Rethinking Vulnerability Disclosures In Industrial Control Systems
1/27/2017Why the security industry's traditional obsession and hype around vulnerabilities cannot be transferred to the ICS environment.
Post a Comment
Author
Profile of Galina Antova
Co-founder & Chief Business Development Officer, Claroty News & Commentary Posts: 1Galina Antova is the co-founder and chief business development officer at Claroty. Prior to co-founding the company, she was the global head of industrial security services at Siemens, overseeing the development of its portfolio of services that protect industrial customers against cyberattacks. While at Siemens, she was also responsible for leading the Cyber Security Practice and the Cyber Security Operations Center, providing managed security services for industrial control systems operators. Previously, Galina was with IBM in Canada in various roles in the provisioning and cloud solutions business. She holds a BS in computer science from York University in Toronto, and an MBA from IMD in Lausanne, Switzerland.
Articles by Galina Antova
Why the security industry's traditional obsession and hype around vulnerabilities cannot be transferred to the ICS environment.
Post a Comment
White Papers
Video
1 Comments
Current Issue
5 Emerging Cyber Threats to Watch for in 2019Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Developing Secure Applications
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-11469
PUBLISHED: 2019-04-23
PUBLISHED: 2019-04-23
PUBLISHED: 2019-04-23
PUBLISHED: 2019-04-22
PUBLISHED: 2019-04-22
From DHS/US-CERT's National Vulnerability Database CVE-2019-11469
PUBLISHED: 2019-04-23
Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.
CVE-2013-7470PUBLISHED: 2019-04-23
cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310.
CVE-2019-11463PUBLISHED: 2019-04-23
A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive through 3.3.3 allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo.
CVE-2019-0218PUBLISHED: 2019-04-22
A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface.
CVE-2019-11383PUBLISHED: 2019-04-22
An issue was discovered in the Medha WiFi FTP Server application 1.8.3 for Android. An attacker can read the username/password of a valid user via /data/data/com.medhaapps.wififtpserver/shared_prefs/com.medhaapps.wififtpserver_preferences.xml
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This