Feeds

SANS compiles Top 20 security vulns list

Apps and networking appliance crash security party

The essential guide to IT transformation

Bugs in anti-virus scanners and web-based applications joined flaws in Microsoft and Cisco networking products in a list of the 20 most serious vulnerabilities discovered this year.

The list - compiled by the SANS Institute in co-operation with security vendors such as Qualys and government agencies in the UK and US - highlights the 20 most critical vulnerabilities currently facing organisations. Vulnerabilities that are easy to exploit and where a large number of unpatched systems existed were highlighted in the report. In addition to identifying vulnerabilities in Windows and UNIX systems, this year's Top-20 list also includes cross-platform applications and networking products for the first time.

Various flaws in Internet Explorer and Microsoft Windows Services (such as Plug and Play) make the top 20 list. These are joined by anti-virus product glitches and back-up software. Vulnerabilities to Oracle database and application software products also make the SANS Top 20 list.

The flaws are all well-documented. The idea of the Top 20 is to draw people's attention towards particularly serious problems that might have been overlooked. Starting earlier this year, the SANS Institute moved from an annual to quarterly update of its list, now into its fifth year, to reflect the faster evolution of internet threats. It's still doing the annual round-up though with this year's Top 20 launched in Europe at a high profile event in London on Tuesday featuring speakers from SANS, the DTI and the National Infrastructure Security Coordination Centre (NISCC). ®

5 things you didn’t know about cloud backup

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.