Stuxnet Five Years Later: Did We Learn The Right Lesson?
4/2/2015No! That's despite an abundance of best practices and standards that are shining light into the dark corners of industrial control system security.
Post a Comment
Author
Profile of Andrew Ginter
Vice President of Industrial Security, Waterfall Security Solutions Member Since: 3/30/2015Author
News & Commentary Posts: 1
Comments: 1
Andrew Ginter is vice president of industrial security at Waterfall Security Solutions. He has managed the development of commercial products for computer networking, industrial control systems and industrial cyber security for vendors such as Develcon, Agilent Technologies and Industrial Defender. Andrew is currently the co-chair of the ISA SP-99 WG1 working group and represents Waterfall Security Solutions to NIST, NERC-CIP and other ISA SP-99 working groups. He frequently writes and speaks on industrial control system cyber security topics. Andrew has degrees in Applied Mathematics and Computer Science from the University of Calgary, as well as ISP, ITCP and CISSP accreditations.
Articles by Andrew Ginter
No! That's despite an abundance of best practices and standards that are shining light into the dark corners of industrial control system security.
Post a Comment
White Papers
Video
4 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
10 Best Practices That Could Reshape Your IT Security DepartmentThis Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
How Enterprises Are Using IT Threat Intelligence
Large organizations are harnessing data about cyberattackers and their exploits to improve the safety of their critical data. Find out what they're doing.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-20127
PUBLISHED: 2018-12-13
PUBLISHED: 2018-12-13
PUBLISHED: 2018-12-13
PUBLISHED: 2018-12-12
PUBLISHED: 2018-12-12
From DHS/US-CERT's National Vulnerability Database CVE-2018-20127
PUBLISHED: 2018-12-13
An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because (for example) "php" is blocked but path=F:/1.phP. succeeds.
CVE-2018-20128PUBLISHED: 2018-12-13
An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring.
CVE-2018-20129PUBLISHED: 2018-12-13
An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by the filena...
CVE-2018-6706PUBLISHED: 2018-12-12
Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors.
CVE-2018-6705PUBLISHED: 2018-12-12
Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This