News

This is a archive for News.

Friday, January 18, 2019 @ 04:01 PM gHale

There were fewer workplace fatalities in 2017 than the previous year, according to the Bureau of Labor Statistics’ National Census of Fatal Occupational Injuries (CFOI) in 2017 (CFOI) report released in December. While the number is not huge, the fatal injury rate did drop from 3.6 percent in 2016 to 3.5 percent in 2017. RELATED STORIES
Striking Similarities in Refinery Blasts
Team Effort to Ensure Chemical Safety
Quality Emergency Response Means Communication
Dust Explosions Spark Safety Alert Crane-related workplace fatalities, and fatal occupational injuries in manufacturing and wholesale trade reached their lowest

Thursday, January 17, 2019 @ 03:01 PM gHale

ControlByWeb released new firmware to mitigate an improper authentication and cross-site scripting vulnerabilities in its X-320M, according to a report with NCCIC. Successful exploitation of these vulnerabilities may allow arbitrary code execution and could cause the device being accessed to require a physical factory reset to restore the device to an operational state. RELATED STORIES
ABB Fixes Hole in CP400 Panel Builder
Omron Clears CX-Supervisor Holes
LCDS Fixes LAquis SCADA Holes
Tridium Fixes XSS Hole
Pilz Fixes PNOZmulti Configurator Issue A web-enabled weather station X-320M-I firmware revision v1.05 and prior

Thursday, January 17, 2019 @ 03:01 PM gHale

ABB has new software version to handle an improper input validation vulnerability in its CP400 Panel Builder TextEditor 2.0, according to a report with NCCIC. Successful exploitation of this vulnerability, discovered by Ivan Sanchez of NullCode, may allow an attacker to execute arbitrary code, and cause a denial-of-service condition within the Text Editor application. RELATED STORIES
Omron Clears CX-Supervisor Holes
LCDS Fixes LAquis SCADA Holes
Tridium Fixes XSS Hole
Pilz Fixes PNOZmulti Configurator Issue A Control Panel Software Suite, CP400PB, Panel Builder for CP405 and CP408, Versions 2.0.7.05 and prior suffer from

Thursday, January 17, 2019 @ 02:01 PM gHale

Omron released a new version to mitigate multiple vulnerabilities in its CX-Supervisor, according to a report by NCCIC. The vulnerabilities are a code injection, command injection, use after free, and type confusion. RELATED STORIES
LCDS Fixes LAquis SCADA Holes
Tridium Fixes XSS Hole
Pilz Fixes PNOZmulti Configurator Issue
Omron Clears CX-One CX-Protocol Hole Successful exploitation of these vulnerabilities could result in a denial-of-service condition, and/or allow an attacker to achieve code execution with privileges within the context of the application. CX-Supervisor versions 3.42 and prior suffer from the vulnerabilities, discovered by Esteban

Wednesday, January 16, 2019 @ 02:01 PM gHale

By Gregory Hale
There were signs of an impending security issue was imminent months before the Triton safety system attack on a Saudi Arabian refinery, a researcher revealed Tuesday. “What isn’t publicly known is there was an additional outage in June 2017 on a Saturday evening where there was a skeleton crew working,” said Julian Gutmanis, during a Tuesday talk at the S4x19 conference in Miami. Gutmanis is a security researcher initially brought in by the victim organization once the attack had been discovered. RELATED STORIES
S4: Security Journey Just Beginning
S4: Schneider, Nozomi Ink

Wednesday, January 16, 2019 @ 11:01 AM gHale

By Gregory Hale
Security in the industrial control environment has come a long way, there is no doubt, but the reality is with all the awareness, all the technology advances, all the attacks, the industry is just beginning. “You have made progress since 2015, said Dale Peterson, founder and chief executive of Digital Bond and founder of ICS-related S4 conference during his keynote address Monday at the S4x19 conference in Miami. “We are 18 years from 9/11 and you would like to think we are at the summit, but in 2019 we are just starting our journey.” RELATED STORIES
More

Wednesday, January 16, 2019 @ 10:01 AM gHale

LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME has an updated version to mitigate multiple vulnerabilities in its LAquis SCADA, according to a report from NCCIC. The remotely exploitable vulnerabilities include an improper input validation, out-of-bounds read, code injection, untrusted pointer dereference, out-of-bounds write, relative path traversal, injection, use of hard-coded credentials, and an authentication bypass using an alternate path or channel. RELATED STORIES
Tridium Fixes XSS Hole
Pilz Fixes PNOZmulti Configurator Issue
Omron Clears CX-One CX-Protocol Hole
Emerson Patches DeltaV Hole Successful exploitation of these vulnerabilities, discovered by Esteban

Wednesday, January 16, 2019 @ 09:01 AM gHale

By Gregory Hale
Schneider Electric signed a global partnership agreement with network monitoring provider, Nozomi Networks. Schneider will collaborate with Nozomi to provide users in the industrial manufacturing and critical infrastructure segments advanced anomaly detection, vulnerability assessment and other cybersecurity solutions and services, helping them to control, prevent and mitigate risks to their operations and business performance. RELATED STORIES
Safety, Physical, Cyber Security Triangle Converging
Oil Giant Attacked to Steal Money
Supply Chain Security, a Charter Requirement
ROK: Security’s ‘Tower of Babel’ The pact allows Schneider to respond more aggressively to

Monday, January 14, 2019 @ 05:01 PM gHale

A UK man is facing almost three years in the slammer after pleading guilty in the UK to creating and using a botnet and possessing criminal property. Daniel Kaye (aka “BestBuy”), 30, from Egham, Surrey (UK) received a sentence of two years and eight months in prison for DDoS attacks targeting the Liberian telecommunications provider Lonestar MTN in 2015. RELATED STORIES
MA Man gets 10 Years for Hospital DDoS Attacks
German Man Confesses to Data Hack
Huge Money Mule Bust
3 Years for UK Teen Guilty of Threats Kaye first used rented

Monday, January 14, 2019 @ 05:01 PM gHale

A Somerville, Massachusetts, man will be doing 10 years in prison after being found guilty of launching distributed denial-of-service (DDoS) attacks against two healthcare organizations. Martin Gottesfeld, 34, who identified as a member of the Anonymous movement, ended up accused of launching DDoS attacks against the Boston Children’s Hospital and the Wayside Youth and Family Support Network in 2014. RELATED STORIES
German Man Confesses to Data Hack
Huge Money Mule Bust
3 Years for UK Teen Guilty of Threats
CA Man Heads to Slammer for DDoS Attacks The attacks on these organizations