News

This is a archive for News.

Friday, February 17, 2017 @ 02:02 PM gHale

A connected car, or a car equipped with Internet access, has been gaining popularity for the last several years. Not only multimedia systems are available, but also car key systems in literal and figurative senses. By using proprietary mobile apps, it is possible to get the GPS coordinates of a car, trace its route, open its doors, start its engine, and turn on its auxiliary devices. RELATED STORIES
Tesla Fixes Gateway ECU Issue
Drawing Up Plans for Auto Security
VW Starts Security Firm
Summer Project: Securing Autos There is no doubt these

Friday, February 17, 2017 @ 01:02 PM gHale

Rockwell Automation created a new version of software that fixes a parser buffer overflow vulnerability first reported in September in its RSLogix Starter Lite, and also, after further investigation in its RSLogix 500 and other versions of RSLogix Micro, according to a report with ICS-CERT. The new software is version v11.00.00. Ariele Caltabiano (kimiya) working with Trend Micro’s Zero Day Initiative identified the vulnerability. RELATED STORIES
Advantech Clears WebAccess Vulnerability
Geutebrück IP Camera Issue Fix
Siemens Mitigates APOGEE Insight Issue
Rockwell Updates Buffer Overflow Fix Rockwell said the vulnerability affects the following

Thursday, February 16, 2017 @ 05:02 PM gHale

By Gregory Hale
When it comes to cybersecurity in the manufacturing automation sector, the oil and gas industry has hands down, the strongest security programs across any industry. That is why reviewing and listening to Thursday’s webcast releasing a Ponemon Institute survey on “The State of Cybersecurity in the Oil & Gas Industry: United States,” commissioned by Siemens is disconcerting. RELATED STORIES
ARC: Open, Secure Systems Moving Forward
ARC: Take ‘Crown Jewels’ Offline
Lesson Learned: IT-OT Convergence
Ukraine Attack: An Insider’s Perspective “Cyber is not keeping pace with digitalization in the

Thursday, February 16, 2017 @ 03:02 PM gHale

Clearfield, Utah-based Jennmar Corporation is a family-owned company that focuses on ground control technology serving the mining and tunneling industries. Covering those industries, Jennmar knows the inherent danger involved as it develops and manufactures a broad range of ground control products designed to make mining and tunneling safer and more efficient. RELATED STORIES
Mattress Factory Shares SHARP Safety Message
Metals Recycler Stays SHARP
Staying SHARP Boosts NJ Metal Firm
WY Contractor Works to Stay SHARP
Bacon Maker gets SHARP Jennmar Corporation of Utah, Inc. started up in 1993, originally serving

Thursday, February 16, 2017 @ 02:02 PM gHale

California-based global engineering services firm, Parsons Corp., ended up reapproved for participation in the Occupational Safety and Health Administration’s (OSHA) Voluntary Protection Programs (VPP). The VPP program is all about businesses that implement effective safety and health programs and maintain below-average injury and illness rates for their industry. RELATED STORIES
Auto Parts Maker Settles Whistleblower Case
Top OSHA Safety Citations for 2016
OSHA Releases Safety Best Practices
Bacon Maker gets SHARP Parsons, which has 14,000 employees, is one of five companies in the nation with Corporate VPP status, under which companies make

Wednesday, February 15, 2017 @ 03:02 PM gHale

A Cartersville, GA, man died Monday after a tire he was working on exploded at Monitor Manufacturing Co. in Cartersville. Deon Eggleston, 43, died at the scene of the incident. Bartow County Deputy Coroner Brent Wilkey said Eggleston died after a tire he was working on exploded. RELATED STORIES
Phillips 66 Pipeline Blast Injures 6
3 Dead, 7 Hurt in LA Tank Blast
Candy Plant Getting Grasp on Blast Cause
Explosion at KY Candy Maker “He was working on a lawnmower tire,” Wilkey said, “and it exploded hitting him in the chest

Wednesday, February 15, 2017 @ 02:02 PM gHale

By Gregory Hale
It wasn’t that long ago when ExxonMobil made the industry stand at attention and start thinking of the next evolution of open system security and process control. What the oil giant was saying one year ago was the industry needed to change – and change fast. While it would be easy for the naysayers to shrug and say it will never happen, the interesting thing is, there seems to be a momentum shift toward the initiative if you listened to Don Bartusiak’s keynote last week at the ARC Advisory Group 21st Annual Industry Forum in Orlando,

Wednesday, February 15, 2017 @ 01:02 PM gHale

By Gregory Hale
In this day and age of connected everything, manufacturers need to understand their process and disconnect the “crown jewels.” “Today, digital means connected,” said Marty Edwards, director of the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) at the Department of Homeland Security (DHS) during his keynote address last week at the ARC Advisory Group’s Industry Forum in Orlando, FL. “Everything is connected to everything. If it isn’t connected, it will be.” RELATED STORIES
Lesson Learned: IT-OT Convergence
Ukraine Attack: An Insider’s Perspective
PSUG: Designing a Security Program
More

Wednesday, February 15, 2017 @ 11:02 AM gHale

Taiwan-based Advantech released a new version to fix a DLL Hijacking vulnerability in its WebAccess product, according to a report with ICS-CERT. Advantech WebAccess Versions 8.1 and prior suffer from the issue, discovered Li MingZheng Kuangn, who then tested the patch. RELATED STORIES
Geutebrück IP Camera Issue Fix
Siemens Mitigates APOGEE Insight Issue
Rockwell Updates Buffer Overflow Fix
Siemens Clears SIMATIC Logon Hole Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code within the system. The DLL hijacking vulnerability could allow an attacker to run a malicious DLL

Wednesday, February 15, 2017 @ 11:02 AM gHale

Geutebrück patched an authentication bypass and improper neutralization of special elements vulnerabilities in its G-Cam IP camera, according to a report with ICS-CERT. The G-Cam/EFD-2250 Version 1.11.0.12 suffers from the remotely exploitable vulnerability. Florent Montel and Frédéric Cikala discovered the authentication bypass vulnerability and Davy Douhine of RandoriSec found the improper access control vulnerability. RELATED STORIES
Siemens Mitigates APOGEE Insight Issue
Rockwell Updates Buffer Overflow Fix
Siemens Clears SIMATIC Logon Hole
Smart Security Manager gets Fix Successful exploitation of these vulnerabilities could allow the attacker to bypass authentication and obtain remote anonymous access