Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The number of new vulnerabilities in the first half of this year jumped 36 percent compared to the same period last year, an IBM X-Force report has concluded.For its Mid-Year Trend and Risk Report, the research arm of Big Blue documented 4,396 new flaws from January to June, which ranks as the highest total ever to begin a year. At this pace, the number of bugs is expected to easily surpass last year's total of roughly 6,600.Tom Cross, manager of X-Force research, said the spike is largely attributable to vendors taking security more seriously, in addition to the popularity of public exploit repositories, such as the Exploit Database. Both of these factors are encouraging researchers to disclose their finds. Cross added that the increase is not necessarily a bad sign for the security of software and hardware."It's a sign of progress," Cross told SCMagazineUS.com. "The vulnerabilities were there to begin with. Now we know about them, and there's a patch. It's a positive thing."Still, more than half of the disclosures are still without a vendor-supplied patch, the report found. The biggest culprits are Sun, Microsoft and Mozilla, while Adobe, Novell and Cisco were the best at pushing out patches for publicly known vulnerabilities, the report said.According to the report, malicious PDF activity continues to run rampant across the internet and now makes up three of the top five browser exploits in the wild.Cross credits the rise as being caused by the increasingly fragmented browser market. By leveraging an Adobe vulnerability, malware authors earn a higher likelihood of infecting users, he said."If you have a vulnerability in Acrobat or Flash, everyone's got them [installed]," Cross said. "They run in all those browsers."The report also highlighted the growing prevalence of JavaScript obfuscation, a slick tactic malcode writers use to push their wares on unsuspecting computer users. The technique works by encoding and hiding exploits from being detected by security products. "This is standard procedure for launching an attack on the internet today," Cross said. "[Organisations] need to ask whether the security tools they're using in their environment are effective against obfuscated attacks."The report also called to light the potential risks of virtualisation. X-Force researchers found that 35 percent of server virtualisation vulnerabilities affect the hypervisor, a thin layer of software that runs in the host machine and serves as the virtualisation engine.Cross said the statistic should force organisations to think twice about sharing virtual workloads, which have different security requirements, on the same physical server.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.