This is a archive for News.

Friday, March 24, 2017 @ 10:03 AM gHale

A Lithuanian man is under indictment in the United States for convincing two U.S.-based companies to wire over $100 million to bank accounts he controlled as part of an email fraud scheme. Evaldas Rimasauskas, 48, ended up arrested late last week in Lithuania on the basis of a provisional arrest warrant, the New York Office of the FBI said. RELATED STORIES
Trojan Author Pleads Guilty
Four Charged with Yahoo Hack Attack
Turkish Hacker gets 8 Years in Prison
Hacker with Russia Ties Faces Hacking Charges The indictment said Rimasauskas led a fraudulent

Friday, March 24, 2017 @ 10:03 AM gHale

A Russian programmer thought to be the mastermind behind the Citadel Trojan which was responsible for stealing over $500 million from bank accounts, pleaded guilty to one count of computer fraud. Mark Vartanyan, also known by the name of “Kolypto,” ended up arrested last year in Norway and extradited to America a month later. He ended up charged with one count of computer fraud, for which he pleaded guilty. RELATED STORIES
Four Charged with Yahoo Hack Attack
Turkish Hacker gets 8 Years in Prison
Hacker with Russia Ties Faces Hacking Charges
Celebrity Hacker

Thursday, March 23, 2017 @ 04:03 PM gHale

Some of Cisco’s industrial routers have a critical remote code execution vulnerability in the IOx application environment. The flaw, which has a CVE-2017-3853 case number, affects the Data-in-Motion (DMo) process of IOx and is the result of a lack of proper bounds checking. RELATED STORIES
Cisco Finds CMP Vulnerability
Cisco Suffers from Apache Struts2 Hole
Cisco Fixes NGA DoS Issue
Cisco WebEx Vulnerability Fixed, Again That means a remote, unauthenticated attacker can exploit the vulnerability to trigger a stack overflow by sending specially crafted packets forwarded to the DMo process for evaluation.

Thursday, March 23, 2017 @ 03:03 PM gHale

There is a high severity code execution vulnerability in National Instruments’ LabVIEW system design software, researchers said. LabVIEW 2016 version 16.0 suffers from a heap-based buffer overflow vulnerability which can end up triggered with a specially crafted VI file (a LabVIEW specific format) that causes a user-controlled value to be used as a loop terminator, said researchers at Cisco’s Talos. RELATED STORIES
Siemens Updates SIMATIC Fixes
Moxa Updates NPort Fix
Rockwell Fixes FactoryTalk Hole
Rockwell Clears Workbench Vulnerability By getting a targeted user to open a malicious VI file, a remote attacker

Thursday, March 23, 2017 @ 03:03 PM gHale

By Gregory Hale
Today’s digital age has gotten to the point where the benefits continue to outweigh the negatives, but as more manufacturing automation organizations continue to expand connections, the security message needs to get smarter. That is why Marty Edwards, director of the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) at the Department of Homeland Security (DHS) said during his presentation at the SANS ICS Security Summit in Orlando, FL, Monday, users need to find the most critical element in their process and eliminate the cyber aspects. RELATED STORIES
SANS: Know the Security Mission

Wednesday, March 22, 2017 @ 07:03 PM gHale

By Gregory Hale
Sometimes you can reach your goal by starting from nothing and cobbling together thoughts and ideas piece by piece by piece until it makes connections and the result is a final product. There is no initial vision, but that comes together after working and living through the experience. Kind of a Monday morning quarterback thing. Other times there is a vision from the top or someone that had an idea and simply says, here is a plan, let’s execute on it and it will help us move forward. RELATED STORIES
ABB: Showing its Digital

Wednesday, March 22, 2017 @ 05:03 PM gHale

By Gregory Hale
It is hard to go a single day in the manufacturing automation sector without hearing about some new Industrial Internet of Things (IIoT) product, device, solution or program that will revolutionize how the industry thinks and does business. While IIoT adoption is still quite a ways off, companies are moving now to get organized and able to jump at opportunities even before full implementation. It only makes sense. RELATED STORIES
ABB: Showing its Digital Ability
Oil and Gas Security ‘Not Keeping Pace’
Open, Secure Systems Moving Forward

Wednesday, March 22, 2017 @ 04:03 PM gHale

New Berlin, WI-based Schoeneck Containers Inc. (SCI), supplies plastic containers for consumer and commercial markets throughout the world. Since its inception in 1972, SCI continues to grow as a supplier of containers for food, beverage, personal care, household, and industrial products. RELATED STORIES
Cassemco Continues to Stay SHARP
Ground Control Maker Stays SHARP
Mattress Factory Shares SHARP Safety Message
Metals Recycler Stays SHARP It was 17 years ago when SCI leaders knew they needed a big change to improve safety for its employees and the company as a whole, so they hired

Wednesday, March 22, 2017 @ 02:03 PM gHale

While a hydrocracker was in the process of getting back to full production after a fire last August, caught fire again at Motiva Enterprises’ 235,000 barrel per day (bpd) Convent, Louisiana, refinery Saturday, officials said. There were no injuries in the fire that broke out shortly before noon on the 45,000 bpd heavy oil hydrocracker, called the H-Oil Unit, which was in the process of restarting to full production for the first time since a fire last August, said two sources familiar with plant operations in a Reuters report. RELATED STORIES
CO Refinery Flares after Power Failure

Wednesday, March 22, 2017 @ 12:03 PM gHale

Siemens updated its advisory regarding vulnerabilities affecting SIMATIC CP 343-1 Advanced/CP-443-1 Advanced devices and SIMATIC S7-300/S7-400 CPUs, according to a report with ICS-CERT. Inverse Path auditors and the Airbus ICT Industrial Security team reported these vulnerabilities directly to Siemens. Siemens made new firmware versions available for several products and a temporary fix for the remaining affected products to mitigate these remotely exploitable vulnerabilities. RELATED STORIES
Moxa Updates NPort Fix
Rockwell Fixes FactoryTalk Hole
Rockwell Clears Workbench Vulnerability
LCDS Fixes SCADA Software Siemens said the vulnerabilities affect the following SIMATIC products: