Stuxnet Five Years Later: Did We Learn The Right Lesson?
4/2/2015No! That's despite an abundance of best practices and standards that are shining light into the dark corners of industrial control system security.
Post a Comment
Author
Profile of Andrew Ginter
Vice President of Industrial Security, Waterfall Security Solutions Member Since: 3/30/2015Author
News & Commentary Posts: 1
Comments: 1
Andrew Ginter is vice president of industrial security at Waterfall Security Solutions. He has managed the development of commercial products for computer networking, industrial control systems and industrial cyber security for vendors such as Develcon, Agilent Technologies and Industrial Defender. Andrew is currently the co-chair of the ISA SP-99 WG1 working group and represents Waterfall Security Solutions to NIST, NERC-CIP and other ISA SP-99 working groups. He frequently writes and speaks on industrial control system cyber security topics. Andrew has degrees in Applied Mathematics and Computer Science from the University of Calgary, as well as ISP, ITCP and CISSP accreditations.
Articles by Andrew Ginter
No! That's despite an abundance of best practices and standards that are shining light into the dark corners of industrial control system security.
Post a Comment
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Name that Toon: Risky Busine
Literalist at work, boss said do the job hanging from the ceiling.
{
You want anything else boss, Yes do the ...
Latest Comment: Name that Toon: Risky Busine
Literalist at work, boss said do the job hanging from the ceiling.
{
You want anything else boss, Yes do the ...
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-3914
PUBLISHED: 2018-09-21
PUBLISHED: 2018-09-21
PUBLISHED: 2018-09-21
PUBLISHED: 2018-09-21
PUBLISHED: 2018-09-21
From DHS/US-CERT's National Vulnerability Database CVE-2018-3914
PUBLISHED: 2018-09-21
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can s...
CVE-2018-3915PUBLISHED: 2018-09-21
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can sen...
CVE-2018-11240PUBLISHED: 2018-09-21
An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in production builds as of S...
CVE-2018-11241PUBLISHED: 2018-09-21
An issue was discovered on SoftCase T-Router build 20112017 devices. A remote attacker can read and write to arbitrary files on the system as root, as demonstrated by code execution after writing to a crontab file. This is fixed in production builds as of Spring 2018.
CVE-2018-16784PUBLISHED: 2018-09-21
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This