This is a archive for News.

Monday, January 22, 2018 @ 04:01 PM gHale

Five people are missing after an explosion at an Oklahoma drilling rig Monday morning. The explosion occurred at 9 a.m. Central time in northeast Pittsburg County, according to the Pittsburg County Sheriff’s Office. County officials were not immediately available to comment, but Kevin Enloe, the county’s emergency management director, said five people remain unaccounted for. RELATED STORIES
Fire Hits Treatment Plant Odor Control Equipment
Chemicals Feed Fire at IL Recycling Facility
Steel Spills Burns Through 3 Floors
PA Gas Well Fire Forces Evac Officials did not say whether anyone was killed or how

Monday, January 22, 2018 @ 01:01 PM gHale

An oil spill from an Iranian oil tanker that sank in the East China Sea is now the size of Paris. The slick now covers 39 square miles after almost doubling in size from the start of the week, according to figures released Wednesday by the Chinese State Oceanic Administration. RELATED STORIES
Iranian Tanker Sinks; Oil Still Spilling
Iranian Oil Tanker Burns for Third Day
‘Shortcomings’ in North Sea Fatal Rig Case
Video Breaks Down KS Toxic Chem Release Chinese authorities said there were four separate slicks that had formed after the

Monday, January 22, 2018 @ 10:01 AM gHale

Siemens released a mitigation plan to fix stack-based buffer overflow and input validation vulnerabilities in its SIMATIC WinCC Add-On, according to a report with ICS-CERT. Successful exploitation of these remotely exploitable vulnerabilities, discovered by Sergey Temnikov and Vladimir Dashchenko from Kaspersky Lab, could allow remote code execution or a denial of service condition. RELATED STORIES
Advantech Updates WebAccess Holes
WECON Clears HMI Editor Issues
New Firmware for Moxa’s MXview
Phoenix Contact Clears FL SWITCH Holes Siemens said the vulnerabilities affect the following versions of SIMATIC WinCC Add-On:

Friday, January 19, 2018 @ 05:01 PM gHale

By Gregory Hale
More details emerged from an assault on a safety system at a critical infrastructure in the Middle East where an attacker deployed malware designed to manipulate industrial safety systems along with controlling the distributed control system. During a greatly anticipated presentation at the S4x18 conference in Miami, researchers from Mandiant and Dragos and experts from Schneider Electric, which was the vendor of the affected system, revealed more information on the details of the August 4 attack – and just as important, what was missing from the attack. RELATED STORIES
S4: Network Monitoring Champion

Thursday, January 18, 2018 @ 03:01 PM gHale

By Gregory Hale
The network monitoring challenge is over and the champion is Claroty. Network monitoring, which allows visibility into what is on and what is happening on the network, is a huge area the manufacturing automation sector is moving toward, so Dale Peterson, Digital Bond chief executive who also heads up the S4 conference wanted to see how the new players in the market shaped up and are the companies and technologies living up to the hype. RELATED STORIES
S4: Lean OT Security
S4: Open-Minded Security? Just Try
ICS Alert: USB Malware

Wednesday, January 17, 2018 @ 04:01 PM gHale

By Gregory Hale
For the majority of folks working in the manufacturing automation sector, they are still at the learning and awareness levels of security – and that is a good thing. However, for security professionals winding their way through the daily maze of warding off attackers and vulnerabilities, they truly have to understand the future and understand what works today and has worked in the past, just may not fly in the future. RELATED STORIES
S4: Open-Minded Security? Just Try
ICS Alert: USB Malware Attack
Safety System, DCS Attacked

Wednesday, January 17, 2018 @ 11:01 AM gHale

Boundary protection remains the biggest problem in critical infrastructure organizations, according to assessments conducted by the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). ICS-CERT conducted 176 assessments last year, which represents a 35 percent increase compared to the previous year. RELATED STORIES
ICS Alert: USB Malware Attack
Safety System, DCS Attacked
Advancing to IIoT Means Back to Security Basics
Cyber Adds to Downtime Costs: ARC-SANS The agency analyzed organizations in eight critical infrastructure sectors, but more than two-thirds of the assessments targeted the energy and water

Wednesday, January 17, 2018 @ 07:01 AM gHale

By Gregory Hale
The enormity of security can often boggle the mind. Just think about it for a moment, with trying to get a grasp of what is going on over an entire network, while trying to fend of intentional and unintentional attacks, while trying to explain why you need more funding to get to a certain level of security, while trying to figure out when to install the latest patches, the list goes on. Mind boggling. RELATED STORIES
ICS Alert: USB Malware Attack
Safety System, DCS Attacked
API: Finding Success from a

Monday, January 15, 2018 @ 05:01 PM gHale

Now the clean-up begins as the burning Iranian tanker sank in the East China Sea. A 46-square-mile oil slick consisted of heavy fuel used to power the vessel. RELATED STORIES
Iranian Oil Tanker Burns for Third Day
‘Shortcomings’ in North Sea Fatal Rig Case
Video Breaks Down KS Toxic Chem Release
Simple Process can Turn Deadly
Video Breaks Down Arkema Plant Fire The Sanchi oil tanker sank Sunday and officials said all its crew members died in the incident. The ship was carrying 136,000 metric tons of ultra-light crude oil

Friday, January 12, 2018 @ 04:01 PM gHale

Security provider FireEye paid $20 million to acquire Big Data platform provider X15 Software. Under the terms of the deal, FireEye agreed to pay $15 million in equity and $5 million in cash to acquire the privately held Sunnyvale, CA-based X15. The deal closed Thursday. RELATED STORIES
Nozomi Raises $15 Million
FL Security Providers Reach Deal
Claroty Gains RSA Certification
Leidos Loads Up Network Monitoring Partners “Organizations today are overwhelmed by alerts, the number of tools required to manage their security operations, and the challenge of unifying access to the large volumes