SANS has released their top 20 list for spring 2006. The interesting rising star is Mac OS X. Guess Microsoft has some competition 😉 A number of article have linked software popularity to security vulnerabilities/exploits. Guess Mac is gaining ground in short order.
Eight major trends are listed in the update:
1. Rapid growth in critical vulnerabilities being discovered in Mac OS/X including a zero-day vulnerability (OS/X still remains safer than Windows, but its reputation for offering a bullet-proof alternative to Windows is in tatters.)
2. Substantial decline in the number of critical vulnerabilities in Windows Services, offset by flaws in client-side software, including the WMF vulnerability and Internet Explorer flaws, listed in Trend #3.
3. Continuing discovery of multiple zero-day vulnerabilities in Internet Explorer.
4. Rapid growth in critical Firefox and Mozilla vulnerabilities.
5. Surge in commodity zero-day attacks used to infiltrate systems for profit motives.
6. Rapid growth in three types of critical vulnerabilities allowing direct access to databases, data warehouses, and backup data (Oracle, Veritas Back-Up and SQL Injection attacks).
7. A continuing surge in file-based attacks, especially using media and image files, Microsoft Excel files, and more.
8. A rapidly spreading scourge of successful spear-phishing attacks, especially among defense and nuclear energy sites.
Article Link
Technical Details
[tags]SANS, Top 20, Vulnerabilities[/tags]
