News

This is a archive for News.

Tuesday, September 19, 2017 @ 04:09 PM gHale

Siemens and PAS Global unveiled an agreement Tuesday to provide real time monitoring for control systems. The partnership will provide users with: Analytics to identify and inventory proprietary assets, and visibility to detect and respond to attacks across the operating environment. RELATED STORIES
Rockwell Offers Threat Detection Services
Israeli Start Up Looks to Secure Network Devices
Kaspersky Private Security Network’s Next Gen
Statseeker Updates Network Monitoring Solution As the utilities and oil and gas sectors become increasingly digital to achieve revenue and efficiency gains, there is a corresponding need to identify cyber threats

Tuesday, September 19, 2017 @ 03:09 PM gHale

Phoenix Contact has an update to mitigate improper access control vulnerabilities for Oracle Java SE in its mGuard Device Manager, according to a report with ICS-CERT. Device management software for mGuard devices, mGuard Device Manager 1.8.0 and older suffer from the remotely exploitable vulnerability, which Phoenix Contact self-reported. RELATED STORIES
LOYTEC Mitigates Multiple HMI Holes
Philips Addresses Patient Worn Monitor Holes
mySCADA Fixes myPRO Hole
Fix for Infusion Pump Issues in Jan. Successful exploitation of these vulnerabilities could allow unauthorized remote access, modification of data, and may allow remote and local

Tuesday, September 19, 2017 @ 11:09 AM gHale

By Gregory Hale
As cybersecurity awareness continues surging to new heights, education and training appear to be joining hand in hand. The next step in the march toward a secure environment is for manufacturers to get activated and ensure they have a well thought out cybersecurity plan moving forward. RELATED STORIES
ICSJWG: Putting Numbers Behind Risk
ICSJWG: Change in Security Approach Needed
Power Grid Compromise
Fighting FUD from DC That falls in line with the change occurring throughout the manufacturing automation sector, with new ways manufacturers operate, use technology, boost connectivity,

Monday, September 18, 2017 @ 06:09 PM gHale

As the number of industrial security threats continues to rise, manufacturers are taking a closer look at risks to their environments. The new threat detection services from Rockwell Automation help manufacturers and industrial operators monitor, detect and respond to increasingly complex security threats. RELATED STORIES
Israeli Start Up Looks to Secure Network Devices
Kaspersky Private Security Network’s Next Gen
Statseeker Updates Network Monitoring Solution
Schneider, Claroty Team to Boost Network Visibility Designed specifically for industrial networks, the new set of services map normal network behavior, and use Rockwell Automation monitoring services to

Monday, September 18, 2017 @ 04:09 PM gHale

Trend Micro released a patch for its Mobile Security for Enterprise fixing remote code execution issues. The goal behind Trend Micro’s Mobile Security for Enterprise is to give organizations visibility and control over mobile devices, applications and data. RELATED STORIES
Bluetooth Devices Susceptible to Attack
ICSJWG: Change in Security Approach Needed
Power Grid Compromise
Fighting FUD from DC Roberto Suggi Liverani and Steven Seeley of Offensive Security discovered the product suffers from an unrestricted file upload, authentication bypass, SQL injection and proxy command injection vulnerabilities. They sent the vulnerabilities to Trend Micro

Friday, September 15, 2017 @ 12:09 PM gHale

By Gregory Hale
Manufacturers wrestle with if they should fund a cybersecurity solution all the time because they don’t really know the costs associated with an operational shutdown related to a cyber incident. But that could soon end because there is one model out there that can help make those number real. RELATED STORIES
ICSJWG: Change in Security Approach Needed
Power Grid Compromise
Fighting FUD from DC
Black Hat: ICS Security Movement “Business decision makers don’t care about security, they care about risk,” said Mike Radigan, senior advisor, cyber risk management

Thursday, September 14, 2017 @ 05:09 PM gHale

Hurricane Harvey’s floodwaters triggered a spill of almost a half-million gallons of gasoline from two storage tanks at Magellan Midstream Partners along the Houston Ship Channel. The spill measured 10,988 barrels, which is more than 461,000 gallons. RELATED STORIES
One Houston Oil Spill Cleaned
Unsafe Chemical Plume Found in Houston
Harvey: Arkema Evac Zone Lifted
Harvey: Explosions at Arkema TX Plant That marks the largest reported spill linked to Harvey’s floodwaters. The gasoline spilled from a Magellan Midstream Partners fuel terminal in Galena Park, TX. Some of the gasoline flowed into a

Thursday, September 14, 2017 @ 03:09 PM gHale

HMI touch panel provider, LOYTEC, created a firmware update to mitigate multiple vulnerabilities in its LVIS-3ME, according to a report with ICS-CERT. The remotely exploitable vulnerabilities, discovered by Davy Douhine of RandoriSec, include a relative path traversal, insufficient entropy, cross-site scripting, and insufficiently protected credentials. RELATED STORIES
Philips Addresses Patient Worn Monitor Holes
mySCADA Fixes myPRO Hole
Fix for Infusion Pump Issues in Jan.
Diabetes Management Software Hole Filled LVIS-3ME versions prior to 6.2.0 suffer from the vulnerabilities. Successful exploitation of these vulnerabilities may result in information exposure or allow arbitrary

Wednesday, September 13, 2017 @ 09:09 AM gHale

Wacker Polysilicon’s Charleston, TN, plant will temporally shut down operations as officials work at determining the cause of a blast at the facility last week. The company, which employs around 650, pinpointed where the mechanical failure occurred that led to an explosion and the localized release of the chemical chlorosilane. However, why the explosion and subsequent release occurred is still being investigated. RELATED STORIES
Worker Dies after KS Refinery Fire
Three Die after NM Tank Battery Blast
CA Creates Tougher Refinery Safety Rules
Safety Systems Worked in CA Refinery Blast “We are

Wednesday, September 13, 2017 @ 08:09 AM gHale

Philips produced a software update that fixes one of two vulnerabilities in its IntelliView MX40 Patient Worn Monitor and provides mitigations for the other, according to a report with ICS-CERT. Philips plans to release an additional software update in 2017 to address the remaining vulnerability. RELATED STORIES
mySCADA Fixes myPRO Hole
Fix for Infusion Pump Issues in Jan.
Diabetes Management Software Hole Filled
SpiderControl Updates SCADA Web Server IntelliVue MX40 Patient Worn Monitor (wireless local area networks WLAN only), all versions prior to Version B.06.18 suffer from the vulnerabilities. Vulnerabilities only