Monthly Archives: September 2021

For decades, space has captured imaginations, prompting many to wonder what's possible. For industry, the fixation on space has resulted in numerous innovations, many of which have become a part of most peoples daily lives. However, the reality is, when analyzing space based innovations, industry has barely scratched the surface. The potential of manufacturing within space could result in truly meaning solutions to the many challenges facing earth today.

This is where Axiom Space, a privately funded space station manufacturer and orbital services provider, is hoping to make a significant difference. Axiom is currently building the worlds first commercial space station to serve as a home to human-tended microgravity research, product development and in-space manufacturing, as well as critical space-environment materials testing.Christian Maender, Axiom Space director of in-space manufacturing and research

Our main goal is to make the microgravity environment more accessible and cost-efficient to unlock the potential it holds for innovation and discovery that simply cant be done on Earth. Space-driven developments in every sector have immensely improved life back on earth, but the chance to be a part of these advancements has been limited for private citizens and companies, Christian Maender, Axioms director of in-space manufacturing and research, tells IndustryWeek.

As part of Axioms roadmap to create massive opportunity to innovate in space, the company is gearing up for its first (and the first-ever) private mission to the International Space Station, Ax-1, in January 2022, where its crew of trained private astronauts will conduct extensive research. Concurrently, Axiom is working to send its first privately developed space station modules to the ISS, where they will attach as part of a contract the company has with NASA before later separating to operate independently and serve as grounds for innovation among countless industries. Through Axioms space missions and module plans, the group is making it possible for manufacturing companies and entrepreneurs to develop new products and markets in low Earth orbit.

According to Maender, a litany of physical processes often taken for granted within Earths gravity do not occur in the state of permanent free-fall experienced on orbit. When free of gravity-driven, earthly constraints, like sedimentation, buoyancy, convection, and hydrostatic pressure, we can manipulate materials and biology in new ways leading to manufacturing techniques yielding innovative new products.For example, containerless processing is possible in microgravity, creating an ultrapure environment for manufacturing or study of new materials, he says.Crystallization fundamentally changes in microgravity, opening opportunity to create materials with optimized physical properties.All of this combines to offer opportunities for breakthrough product development.

Work on the ISS has already demonstrated the microgravity environment is ideal for manufacturing superior fiber optics, bio-printing of living tissues, manufacture of synthetic retinal implants and growth of ultrapure protein crystals supporting drug discovery. These early products, along with translational research performed on the ISS, are proof that development of new metal alloys, ceramics, semi-conductors, and stem cell therapies are all possible new products that can be made in space and brought back to Earth, contributing to progress in a wide variety of areas, says Maender.

Its hard to overstate the potential microgravity has for a variety of users across many industries, most of which otherwise have no obvious connection to space, adds Maender. Developing manufacturing tools and processes for space often require miniaturization, ruggedization, automation and remote operation of components and processes that will have direct tieback to innovation, modernization and cost-savings in terrestrial manufacturing, he says.The proof-of-concept work done in space often yields new discoveries directly applicable to improving manufacturing capability on earth. Space-based applications within manufacturing companies inevitably attract top new talent to traditional industrial sectors. New talent often begets new innovation across sectors.

Original post:

Could Automation Eliminate the Boring Job Components? - IndustryWeek

Ericsson and industry 4.0 partner, Unikie, are collaborating to trial automated factory parking with Ericssons 5G standalone (SA) private network.

Finnish company Unikie develops software for real-time autonomous operation and process management in automotive and industrial solutions, including automated factory parking and valet parking.

At the test facility in Turku, Finland, vehicles are remotely controlled through a secure and reliable Ericsson 5G private network, utilizing edge computing and Unikies Automated Factory Parking (AFP) solution.

As a result, vehicle logistic management at the factory can be fully automated due to reliable connectivity, low latency to meet safety requirements, and the high-security standards of the 5G private network.

As cars roll off the production line, drivers move cars to a parking area before being shipped, which takes approximately 30 minutes. With Unikies AFP solution of sensors and software, automakers can control and monitor the car factory route and automate parking.

Automakers benefit from identifying the exact location of parked vehicles which reduces search time and labor costs. With precision parking, the parking space is optimized by up to 20 percent. An additional benefit is increased safety for onsite staff and minimum vehicle parking accidents. Other possible use cases for the technology include airport parking, shopping malls and logistic hubs.

Vesa Kiviranta, Chief Business Officer, Automotive, Unikie says: Together with Ericsson, we can support the reliability and performance requirements critical for large automotive manufacturers and other industries with vast logistics areas. Controlled autonomous vehicles onsite are efficient and safe not only for the entire automotive production ecosystem but for all logistic ecosystems.

Jan Diekmann, Technical Account Manager, Ericsson says: 5G private networks enable automotive manufacturers to increase productivity, reduce costs, and improve worker safety. Combined with Unikies automated factory parking solution, vehicle logistics are transformed. It is exciting to be a part of this project.

See an Ericsso video of the demo via this link.

Unikie is a Finnish software technology company that develops technologies for protected real-time processes. Our services concentrate on the crossroads of three global macrotrends IoE, 5G, and AI where our technology solutions enable a constant awareness of the surroundings, as well as decision-making and control based on this awareness. Our clients include pioneers of real-time data utilization in the automotive industry as well as other industries and telecommunication companies worldwide.

Founded in 2015, Unikie is one of Finlands fastest growing technology companies. Our turnover in 2020 was 33 million euros. Our goal for the near future is to keep up our rapid international growth pace, because the demand for our AI, deep technology and security solutions is increasing rapidly across the globe. At the end of 2020 we received growth capital from Capman Growth and Tesi. We employ over 400 software developers in Finland, Sweden, Germany, Poland and the United States. Our clients include Sandvik, Nokia, Valmet and Ponsse. http://www.unikie.com

Read the original here:

Ericsson and Unikie optimize factory parking with a 5G private network and automation - Ericsson

This report describes and explains the pharma packaging equipment market and covers 2015 to 2020, termed the historic period, and 2020 to 2025 termed the forecast period, along with further forecasts for the period 2025-2030. The report evaluates the market across each region and for the major economies within each region.

LONDON, Sept. 07, 2021 (GLOBE NEWSWIRE) -- According to The Business Research Companys research report on the pharmaceutical packaging equipment market, automatic packaging machines are increasingly being utilized in the pharmaceutical packaging equipment market. The machine automatically supplies packing materials and contents, and other parts of the packaging process can be done automatically.

For instance, in July 2020, OPTIMA Packaging Group, a Germany based company that designs and builds packaging equipment for pharmaceutical, consumer, nonwovens and life science products launched OPTIMA FPA. It is a unique platform that can assemble pen injectors both fully or semi-automatically. It is especially suitable as an entry-level system. Another new feature of the Optima FPA is the choice of adding a printer connected with 360-degree labeling. This product launch has increased the companys automated packaging solutions portfolio.

Major players in the pharmaceutical packaging equipment industry are Krber AG, Uhlmann Group, Marchesini Group S.p.A., Optima Packaging Group, Romaco Holding GmbH, MG2 s.r.l., Robert Bosch GmbH, Industria Macchine Automatiche S.p.A., Vanguard Pharmaceutical Machinery, Accutek Packaging Equipment Companies, MULTIVAC Group, Bausch + Strbel Maschinenfabrik Ilshofen GmbH + Co. KG, ACG Group, Coesia S.P.A., Syntegon Technology, Trustar Pharma & Packing Equipment, Inline Filling Systems, Dara Pharmaceutical Packaging, ARPAC LLC, Romaco Group, N.K.P. Pharma, Ropack, and Trustar Pharma & Packing Equipment.

In February 2021, ProMach, a US-based packaging machinery company acquired Serpa Packaging Solutions for an undisclosed amount. The addition of Serpa brings automated cartoning systems into ProMachs portfolio and significantly expands ProMachs specialized secondary packaging machinery and line integration capabilities for the rapidly growing pharmaceutical industry. Serpa Packaging Solutions is a US-based company that designs and manufactures pharmaceutical packaging equipment.

Story continues

The Business Research Companys report titled Pharmaceutical Packaging Equipment Global Market Report 2021 - By Product (Primary Packaging Equipment, Secondary Packaging Equipment, Labelling And Sterilization Equipment), By Packaging Type (Liquids Packaging Equipment, Solid Packaging Equipment, Semi-Solid Packaging Equipment), By Equipment Type (Blenders, Granulators, Tablet Pressers, Tablet Coating Machine, Allied Machines), By Mode of Administration (Injectable Administration, Topical Administration, Oral Administration), COVID-19 Growth And Change covers major pharmaceutical packaging equipment companies, pharmaceutical packaging equipment market share by company, pharmaceutical packaging equipment manufacturers, pharmaceutical packaging equipment market size, and pharmaceutical packaging equipment market forecasts. The report also covers the global pharmaceutical packaging equipment market and its segments.

Request For A Sample Of The Global Pharmaceutical Packaging Equipment Market Report:

https://www.thebusinessresearchcompany.com/sample.aspx?id=5271&type=smp

North America was the largest region in the pharmaceutical packaging equipment market in 2020. Asia Pacific was the second-largest market in the pharmaceutical packaging equipment market. The regions covered in the pharmaceutical packaging equipment market report are Asia-Pacific, Western Europe, Eastern Europe, North America, South America, Middle East and Africa.

The global pharmaceutical packaging market is expected to grow from $7.80 billion in 2020 to $8.81 billion in 2021 at a compound annual growth rate (CAGR) of 13%. The growth in the pharmaceutical packaging equipment market is mainly due to the companies resuming their operations and adapting to the new normal while recovering from the COVID-19 impact, which had earlier led to restrictive containment measures involving social distancing, remote working, and the closure of commercial activities that resulted in operational challenges. The market is expected to reach $13.23 billion in 2025 at a CAGR of 10.7%.

The main types of products of pharmaceutical packaging equipment are primary packaging equipment, secondary packaging equipment, and labeling and sterilization equipment. Primary packaging equipment is in direct contact with the product itself and is referred to as a consumer unit. Primary packaging is what directly encases and contains the drug product. Secondary packaging equipment provides corrugated cardboard packaging print finished to a high standard. Secondary packaging is the exterior packaging of the primary packaging that groups packages and further protects or labels the drug product. Labeling and sterilization equipment is responsible for adding directions of use and sterilizing the packaging environment. The various types of pharmaceutical packaging equipment are blenders, granulators, tablet pressers, tablet coating machines, and allied machines.

Pharmaceutical Packaging Equipment Global Market Report 2021 - COVID-19 Growth And Change is one of a series of new reports from The Business Research Company that provide pharmaceutical packaging equipment market overviews, pharmaceutical packaging equipment market analyze and forecast market size and growth for the whole market, pharmaceutical packaging equipment market segments and geographies, pharmaceutical packaging equipment market trends, pharmaceutical packaging equipment market drivers, pharmaceutical packaging equipment market restraints, pharmaceutical packaging equipment market leading competitors revenues, profiles and market shares in over 1,000 industry reports, covering over 2,500 market segments and 60 geographies.

The report also gives in-depth analysis of the impact of COVID-19 on the market. The reports draw on 150,000 datasets, extensive secondary research, and exclusive insights from interviews with industry leaders. A highly experienced and expert team of analysts and modelers provides market analysis and forecasts. The reports identify top countries and segments for opportunities and strategies based on market trends and leading competitors approaches.

Here Is A List Of Similar Reports By The Business Research Company:

Advanced Packaging Technologies Global Market Report 2021 - By Type (3D Integrated Circuit, 2D Integrated Circuit, 2.5D Integrated Circuit), By Product (Active Packaging, Smart And Intelligent Packaging), By End Use Industry (Automotive And Transport, Consumer Electronics, Industrial, IT And Telecommunication), COVID-19 Growth And Change

Flexible Plastic Packaging Global Market Report 2021 - By Type (Stand-Up Pouches, Flat Pouches, Rollstock, Gusseted Bags, Wicketed Bags, Wraps), By Technology (Flexography, Rotogravure, Digital Printing), By Application (Food, Beverage, Pharms & Health Care, Personal Care & Cosmetics), COVID-19 Growth And Change

Pharmaceutical Drugs And Biologics Logistics Market - By Type Of Service (Cold Chain Logistics, Non-Cold Chain Logistics), By Mode Of Transport (Air Transportation, Ocean Transportation, Land Transportation), By Pharmaceutical Type (Pharmaceutical Drugs, Biologics), By Therapeutic Area (Metabolic Disorders Drugs, Anti-Infective Drugs, Central Nervous System Drugs, Respiratory Diseases Drugs, Cardiovascular Drugs, Musculoskeletal Disorders Drugs, Oncology Drugs, Hematology Drugs, Monoclonal Antibodies (MAbs), Genito-Urinary Drugs, Gastrointestinal Drugs, Therapeutic Proteins, Dermatology Drugs, Vaccines, Ophthalmology Drugs), And By Region, Opportunities And Strategies - Global Forecast To 2030

Interested to know more about The Business Research Company?

The Business Research Company is a market intelligence firm that excels in company, market, and consumer research. Located globally it has specialist consultants in a wide range of industries including manufacturing, healthcare, financial services, chemicals, and technology.

Get a quick glimpse of our services here: https://www.youtube.com/channel/UC24_fI0rV8cR5DxlCpgmyFQ

The Worlds Most Comprehensive Database

The Business Research Companys flagship product, Global Market Model, is a market intelligence platform covering various macroeconomic indicators and metrics across 60 geographies and 27 industries. The Global Market Model covers multi-layered datasets which help its users assess supply-demand gaps.

See the rest here:

Pharmaceutical Packaging Equipment Market Players Invest In Automation Among Latest Trends As Per The Business Research Company's Report On The...

1. Background

a. This Scholarship has been established to provide financial assistance to a PhD student who is undertaking research to develop a practical understanding of how different actions taken by digger-based earth-moving machines effect the dynamic behaviour of the fragmented material being dug up. This is proposed with the intention of benefiting future automation endeavours in construction, mining, and agricultural industries.

b. This Scholarship is funded by an industry project between Technological Resources Pty Ltd and the Australian Centre for Field Robotics at the University of Sydney.

2. Eligibility

a. The Scholarship is offered subject to the applicant having an unconditional offer of admission or being currently enrolled to study full-time in a PhD within the Rio Tinto Centre for Mine Automation, which is part of the Australian Centre for Field Robotics in the School of Aerospace, Mechanical and Mechatronic Engineering, Faculty of Engineering at the University of Sydney.

b. Applicants must be willing to conduct research into mine automation.

c. Applicants must also hold an Honours degree (First Class or Second Class Upper) or equivalent in a relevant discipline.

3. Selection Criteria

a. The successful applicant will be awarded the Scholarship on the basis of:

I. academic merit, andII. area of study and/or research proposal.

b. The successful applicant will be awarded the Scholarship on the nomination of the relevant research supervisor(s), or their nominated delegate(s).

4. Value

a. The Scholarship will provide a stipend allowance equivalent to the University of Sydneys Research Training Program (RTP) Stipend rate (indexed on 1 January each year) (pro-rata) for up to 6 months, subject to satisfactory academic performance. No extension is possible.

b. Periods of study already undertaken towards the degree prior to the commencement of the Scholarship will be deducted from the maximum duration of the Scholarship excluding any potential extension period.

c. The Scholarship is for commencement in the relevant research period in which it is offered and cannot be deferred or transferred to another area of research without prior approval.

d. No other amount is payable.

e. The Scholarship will be offered subject to the availability of funding.

5. Eligibility for Progression

a. The Scholarship is maintained for PhD students by attending and passing the annual progress evaluation and remaining enrolled in their PhD. For PhD students commencing from 2021 onwards, progression also includes completing 12 credit points of HDR coursework units by the end of year 2.

6. Leave Arrangements

a. The Scholarship recipient receives up to 20 working days recreation leave each year (pro-rata) of the Scholarship and this may be accrued. However, the student will forfeit any unused leave remaining when the Scholarship is terminated or complete. Recreation leave does not attract a leave loading and the supervisor's agreement must be obtained before leave is taken.

b. The Scholarship recipient may take up to 10 working days sick leave each year (pro-rata) of the Scholarship and this may be accrued over the tenure of the Scholarship. Students with family responsibilities, caring for sick children or relatives, or experiencing domestic violence, may convert up to five days of their annual sick leave entitlement to carers leave on presentation of medical certificate(s). Students taking sick leave must inform their supervisor as soon as practicable.

7. Research Overseas

a. The Scholarship recipient may not normally conduct research overseas within the first six months of award.

b. The Scholarship holder may conduct up to 12 months of their research outside Australia. Approval must be sought from the student's supervisor, Head of School and the Faculty via application to the Higher Degree by Research Administration Centre (HDRAC), and will only be granted if the research is essential for completion of the degree. All periods of overseas research are cumulative and will be counted towards a student's candidature. Students must remain enrolled full-time at the University and receive approval to count time away.

8. Suspension

a. The Scholarship recipient cannot suspend their award within their first six months of study, unless a legislative provision applies.

b. The Scholarship recipient may apply for up to 12 months suspension of the Scholarship for any reason during the tenure of the Scholarship. Periods of Scholarship suspension are cumulative and failure to resume study after suspension will result in the award being terminated. Approval must be sought from the student's supervisor, Head of School and the Faculty via application to the Higher Degree by Research Administration Centre (HDRAC). Periods of study towards the degree during suspension of the Scholarship will be deducted from the maximum tenure of the Scholarship.

9. Changes in Enrolment

a. The Scholarship recipient must notify HDRAC, and their lead supervisor promptly of any planned changes to their enrolment including but not limited to: attendance pattern, suspension, leave of absence, withdrawal, course transfer, and candidature upgrade or downgrade. If the award holder does not provide notice of the changes identified above, the University may require repayment of any overpaid stipend.

10. Termination

a. The Scholarship will be terminated:

I. on resignation or withdrawal of the recipient from their research degree,II. upon submission of the thesis or at the end of the award,III. if the recipient ceases to be a full-time student and prior approval has not been obtained to hold the Scholarship on a part-time basis, IV. upon the recipient having completed the maximum candidature for their degree as per the University of Sydney (Higher Degree by Research) Rule 2011 Policy,V. if the recipient receives an alternative primary stipend scholarship. In such circumstances this Scholarship will be terminated in favour of the alternative stipend scholarship where it is of higher value, VI. if the recipient does not resume study at the end of a period of approved leave, orVII. if the recipient ceases to meet the eligibility requirements specified for this Scholarship, (other than during a period in which the Scholarship has been suspended or during a period of approved leave).

b. The Scholarship may also be terminated by the University before this time if, in the opinion of the University:

I. the course of study is not being carried out with competence and diligence or in accordance with the terms of this offer,II. the student fails to maintain satisfactory progress, orIII. the student has committed misconduct or other inappropriate conduct.

c. The Scholarship will be suspended throughout the duration of any enquiry/appeal process.

d. Once the Scholarship has been terminated, it will not be reinstated unless due to University error.

11. Misconduct

a. Where during the Scholarship a student engages in misconduct, or other inappropriate conduct (either during the Scholarship or in connection with the students application and eligibility for the Scholarship), which in the opinion of the University warrants recovery of funds provided, the University may require the student to repay payments made in connection with the Scholarship. Examples of such conduct include and without limitation; academic dishonesty, research misconduct within the meaning of the Research Code of Conduct (for example, plagiarism in proposing, carrying out or reporting the results of research, or failure to declare or manage a serious conflict of interests), breach of the Code of Conduct for Students and misrepresentation in the application materials or other documentation associated with the Scholarship.

b. The University may require such repayment at any time during or after the Scholarship period. In addition, by accepting this Scholarship, the student consents to all aspects of any investigation into misconduct in connection with this Scholarship being disclosed by the University to the funding body and/or any relevant professional body.

Continued here:

Postgraduate Research Scholarship in Mine Automation - Scholarships - News - The University of Sydney

As part of the Imperva Research Labs we have the opportunity to examine various security scenarios. In this post, we will consider database security on SQL Server.

One standard method that security practitioners use to protect databases is deploying honeypots and waiting for hackers to take the bait. Honeypots are very useful because they enable us to analyze various attacks and get more insights about the methods and techniques that bad actors use to attack databases.

Here we provide a glimpse into todays Database Attack Landscape. This is a follow-up to Imperva Research Labs research done in 2018 on SQL Server. To see those findings, check out A Deep Dive into Database Attacks [Part II]. In that piece, you can see how little the attack landscape has changed in the past 3 years.

We will explore the methods and techniques attackers use to deploy malware, gain persistence, and take over the system to join the server into massive botnets, or escalate privileges in order to infiltrate an organizations network.

While other articles concentrate on the malware itself, we are going to focus on the database side of the attack, the dangerous functions, and the power that is stored inside the SQL Server to interact with other components of the Windows OS called COM objects. Some examples are processes like WMI, XML, HTTP, WScript, VBScripts and more.

Hackers use attack methods that will have the most chance to succeed. Core features that are defined in multiple versions are the ultimate target. This is one reason why we see hackers using the same methods with slight changes over the years; exploits recycling is very common. The database attack landscape hasnt changed a lot over the years and exploitation techniques are being reused over the years.

SQL Server OLE Automation is one example of such a target as it is a built-in feature for many SQL Server versions. We will inspect some of the techniques in depth and explain the ways to prevent similar attacks on your SQL Server in the future.

Before we dive into the depth of the attacks, we need to understand some Windows terms, Specifically the OLE and COM objects.

OLE stands for Object Linking and Embedding. It is a technology developed by Microsoft that allows one application to link objects into another application. Later, the OLE evolved and reimplemented on top of COM. Component Object Model (COM) is a binary-interface standard for software components. Simply put, COM allows for one application to expose its functionality to other applications.

SQL Server OLE Automation Procedures enables the SQL Server to leverage OLE to interact with other COM objects. Data security-wise, this increases the attack surface.

There are excellent examples out there for leveraging COM objects to perform lateral movement.

All of this power is granted simply by enabling a small but dangerous database configuration, the OLE Automation Procedures. In addition, SQL Server provides multiple extended procedures to link and interact with the COM objects.

Extended Procedure simply means the ability to execute code from external sources. The OLE Automation Procedures use odsole70.dll to interact with COM objects.

The below procedures contain everything we need to carry out a highly sophisticated attack interact with other COM objects:

sp_OACreate Creates an instance of an OLE object.sp_OAMethod Calls a method of an OLE object.sp_OAGetProperty Gets a property value of an OLE object.sp_OASetProperty Sets a property of an OLE object to a new value.sp_OADestroy Destroys a created OLE object.sp_OAGetErrorInfo Obtains OLE Automation error information.sp_OAStop Stops the server-wide OLE Automation stored procedure execution environment.

Here are a couple of examples for practical usage of attacks using the OLE Automation.

In A Deep Dive into Database Attacks [Part II], we saw how it is possible to write files by interacting with the filesystemobject.

But the filesystemobject COM object allows us to do much more than that, we can copy files, manage drives, and much more.

For the full list of the filesystemobject methods from Microsoft documentation click here.

The below example describes a method used by the attacker to copy executables in different names and locations in order to avoid detection. This technique allows the attacker to stay under the radar in the case that there is a security policy in place. Also, it makes the post mortem analysis more complicated:

Figure 1: copy http://ftp.exe and cacls.exe executables with different name and location.

ScriptControl allows us to actually run a scripting language such as VBScript or JavaScript from within our SQL Server. This is one of the strongest abilities of the COM objects.

More information about the ScriptControl COM object, methods and properties can be found here.

Here are two practical examples of using the ScriptControl method. The first to create an account and the second is to download malware:

In the example below, the attacker uses JavaScript to create an account, change its password and add the new account to the administrators group:

Figure 2: Attacker creates a Windows account, changes its password and adds it to the administrators group.

The next example shows how to download malware from a remote server, save it to a file, and execute it:

Figure 3: Attacker downloads malware from remote server.

Windows Management Instrumentation (WMI) is the infrastructure for management data and operations on Windows-based operating systems.

In the next example, the attacker allows full access to everyone to use Windows Script Host, which allows them to execute scripts in a variety of languages.

Note that since this action is performed from inside the SQL Server process, the action will have the SQL Server security context.

The steps taken by the attacker to achieve full access:

The description of the SE_DACL_PRESENT permission from msdn:Indicates an SD that has a DACL. If this flag is not set, or if this flag is set and the DACL is NULL, the SD allows full access to everyone.

In this case the DACL is not set on creation, therefore the security descriptor will allow full access on wscript.exe to everyone.

Figure 4: Attacker leverages WMI to set permission on executable.

For more information about the SWbemLocator, SWbemServices and SecurityDescriptor.

It is recommended to disable the option to use those SQL Server abilities:

Figure 5: Disable the OLE Automation features of SQL Server.

Another method to make sure that those powerful procedures are not being used is just dropping them:

Figure 6: Revoke EXECUTE permission on dangerous functions of SQL Server.

Since OLE Automation is a built-in feature, there is no actual way to prevent the activation of the feature. It is recommended to add monitoring for the events of re-enabling the configuration & recreating the extended procedures and granting execution on the procedures.

Once an attacker gains access to the database it wont necessarily stop there.

Many known cases are published where after exfiltrating data from one database the attackers decided to become residents inside the organization network, make a lateral movement and exfiltrate data from more than just one database. Learn more about attacker types and data breaches in my blog Know your enemy! The four types of cyber attackers trying to breach your security today and the white paper Lessons Learned From Analysis of 100 Data Breaches.

We saw how the attacker was able to change the executables permission on the OS, copy and manipulate OS files to stay undetected and finally deploy malware and execute scripts on the victim server. The attacker made everything from inside the SQL Server service without actually having access to the OS, but still had a deep impact on the underlying OS configuration.

The OLE Automation is a very powerful feature, which makes it very dangerous. If you are not using OLE Automation, it needs to be disabled. Disabling unnecessary features in the database will reduce the attack surface.

Imperva offers different products to help our customers to protect against database attacks, for on-premises and cloud services. For more information visit the following link.

The post How to Exploit SQL Server Using OLE Automation appeared first on Blog.

*** This is a Security Bloggers Network syndicated blog from Blog authored by Ofir Shaty. Read the original post at: https://www.imperva.com/blog/how-to-exploit-sql-server-using-ole-automation/

See more here:

How to Exploit SQL Server Using OLE Automation - Security Boulevard

Wednesday, 8 September 2021, 12:29 pmPress Release: MHM Automation

New Zealand Listed Company MHM Automation today announcedits decision to pay shareholders a special dividend of 1.5cents per share.

Continued growth in global demand forautomated solutions and the sale of its New Plymouthworkshop saw the company report a strong financialperformance at the release of its 2021 financial results andAnnual Report last month.

MHM Automation reported anafter-tax profit of $4.1 million, which was a 339% increaseon the previous years result. Revenue for the year was$50.9m, a 6.1% increase on 2020, and the full year EBITDAincreased by 50% to $3.73m. The growth was primarily drivenby a strong performance from its Milmeq chilling andfreezing business as well as a one-off gain of $1.9 millionfrom the sale of its New Plymouth engineeringworkshop.

This performance would not have beenpossible without the support of our shareholders. The boardof directors considers it appropriate to pay the one-offdividend to shareholders in recognition of the strongtrading performance weve had over the last year. Thefunds for this dividend are coming from the proceeds of thesale of the New Plymouth property, CEO Richard Rookessaid.

I am pleased to see the momentum weve beenbuilding over the past few years continue and we remainedfocused on strengthening our automation business while alsoimproving profitability, he added.

MHM Automationservices the global dairy, meat, horticulture and foodprocessing sectors.

Rookes said the COVID-19 pandemichad meant its customers were increasingly looking toautomation to ease the challenges of social distancing andensure compliance with food safety standards, as well asaddressing labour shortages and health and safety concerns.But delivering projects during the pandemic had beenchallenging, due to resource constraints and restrictions oninternational travel, particularly the MIQsystem.

Achieving this high level of performance ina COVID-19 world is testament to our team, and the strengthand relevance of the products and solutions we design anddeliver, he said.

Looking ahead, MHM Automation isforecasting good workflows right through the 2022 financialyear and beyond. The automation business has ordersscheduled for delivery into 2023, and all areas of thebusiness are running at or near capacity for the remainderof the 2021 calendar year.

The company remainscognisant of opportunities for additional futureacquisitions to align with its technology-ledfuture.

Demand for automated solutions is forecast tocontinue to increase.

With our portfolio ofindustry-leading solutions, we are well positioned tocontinue our trend of growth. The next 12 months will befocused on the execution of current work, improving margins,and building a sustainable pipeline of new opportunitiesglobally, Rookessaid.

Scoop Media

Become a member Find out more

See the original post:

MHM Automation announces special dividend after record year - Scoop.co.nz