News

This is a archive for News.

Wednesday, April 25, 2018 @ 12:04 PM gHale

By Gregory Hale
Safety can learn from security and security can learn from safety, but now security can help protect safety by using a safety tool. Sound confusing? Just ask John Cusimano. RELATED STORIES
AIChE: Safety with a Cause
AIChE: Safety: Doing More with Less
AIChE: Safety ‘Underpins’ Industry
AIChE: Safety Obsession to the Core “We are seeing more and more attacks on OT (operational technology),” said Cusimano, director of industrial cybersecurity at aeSolutions during a Tuesday talk at the 14th Global Congress on Process Safety at the 2018 AIChE Spring

Wednesday, April 25, 2018 @ 11:04 AM gHale

By Gregory Hale
Imagine if you are a 9-year-old outside playing in your yard one fine summer day and you hear a loud siren and then end up seeing a yellow-green cloud starting to float over and you hear state police driving through the neighborhood yelling on their loudspeaker to evacuate immediately. That is exactly what happened to Louisa Nara back on July 24, 1968 when there was a chemical release at a chemical plant in Charleston, WV. RELATED STORIES
AIChE: Safety: Doing More with Less
AIChE: Safety ‘Underpins’ Industry
AIChE: Safety Obsession

Wednesday, April 25, 2018 @ 10:04 AM gHale

By Gregory Hale
A new hacker group called Orangeworm is focusing on the healthcare sector with manufacturing just behind, researchers said. Symantec Telemetry found the group infected a small number of victims and it mainly goes after healthcare more than any other industry, with 17 percent of its victims in the U.S. Manufacturing is just behind at 15 percent along with information technology. RELATED STORIES
FDA to Hike Medical Device Security
Abbott Updates Defibrillator
Biosense Fixes System Vulnerabilities
Philips Remediates iSite, IntelliSpace Holes The hacker group has been targeting organizations across

Wednesday, April 25, 2018 @ 10:04 AM gHale

FirstEnergy Solutions is moving to deactivate three nuclear plants in Ohio and Pennsylvania over the next three years. The company, a subsidiary of FirstEnergy Corp., filed a Certification Letter with the U.S. Nuclear Regulatory Commission (NRC) saying it will permanently deactivate its nuclear power plants over the next three years, citing “severe economic challenges.” RELATED STORIES
NRC OKs 2 New Reactors in FL
Feds Hit Entergy for Nuke Plant Violations
Assessments Issued for Nation’s Nukes
NM Nuclear Fuel Storage Site Begins The letter affirms the company’s March 28 notification to PJM Interconnection

Wednesday, April 25, 2018 @ 09:04 AM gHale

Bedrock Automation continues its push to secure the manufacturing automation sector with two new offerings. In one, Tatsoft will authenticate the latest version of its SCADA software to the Bedrock Automation control system root of trust. RELATED STORIES
Pipeline Firms Hit; Gas Still Flowing
Cyber is ‘Core’ to Digital Future
SANS: ‘Unique’ Safety System Attack
Feds Alert on Russian Cyber Activity Targeting ICS In the other, Bedrock introduced a lower-cost and high-performance controller. Tatsoft’s FactoryStudio 2018 developers will now be able to generate Certificate Signing Requests (CSRs) for the Bedrock Certificate Authority

Wednesday, April 25, 2018 @ 08:04 AM gHale

An explosion and fire at the Valero Texas City, TX, refinery released four types of unauthorized contaminants into the air, officials said. Valero Energy estimated its Texas City refinery emitted more than 5,000 pounds of alkylates, 13,700 pounds of carbon monoxide, 970 pounds of hydrogen fluoride and 12,000 pounds of particulate matter during the incident last Thursday. RELATED STORIES
Blaze at AL Auto Parts Plant
OR Mill Fire Forces Evac
Fire at CA Oil Products Maker
Blast, Fire at MI Recycling Firm The refinery also released oxides of nitrogen and sulfur dioxide

Tuesday, April 24, 2018 @ 07:04 PM gHale

Becton, Dickinson and Company (BD) implemented third-party vendor patches to fix a reusing a nonce vulnerability in certain BD Pyxis products, according to a report with ICS-CERT. Successful exploitation of this vulnerability could allow data traffic manipulation, resulting in partial disclosure of encrypted communication or injection of data. RELATED STORIES
Vecna Clears VGo Robot Holes
Intel Updates 2G Modem Firmware
Advantech Working to Fix HMI Holes
Siemens Mitigation Plan for Simatic App The following versions of BD Pyxis products, a medication and supply management system, suffer from the vulnerability:
• BD

Tuesday, April 24, 2018 @ 06:04 PM gHale

Vecna Technologies, Inc. (Vecna) has an update to mitigate OS command injection and cleartext transmission of sensitive information vulnerabilities in its VGo Robot, according to a report with ICS-CERT. Successful exploitation of these vulnerabilities, discovered by Dan Regalado from Zingbox, could allow an attacker to capture firmware updates through network traffic and could allow remote code execution on the VGo Robot, a mobile robotic assistant. RELATED STORIES
Intel Updates 2G Modem Firmware
Advantech Working to Fix HMI Holes
Siemens Mitigation Plan for Simatic App
Abbott Updates Defibrillator The vulnerabilities are exploitable from

Tuesday, April 24, 2018 @ 06:04 PM gHale

Intel has firmware updates to mitigate a buffer overflow in its 2G Modem, according to a report with ICS-CERT. Successful exploitation of this remotely exploitable buffer overflow vulnerability may allow remote code execution. RELATED STORIES
Advantech Working to Fix HMI Holes
Siemens Mitigation Plan for Simatic App
Abbott Updates Defibrillator
Biosense Fixes System Vulnerabilities The vulnerability affects Intel 2G modem products where the earthquake tsunami warning system (ETWS) feature is enabled in modem firmware. Devices equipped with an affected modem, when connected to a rogue 2G base station where non-compliant 3GPP software

Tuesday, April 24, 2018 @ 06:04 PM gHale

Advantech is working on a mitigation for heap-based buffer overflow, double free, out-of-bounds write vulnerabilities in its WebAccess HMI Designer, according to a report with ICS-CERT. Human Machine Interface (HMI) runtime development software, Advantech WebAccess HMI Designer, Version 2.1.7.32 and prior suffer from the remotely exploitable vulnerabilities, discovered by Steven Seeley of Source Incite working with Trend Micro’s Zero Day Initiative (ZDI). RELATED STORIES
Siemens Mitigation Plan for Simatic App
Abbott Updates Defibrillator
Biosense Fixes System Vulnerabilities
Schneider Software Plan for InduSoft, InTouch Hole Successful exploitation of these vulnerabilities may allow an