SANS report: Web application flaws a greater threat than OS flaws
Tuesday, September 15, 2009
Hackers are exploiting security vulnerabilities in client-side web applications such as Adobe Flash at a greater rate than un-patched vulnerabilities in operating systems like Windows, according to a new report from the SANS Institute.
Based on an analysis of data from more than 6,000 organizations and 9 million systems, SANS said its research shows that the top security threats to organizations and individuals are based on the web.
And because organizations often take longer to patch client-side vulnerabilities in applications than to fix security holes in OSs, they are leaving themselves open to a greater number of cyberattacks targeting these flaws, SANS reported.
Client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office are currently the primary targets of attacks on computers connected to the internet.
These vulnerabilities are actively exploited by phishing emails containing malicious links and attachments, while attackers target these same vulnerabilities when users visit infected websites.
"Despite the enormous number of attacks and despite widespread publicity about these vulnerabilities, most website owners fail to scan effectively for the common flaws and become unwitting tools used by criminals," SANS said in the report.
Apart from the Conficker worm, no major new attacks targeting OS flaws were seen in the reporting period from June through August of this year.
Related News:
UK cops arrest two in Zbot Trojan case - 11.19.2009
The British Metropolitan Police took two suspected cyber criminals into custody earlier this month in connection with an investigation into the Zbot banking Trojan.
Facebook shakes up privacy policy in response to criticism - 11.19.2009
After a week-long comment period in which 7,000 Facebook users voiced their opinions, the giant social media network announced that it would overhaul and simplify its privacy policy.
Domain registrar VeriSign will receive "major security update" by 2011 - 11.19.2009
A well-known security vulnerability in the way .com and .net websites process DNS values - the way alphanumeric website names are translated into numeric web addresses - will be fixed, but not until 2011, according to a report from tech news website ZDNet.
Malware attack targeting fans of Twilight series - 11.18.2009
As with many recent hot news trends, the upcoming release of the second movie based on Stephenie Meyer's Twilight books has attracted the attention not just of the vampire wannabes, but of actual cyber criminals as well.
Giant black-hat SEO campaign funnels victims to scareware sites - 11.18.2009
Security researchers say that cyber criminals have conducted a large-scale campaign to influence Google results, pushing malware-spreading sites higher on the list and dropping legitimate results to the bottom.
|
