During the first quarter of 2012, spammers increasingly tried to hijack “good” email addresses at large webmail services by impersonating those email service providers and phishing for email account login credentials.

“Control of a legitimate email address is like spam gold for cyber criminals,” said IID President and CTO Rod Rasmussen. “It’s pretty simple why this has become such a valued currency. Filters built to combat botnet spam have a harder time blocking spam coming from legitimate email services and email addresses without a history of abuse.”

Despite the dramatic jump in email service provider phishing, other industries on average witnessed a decrease in phishing attacks. In fact, IID’s report found phishing attacks dropped two percent when comparing statistics from Q1 2011 to Q1 2012.

IID also said 74 of Fortune 500 companies and five of what it considers “major” U.S. federal agencies still had at least one computer or router on their network infected with DNSChanger malware as of the end of March.

The findings come ahead of the July 9 deadline, where the FBI will shut down servers that allowed users whose computers have DNSChanger malware to navigate the Internet.

DNSChanger changes the infected system’s domain name system resolution settings to use formerly rogue servers that redirect legitimate searches and domains to malicious websites. Not only does DNSChanger redirect Internet connections, it also disables anti-virus software, opening individuals and organizations up for more malicious attacks.

It landed on a website that poses as a “Gmail Attachment Viewer,” which tries to make the visitor run the offered application, said F-Secure researchers.

RELATED STORIES
Ransomware Hits U.S., Canada
New Ransomware Gets Tough
New Ransomware Hits Cyber Street
Ransomware Thriving, Taking Control

The pop-up warning from Windows identifies it as a “Microsoft” app but says the app’s digital signature cannot be verified and the app’s publisher is “Unknown”.

If the user does choose to run the app, he gets a Cisco Foundation invitation to attend a conference, while the download and the quiet installation of a malicious binary goes on unnoticed.

The message contains an embedded link that, if clicked, again tries to download the same malware.

The researcher does not mention what type of malware actually goes out to the user, but the infection generates using iJava Drive-by Generator:

“The generator allows the attacker to use random names or specify their own preference for both the Java file and the dropped Windows binary,” the researcher said, and points out that the helpful tool also indicates to the attackers how many infections the delivered malware affected.

Independent researcher Dmitriy Pletnev of Secunia, who found the vulnerabilities, tested the new version and said it resolves the vulnerabilities.

RELATED STORIES
Wonderware SuiteLink Vulnerability
Progea Movicon Vulnerability
Gas Pipelines Under Attack
Using Malware for Recon Work

With publicly available exploit code targeting the vulnerabilities, the flaw is remotely exploitable.

The following versions of Advantech Studio suffer from the issue:
• Advantech ISSymbol ActiveX Control 61.6.0.0, and
• Advantech Studio 6.1 SP6 Build 61.6.01.05.

Successful exploitation of these vulnerabilities could allow an attacker to arbitrarily execute code.

Advantech Studio is a collection of automation tools that includes components required to develop human-machine interfaces (HMIs) and supervisory control and data acquisition (SCADA) system applications that run on various Windows platforms. Advantech Studio is in nearly 2,000 installations worldwide. Advantech Studio works in a variety of applications including remote utility management, building automation, water and wastewater management, and factory automation.

An attacker can exploit boundary errors when processing any of four different properties to cause buffer overflows, which in turn can allow execution of arbitrary code. CVE-2011-0340 is the number assigned to these vulnerabilities.

Advantech recommends users of Advantech Studio Version 6.1 and earlier versions upgrade to the new version, Advantech Studio 7.0. Customers should contact their authorized Advantech distributor or their Advantech account manager to discuss the transition plan to Advantech Studio 7.0.

Advantech further recommends users read the customer notice.

The report, conducted by the University at Buffalo’s new shale gas institute, examined almost 3,000 violations from nearly 4,000 gas wells in Pennsylvania since 2008. It found 62 percent of the violations were administrative and 38 percent were environmental. The environmental violations stemmed from 845 events — 25 of them classified as “major,” defined as site restoration failures, serious contamination of water supplies, major land spills, blowouts, and venting and gas migration.

RELATED STORIES
Fracking Mud Spills at Pipeline Sites
WY Well Blowout Plugged
Engineer Charged in BP Gulf Spill
Sound an Aid During Oil Spills

Even as the overall number of violations increased as more companies drilled wells, the percentage of environmental violations compared to the number of wells drilled fell from 58.2 percent in 2008 to 30.5 percent in 2010.

“The data in this study demonstrates that the odds of non-major environmental events, and the much smaller odds of major environmental events, are being reduced even further by enhanced regulation and improved industry practice,” said lead author Timothy Considine.

The report said in 2008, companies drilled 170 shale gas wells in Pennsylvania and there were 99 environmental violations, meaning 58 percent of all wells drilled incurred some violation. In the first eight months of 2011, they say 1,248 wells drilled and there were 331 recorded environmental violations, meaning 26.5 percent of wells had violations.

They cite this as evidence of improved operations and regulation.

However, a main argument by opposition groups is that the cumulative impact of more wells must come under consideration. From that perspective, the study confirms as more wells go in, the number of environmental incidents increases — in fact, the overall number tripled from 2008 to 2011, even though the number per well went down.

“Hundreds of violations per year are not acceptable when it comes to protecting clean air and clean water for people who are forced to live with heavy industrial operations in their backyards,” said Kate Sinding of the Natural Resources Defense Council.

LSB said the direct strong nitric acid (DSN) plant, which represents about 20 percent of its El Dorado, AR, facility’s total capacity, suffered damage when a reactor exploded in the morning. There were no injuries related to the incident, the company said.

RELATED STORIES
Chem. Industry Needs to Cut Hazards
Automakers in Resin Rush
Hazards Overlooked before Plant Blast
BP’s Texas City Refinery Acid Leak

The explosion also caused minor damage to the three other acid plants at the facility, Chief Executive Jack Golsen said.

LSB, which makes heating, ventilation and air conditioning (HVAC) and nitrogen-based chemical products, said it cannot estimate the extent of the damages.

Golsen said it remained unknown how long the El Dorado facility will be out of production as the control room also suffered damage.

The El Dorado plant produces and sells about 470,000 tons of nitrogen-based products per year, according to the company.

LSB, which is investigating the cause of the explosion, said it believes there was no environmental release.

The revamped model, the first since the program began after Three Mile Island in 1979, was four years in the making. What is interesting is the new rules went into effect in December.

RELATED STORIES
U.S. Nukes Meet Safety Purchase Deadline
Quake Plant gets more Oversight
Unplanned Outages Force NRC Review
Nuke Fuel Maker Works on 9-Year Plan

Some of the changes fly in the face of the lessons learned from the reactor crisis in Japan. A mandate that local responders always run practice exercises for a radiation release has gone by the wayside.

The Nuclear Regulatory Commission (NRC) and the Federal Emergency Management Agency (FEMA), which run the program together, added one new exercise: More than a decade after the 9/11 terrorist attacks, state and community police will now take part in exercises that prepare for a possible assault on their local plant.

Still, some emergency officials say this new exercise doesn’t go far enough.

These changes, while documented in obscure federal publications, went into effect with hardly any notice by the general public.

Michael Mariotte, director of the anti-nuclear group Nuclear Information and Resource Service, normally tracks such rules very carefully. Not this time as he learned about them from a reporter.

“Unless there are public interest groups out there pointing to the things these agencies are doing, they generally prefer to be operating in quiet, especially if it’s likely to be controversial,” he said. “A typical American does not read the Federal Register.”

The Web archives of FEMA and the NRC show no news releases on the changes during December 2011 and January 2012. The revisions took effect Dec. 23, at the peak of the holiday season.

There are weaknesses in the U.S. emergency planning program. With nuclear reactors now operating beyond their design life under rules relaxed to account for deteriorating safety margins, there has also been big population growth around nuclear power plants and limitations in the scope of emergency exercises.

The latest changes, especially relaxed exercise plans for 50-mile emergency zones, are under fire by some local planners and activists who say the widespread contamination in Japan from last year’s Fukushima nuclear accident screams out for stronger planning in the United States, not weaker rules.

FEMA officials said the revised standards introduce more variability into planning exercises and will help keep responders on their toes. The nuclear power industry has praised the changes on similar grounds.

Onsite security forces at nuclear power plants have practiced defending against make-believe assaults since 1991 and increased the frequency of these drills after the 2001 terrorist attacks. The new exercises for community responders took years to consider and adopt with prolonged industry and government consultations that led to repeated drafts. The NRC made changes requested by the industry.

Officials for FEMA and the NRC said they are still studying whether Japan’s experience points to the need for further changes in the United States.