This is a archive for News.

Tuesday, November 21, 2017 @ 03:11 PM gHale

Radioactive waste continues to pour from Exelon’s Illinois nuclear power plants more than a decade after the discovery of leaks, an investigation by a government watchdog group found. Since 2007, there have been at least 35 reported leaks, spills or other accidental releases in Illinois of water contaminated with radioactive tritium, a byproduct of nuclear power production and a carcinogen at high levels, a Better Government Association review of federal and state records shows. RELATED STORIES
Nuke Operator Cited for Violation
Safety Concern: TN Nuke’s ‘Chilled’ Work Environment
Nuclear Shipping Incident Under Review

Tuesday, November 21, 2017 @ 03:11 PM gHale

Mountain View, CA-based cyber insurance firm At-Bay just launched. The company said it is bringing a new model of security cooperation between insured and insurer to reduce risk and exposure. RELATED STORIES
Cyber Insurance: Industry Underinsured
Exec Survey: Risk Management Weak
Old OSes Prevalent, Vulnerable to Breaches
IoT Attacks Can Truly Cost a Company At-bay is backed by The Hartford Steam Boiler Inspection and Insurance Company (HSB), part of Munich Re. “We founded At-Bay with the belief that controlling for cyber risk enables businesses to embrace technology and unlock great value to

Tuesday, November 21, 2017 @ 01:11 PM gHale

Phoenix Contact is working on a fix to mitigate a reusing a nonce vulnerability in its WLAN capable devices using the WPA2 protocol, according to a report with ICS-CERT. Successful exploitation of these vulnerabilities could allow an attacker to operate as a “man-in-the-middle” between the device and the wireless access point. Mathy Vanhoef of imec-DistriNet, KU Leuven discovered these vulnerabilities. Phoenix Contact reported these vulnerabilities to CERT@VDE, which coordinated these vulnerabilities with ICS-CERT. RELATED STORIES
Siemens Mitigates SICAM Holes
Moxa Releases New NPort Firmware
Siemens’ Mitigation Plan for KRACK Holes
ABB Working on

Monday, November 20, 2017 @ 05:11 PM gHale

Hackers hit the Sacramento, CA, Regional Transit (SacRT) system this weekend, erasing data and threatening to do more harm if SacRT didn’t pay them a one bitcoin ransom. The attack erased parts of computer programs on the agency’s servers that affect internal operations, including the ability to use computers to dispatch employees and assign buses for routes, said chief operating officer Mark Lonergan in a report in the Sacramento Bee. RELATED STORIES
SF Metro Victim of Ransomware
API: Finding Success from a Failure
API: Learn Who to Trust
How to Find an

Monday, November 20, 2017 @ 03:11 PM gHale

SecurityMatters and Waterfall Security Solutions inked a global partnership Monday to protect industrial control systems. The joint solution integrates SecurityMatters’ SilentDefense network monitoring platform with Waterfall’s Unidirectional Security Gateways to enable industrial enterprises to continuously and centrally monitor industrial control networks. RELATED STORIES
Working to Boost Adaptive Cyber Defense
FireEye, Nozomi Partner to Hike Visibility
Medigate Launches to Fight Medical Device Attacks
Kaspersky Lab’s Threat Hunting Services SecurityMatters’ SilentDefense is an OT network monitoring and intelligence platform that allows visibility, threat detection capability and control of the network. Waterfall’s Unidirectional Security Gateways

Friday, November 17, 2017 @ 03:11 PM gHale

TransCanada, the company that owns and operates the Keystone Pipeline, said 210,000 gallons, or 5,000 barrels, of oil spilled near Amherst, SD. The cause of the leak is under investigation, the company said. RELATED STORIES
Phillips 66 Cat Cracker Incident
Study to Research LA Oil Spill Effects
Settlement in Pipeline Oil Spill
Pressure Test Led to Valdez Oil Spill TransCanada crews detected a drop in pressure at 6 a.m. CT Thursday morning and shut down the pipeline, which runs from Hardesty, Alberta, to Cushing, OK, and Wood River/Patoka, IL. Amherst is 200

Thursday, November 16, 2017 @ 02:11 PM gHale

Siemens has a plan to mitigate missing authentication for critical function, cross-site scripting and code injection vulnerabilities for its SICAM product, according to a report with ICS-CERT. SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, DNPi00: All versions suffer from the remotely exploitable vulnerabilities, discovered by the SEC Consult Vulnerability Lab. RELATED STORIES
Moxa Releases New NPort Firmware
Siemens’ Mitigation Plan for KRACK Holes
ABB Working on Fix for TropOS
Philips Clears Hole in Medical Systems Successful exploitation of these vulnerabilities could allow an unauthenticated remote

Thursday, November 16, 2017 @ 02:11 PM gHale

Moxa created new firmware to mitigate injection, information exposure and resource exhaustion vulnerabilities in its NPort 5110, 5130, 5150, according to a report with ICS-CERT. Successfully leveraging these remotely exploitable vulnerabilities, discovered by Florian Adamsky who also tested the new firmware, could allow for remote code execution on the device. RELATED STORIES
Siemens’ Mitigation Plan for KRACK Holes
ABB Working on Fix for TropOS
Philips Clears Hole in Medical Systems
AutomationDirect Mitigates Software Glitch The following versions of NPort, a serial network interface, are affected:
• NPort 5110 Version 2.2

Wednesday, November 15, 2017 @ 04:11 PM gHale

By Gregory Hale
With all the talk of the connected, more digital workforce from Rockwell during its Automation Perspectives run up conference to Automation Fair 2017 in Houston, TX, one underlying message is security needs to continue to be a strong part of any manufacturer today and in the future. “We are just getting started,” said Blake Moret, president and chief executive at Rockwell Automation during his keynote address. “The power of IIoT (Industrial Internet of Things) allows (users) to connect, the develop advancements to keep people safe in the workplace, to monitor data on a rig miles away.

Wednesday, November 15, 2017 @ 03:11 PM gHale

By Gregory Hale
Any hallmark to a safety program is to keep workers, the plant and environment safe from whatever product the manufacturer is producing. But it doesn’t just have to be a cost center as it can also enable the business to be more productive. RELATED STORIES
MKO: Human Factors in Safety
MKO: Safety, ‘Never be Complacent’
Cyber PHA Secures Safety
Emerson: ‘Reliable Plant is a Safe Plant’ That is the thought process behind Honda of Canada Manufacturing, which was one of the winners in Rockwell Automation’s Manufacturing Safety Excellence