News

This is a archive for News.

Friday, April 21, 2017 @ 03:04 PM gHale

Three New York-area men separately pleaded guilty in federal court to one count of conspiracy to commit bank fraud, in relation to the theft of at least $428,581 in funds from various New Jersey banking locations. The plot involved the use of skimming devices and pinhole cameras to capture password entries and card data. RELATED STORIES
Feds Move to Tear Apart Kelihos Botnet
Fired Worker Guilty of Hacking System
Russian Man Pleads Guilty to Hacking
Lithuanian Man Busted for Email Scam Joel Abel Garcia, 35, a U.S. citizen from the Bronx, NY,

Thursday, April 20, 2017 @ 02:04 PM gHale

There is an update to the open-source reports of “BrickerBot” attacks, which exploit hard-coded passwords in IoT devices in order to cause a permanent denial of service (PDoS), according to ICS-CERT. This family of botnets, which consists of BrickerBot.1 and BrickerBot.2, ended up described in a Radware Attack Report (‘BrickerBot’ Results In PDoS Attack). RELATED STORIES
Belden Updates Fixes for GECKO
Wecon Mitigates HMI Editor Holes
Schneider Working on Modicon, SoMachine Holes
Schneider Fixes XSS Vulnerability ICS-CERT is working to identify vendors of affected IoT devices in order to collect product-specific mitigations

Wednesday, April 19, 2017 @ 04:04 PM gHale

Woolwich, NJ-based US Drop Forge (USDF) knows safety pays time and time again. The 46-employee manufacturer of closed die forgings for industries specializing in petrochemical and military applications strives to provide a safe work environment that helps protect employees and enhances the quality of their work. RELATED STORIES
Safety Stays SHARP at SCI
Cassemco Continues to Stay SHARP
Ground Control Maker Stays SHARP
Mattress Factory Shares SHARP Safety Message Since the mid-1960’s, USDF has had dedicated employees, performing various jobs in a manufacturing facility of approximately 70,000 square feet. These jobs involve

Wednesday, April 19, 2017 @ 04:04 PM gHale

Belden updated a software version to mitigate path traversal, server-side request forgery, cross-site request forgery, information exposure vulnerabilities on its Hirschmann GECKO switches, according to a report with ICS-CERT. The vulnerabilities, discovered by Davy Douhine of RandoriSec, is remotely exploitable.
Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions suffers from the issue. RELATED STORIES
Wecon Mitigates HMI Editor Holes
Schneider Working on Modicon, SoMachine Holes
Schneider Fixes XSS Vulnerability
‘BrickerBot’ Permanent DoS Attack Successful exploitation of these vulnerabilities may allow a remote attacker to access a copy of the

Wednesday, April 19, 2017 @ 11:04 AM gHale

A chemical plant reopened Monday after a fire destroyed one of its buildings last Thursday. No one was hurt in the fire at Jacam Chemicals in Sterling, KS, in Rice County. It is still unclear what caused the fire. The company plans to rebuild the building that burned. RELATED STORIES
Toxic Chemical Spill Closes IN Beaches
Chemical Spill at Tesla NV Plant
Fatal Blast at MO Ammunition Plant
CSB Makes Business Case for Safety Evacuated residents are back home and surrounding roads reopened following the Thursday morning fire at the Jacam Chemicals

Tuesday, April 18, 2017 @ 05:04 PM gHale

An explosion last Tuesday at an ammunition plant near Kansas City, Missouri, killed one worker and injured four others, U.S. Army officials said. The blast at the Lake City Army Ammunition Plant in Independence, just east of Kansas City, occurred in a building where they mix chemicals, Army officials. The building has been secured and rendered safe, they said, allowing investigators to begin looking into what caused the explosion. RELATED STORIES
CSB Makes Business Case for Safety
Design Flaws Led to KS Toxic Chem Release
Tank Blast: Pressure Boundary Failed
CSB Investigating

Monday, April 17, 2017 @ 05:04 PM gHale

A safety incident not only risk the health and safety for workers and residents nearby a facility, it also could fatally injure a business. That is where the Chemical Safety Board’s “Business Case for Safety” details how safety is good for business and ultimately a company’s bottom line. The report summarizes four major accident investigations. RELATED STORIES
Design Flaws Led to KS Toxic Chem Release
Tank Blast: Pressure Boundary Failed
CSB Investigating Fatal ‘Boiler’ Blast
Boiler Blast Kills 3, Called an Accident Included in the business case are costs associated with

Monday, April 17, 2017 @ 04:04 PM gHale

There were several shortcomings in the design and labeling of loading stations as well as adherence to chemical unloading procedures at the MGPI Processing plant in Atchison, KS, which led to a toxic chemical release Oct. 21, federal officials said. The MGPI facility produces distilled spirits and specialty wheat proteins and starches. The chemical release occurred when sulfuric acid inadvertently unloaded from a tanker truck into a fixed sodium hypochlorite tank at the plant, said officials at the Chemical Safety Board (CSB). RELATED STORIES
Tank Blast: Pressure Boundary Failed
CSB Investigating Fatal ‘Boiler’ Blast
More

Monday, April 17, 2017 @ 03:04 PM gHale

The vessel that launched into the Faultless Linen building in St. Louis April 3 killing three people at the laundry business and one at a box manufacturer was a vertical condensate storage tank, technically referred to as the SCR or semi-closed receiver, federal officials said. The SCR provided the condensate or hot water to a steam generation and supply system supporting a corrugated box manufacturing process at Loy-Lange Box Company. That process was in the process of starting up on the morning of the incident. RELATED STORIES
CSB Investigating Fatal ‘Boiler’ Blast
Boiler Blast Kills 3,

Friday, April 14, 2017 @ 04:04 PM gHale

Wecon Technologies released new software to mitigate heap-based buffer overflow and a stack-based buffer overflow vulnerabilities in its LEVI Studio HMI Editor, according to a report with ICS-CERT. LEVI Studio HMI Editor, all versions suffer from the remotely exploitable vulnerability, discovered by Andrea (rgod) Micalizzi, working with iDefense Labs. RELATED STORIES
Schneider Working on Modicon, SoMachine Holes
Schneider Fixes XSS Vulnerability
‘BrickerBot’ Permanent DoS Attack
Cisco Finds Moxa Vulnerabilities Successful exploitation of these vulnerabilities could cause the device to become unresponsive; a buffer overflow condition may allow remote code execution. This product