This is a archive for News.

Thursday, April 18, 2019 @ 04:04 PM gHale

In 2018, it was a lucky 13 for Lauren Concrete as the company added their Shaw Lane Plant to its facilities participating in the OSHA Safety and Health Achievement Recognition Program (SHARP) from the Occupational Safety and Health Administration (OSHA). This brings the company’s total to 13 SHARP participants. Each site has between 4 and 85 workers. RELATED STORIES
Carroll Coolers Continues to Stay SHARP
Harris Rebar Reinforces SHARP Award
SHARP Points: Egelhof Lowers Injury, Illness Rates
ESCO Manufacturing gets SHARP in South Dakota This program recognizes small business employers who have

Wednesday, April 17, 2019 @ 04:04 PM gHale

By Gregory Hale
Just under 10 years ago, a vapor cloud explosion (VCE) occurred at the Caribbean Petroleum Corporation (CAPECO) site in Bayamón, Puerto Rico on October 23, 2009. An above-ground gasoline storage tank was being loaded with gasoline from a cargo ship shortly before the incident and a tank ended up over filled which resulted in gasoline flowing through tank vents at the top of the storage tank which formed a large vapor cloud that extended off the plant into the surrounding area covered with thick jungle like vegetation. RELATED STORIES
AIChE: Disaster Averted, a Second

Wednesday, April 17, 2019 @ 12:04 PM gHale

Industrial cybersecurity provider, Indegy, received a patent for its software technology that detects misconfigurations and hostile attacks in industrial control networks using active querying. The technology is part of the Indegy Industrial Cybersecurity Suite, which provides active and passive detection of threats in industrial control system (ICS) based environments. RELATED STORIES
Dragos Deals for NexGen
Palo Alto Deals for SOAR Provider
Tool Streamlines Threat Intelligence
‘Predictive Prioritization’ Eyes Top 3% of Vulnerabilities Industrial Control Systems use Programmable Controllers (PLC and DCS) to manage processes. Any changes to the firmware, application logic or

Wednesday, April 17, 2019 @ 11:04 AM gHale

A stress corrosion crack caused the massive natural gas explosion March 3 north of Mexico, MO, a new report found. The report, filed by Energy Transfer Partners with the Pipeline and Hazardous Materials Safety Administration, released April 2. Energy Transfer is the owner of the Panhandle Eastern Pipeline, which ruptured approximately one mile north of Mexico near Missouri Highway 15. The company had 30 days to submit a report to the safety administration. RELATED STORIES
1 Dead, 15 Hurt after NC Gas Blast
Lightning Strike Kicks Off TX Oilfield Fire
Natural Gas Blast at

Tuesday, April 16, 2019 @ 05:04 PM gHale

Delta Electronics (Delta) has a new version out to mitigate stack-based buffer overflow, heap-based buffer overflow, and an out-of-bounds read vulnerabilities in its Delta Industrial Automation CNCSoft, according to a report with NCCIC. Successful exploitation of these vulnerabilities, discovered by Natnael Samson (@NattiSamson) and an anonymous researcher working with Trend Micro’s Zero Day Initiative (ZDI), could cause buffer overflow conditions that may allow information disclosure, remote code execution, or crash the application. RELATED STORIES
WAGO Advisory on Hard-Coded Credentials Hole
PLC Cycle Time Vulnerability with Multi Vendors
Siemens’ Updates SIMOCODE pro V EIP

Tuesday, April 16, 2019 @ 05:04 PM gHale

WAGO released a security advisory on how to handle a use of hard-coded credentials vulnerability in its Series 750-88x and 750-87x, according to a report with NCCIC. This vulnerability, discovered by Jörn Schneeweisz/Recurity Labs, allows a remote attacker to change the settings or alter the programming of the device. RELATED STORIES
PLC Cycle Time Vulnerability with Multi Vendors
Siemens’ Updates SIMOCODE pro V EIP
Siemens Fixes Spectrum Power 4.7 Hole
Siemens Fixes SINEMA Remote Connect Holes The following versions of Series 750-88x and 750-87x, programmable logic controllers suffer from the remotely exploitable

Monday, April 15, 2019 @ 06:04 PM gHale

Police have detained six more suspects linked to a chemical plant blast in eastern China last month which killed 78 and left hundreds injured, officials said. The explosion in Jiangsu province’s Yancheng city last month was one of the worst industrial accidents in the country and led to the closure of the plant. RELATED STORIES
China Chem Plant Blast Death Toll Rises
Two Workers Die at TX Steel Facility
Worker Dies in Manufacturing Incident
3 Hurt in Semiconductor Firm Blast Six employees from the Jiangsu Tianjiayi Chemical company, whose plant was involved

Monday, April 15, 2019 @ 03:04 PM gHale

TEPCO, the operator of the earthquake and tsunami-ravaged Fukushima nuclear plant in Japan, began removing fuel Monday from a cooling pool at one of three reactors that melted down in the 2011 disaster. TEPCO (Tokyo Electric Power Co.) said workers started removing the first of 566 used and unused fuel units stored in the pool at Unit 3. The fuel units in the pool located high up in reactor buildings are intact despite the disaster, but the pools are not enclosed, so removing the units to safer ground is crucial to avoid disaster in case of another major earthquake. RELATED

Thursday, April 11, 2019 @ 04:04 PM gHale

It isn’t just critical infrastructure organizations feeling the effects from a ramped up attack environment, all sectors of the manufacturing automation sector are susceptible. Just ask Arizona Beverages, which is still recovering from a ransomware attack late last month. The attack, which appeared to leverage iEncrypt ransomware, a relative of Bitpaymer, began more than two weeks ago when a ransom note containing the company’s name and the message “Your network was hacked and encrypted” appeared on the screens of more than 200 servers and computers on the Arizona Beverages network, according to a report in TechCrunch. RELATED STORIES

Wednesday, April 10, 2019 @ 05:04 PM gHale

By Gregory Hale
An additional intrusion by the attacker behind Triton ended up discovered at a second critical infrastructure facility, said researchers at FireEye. Researchers are talking about an intrusion at a critical infrastructure facility by the Triton attackers, but it does not say it was a specific “Triton” attack. No one knows yet if this was an attack solely against a safety system or a distributed control system, or any other system. RELATED STORIES
SANS: Defense Learned from Past Attacks
SANS: Govt Eyes Boosting Security Relationships
ABB: Tips to Start Security Program