Site News
Current section

July 30, 2010

StaffCop added!

Voting

Would you prefer to have 1 product that can fight both viruses and spyware or a specialized product for every threat?

1 multifunctional product
2 specialized products
VotingView results

September 15, 2009

Businesses overlooking biggest security risks

Organisations are finding it difficult to prioritise defence strategies against cyberattacks because most of them do not have an internet-wide view of the attacks, according to a report from Sans, the security training organisation.

As a result, two security risks — web applications and phishing — carry the greatest potential for damage, yet users instead tend to concentrate on less-critical risks.

The report, published by security training organisation Sans, amalgamates global data from security attacks on computers from March 2009 to August 2009.

It identifies two main defence priorities for enterprise users. The first is targeted email attacks, or spear phishing, that exploit client-side vulnerabilities in programs such as Adobe's PDF Reader and Flash, Apple QuickTime and Microsoft Office. These applications are described as "the primary initial infection vector used to compromise computers that have Internet access", and are the result of attackers taking advantage of "programming errors that are not being picked up by common vulnerability scanners".

The second priority is vulnerable websites. More than 60 percent of attacks are against web applications and "convert trusted websites into malicious websites serving content that contains client-side exploits" by exploiting the most common vulnerabilities such as SQL injection and cross-site scripting flaws, in both open-source and custom-built applications. Such vulnerabilities make up more than 80 percent of attack opportunities.

A further finding is that applications are now more vulnerable and see more exploitation attacks than operating systems. There were no new major operating system worms seen in the wild during the reporting period.

Additionally, the report found there has been "a significant increase" over the past three years in the number of people discovering zero-day vulnerabilities: flaws that become known to attackers before they are discovered by security researchers, opening the chance of an attack against which no preparation has been made.

A Sans spokesman said: "This report is different from anything we have done before because it reflects massive amounts of data on the actual attacks (millions of them) and on the speed with which the underlying vulnerabilities are being patched (actual data from thousands of companies)."

The report sources includes attack data from 6,000 organisations, compiled by security hardware vendor TippingPoint, vulnerability data from nine million computers compiled by security software vendor Qualys, and additional analysis and tutorial by the Internet Storm Center and Sans faculty members.



Source: ZDNet UK



All news for September 18, 2009:
20:13Microsoft Internet Explorer SSL security hole lingers
20:11Conservatives call for DNA databases to be reduced
20:09McAfee warns of bogus security suite
20:08Security market remains buoyant in choppy waters
20:07The good and bad of government in the cloud
20:05Vista, Windows 7 Are More Secure than Snow Leopard
20:04Will Google's Buy of reCAPTCHA Hurt Internet Security?
20:01HHS guts health-care breach notification law, groups warn
20:00Man gets 15 months for E-Trade skimming scam
19:59Sophisticated botnet causing a surge in click fraud
19:59Microsoft sues scareware scammers
19:58Software company fined for trading with the enemy
19:58Misdirected spyware infects Ohio hospital
19:57Firefox's Flash check drives 10M to Adobe's download
19:55Microsoft, Yahoo in informal talks with EU over search deal



All news for September, 2009
All news for 2009 year

DONATION: www.anti-keylogger.org and www.keylogger.org is an independent research projects supported by a team of enthusiasts. If you find this project useful and would like to help foster its continued development, please consider making a donation.
donate

Thanks in advance for your support!