Information Security News mailing list archives
Security experts warn firms of the higher risks of lower-risk flaws
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 17 Mar 2010 00:18:48 -0600 (CST)
http://www.v3.co.uk/computing/news/2259522/security-experts-warns-firms By Dave Bailey Computing 16 March 2010 Medium- and lower-risk flaws are being used more by hackers to penetrate enterprise networks, due to firms taking longer to patch them. Security experts have warned businesses that hackers are moving their focus from flaws designated as high risk by software vendors to flaws normally seen as lower risks. Lloyd's of London chief information security officer Marcus Alldrick said, " [Hackers] are not going for the normal high risk flaws, they're going for the medium risk ones. In the patch management cycle, the medium risk flaws are being patched later." That delay in patching is also being exacerbated by hackers combining the lower-risk flaws to create so-called blended threats, explained BT global head of business continuity, security & governance practice Ray Stanton. By combining two lower-risk flaws, hackers can cause high-risk threats to an organisation. [...] ___________________________________________________________ Register now for HITBSecConf2010 - Dubai, the premier deep-knowledge network security event in the GCC, featuring keynote speakers John Viega and Matt Watchinski! http://conference.hitb.org/hitbsecconf2010dxb/
Current thread:
- Security experts warn firms of the higher risks of lower-risk flaws InfoSec News (Mar 16)