Feeds

SANS compiles Top 20 security vulns list

Apps and networking appliance crash security party

The Essential Guide to IT Transformation

Bugs in anti-virus scanners and web-based applications joined flaws in Microsoft and Cisco networking products in a list of the 20 most serious vulnerabilities discovered this year.

The list - compiled by the SANS Institute in co-operation with security vendors such as Qualys and government agencies in the UK and US - highlights the 20 most critical vulnerabilities currently facing organisations. Vulnerabilities that are easy to exploit and where a large number of unpatched systems existed were highlighted in the report. In addition to identifying vulnerabilities in Windows and UNIX systems, this year's Top-20 list also includes cross-platform applications and networking products for the first time.

Various flaws in Internet Explorer and Microsoft Windows Services (such as Plug and Play) make the top 20 list. These are joined by anti-virus product glitches and back-up software. Vulnerabilities to Oracle database and application software products also make the SANS Top 20 list.

The flaws are all well-documented. The idea of the Top 20 is to draw people's attention towards particularly serious problems that might have been overlooked. Starting earlier this year, the SANS Institute moved from an annual to quarterly update of its list, now into its fifth year, to reflect the faster evolution of internet threats. It's still doing the annual round-up though with this year's Top 20 launched in Europe at a high profile event in London on Tuesday featuring speakers from SANS, the DTI and the National Infrastructure Security Coordination Centre (NISCC). ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Fiendishly complex password app extension ships for iOS 8
Just slip it in, won't hurt a bit, 1Password makers urge devs
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.