SANS report: Web application flaws a greater threat than OS flaws
Tuesday, September 15, 2009
Hackers are exploiting security vulnerabilities in client-side web applications such as Adobe Flash at a greater rate than un-patched vulnerabilities in operating systems like Windows, according to a new report from the SANS Institute.
Based on an analysis of data from more than 6,000 organizations and 9 million systems, SANS said its research shows that the top security threats to organizations and individuals are based on the web.
And because organizations often take longer to patch client-side vulnerabilities in applications than to fix security holes in OSs, they are leaving themselves open to a greater number of cyberattacks targeting these flaws, SANS reported.
Client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office are currently the primary targets of attacks on computers connected to the internet.
These vulnerabilities are actively exploited by phishing emails containing malicious links and attachments, while attackers target these same vulnerabilities when users visit infected websites.
"Despite the enormous number of attacks and despite widespread publicity about these vulnerabilities, most website owners fail to scan effectively for the common flaws and become unwitting tools used by criminals," SANS said in the report.
Apart from the Conficker worm, no major new attacks targeting OS flaws were seen in the reporting period from June through August of this year.
Related News:
Cyber criminals target web security through PDFs again - 3.17.2010
Earlier this year, Adobe released a security update to patch a hole that cyber criminals exploited to upload malware onto the computers of unsuspecting users. However, Marian Radu, a web security researher for Microsoft recently announced on his blog that he had discovered a similar vulnerability.
Web security a growing issue for local governments - 3.16.2010
As though local school districts and governments didn't have enough to worry about, cyber criminals have targeted small public institutions and have stolen millions of dollars.
Web security ends with user - 3.16.2010
No matter how potent an antivirus software or other web security program is, the most important step in defending a computer from malware is vigilance on the part of the user, according to business technology news site Katonda.
Mac users may soon be under attack - 3.16.2010
People buy Macs because they think they don't have to worry about web security. However, according to ZDNet, ransomware and other dangerous forms of malware may soon be a very real problem for Mac users, as cyber criminals begin to understand the best ways to compromise the rapidly growing brand's products.
Forty percent of malware sites hosted in the U.S. - 3.16.2010
While popular opinion dictates that malware often originates in countries like China and Eastern European nations, AVG Technologies recently reported that 40 percent of malware originates on servers hosted within the U.S.
|
