IBM put out a new report (embedded below) on security threats to enterprise computer networks today from its X-Force security research group. It found a 36 percent increase in security vulnerabilities, with Web applications being the main culprit. Web apps with security exploits accounted for 55 percent of all disclosed vulnerabilities.

One of the biggest threats are hidden attacks using Javascript. There was a 52 percent rise in such “obfuscated attacks” in the first half of 2010. The increased adoption of cloud computing and virtualization brings with it its own security threats. For instance, 35 percent of virtualization vulnerabilities affect the hypervisor, meaning that gaining control of one virtual machine can give attackers controls of other machines on the same system.

Another increasing source of attacks come from PDF exploits, which usually are downloaded unsuspectingly through links on Websites. Malicious PDFs spiked 37 percent, and those are just the ones that were detected. PDF exploits are being used to spread the Zeus and Pushdo botnets.

Interestingly, run-of-the-mill phishing scams seem to be down, with an 82 percent decline since their peak last year. But They are still the single biggest threat for financial institutions, which make up about half of all phishing targets, followed by credit cards, the government, online payments, and auctions.

The report also ranks the vendors by percentage of unpatched vulnerabilities.  Sun, which is now owned by Oracle, tops the list with 24 percent unpatched vulnerabilities, compared to 2.6 percent last year during the same period.  Microsoft is second with 23 percent, Mozilla is third with 21 percent, Apple is fourth with 13 percent, and IBM is fifth with 10 percent.

IBM X-Force Vulnerability Threats 1H2010

Crunch Network: CrunchBase the free database of technology companies, people, and investors



Resources
Post Your Resume to 65+ Job Sites
Resume Service

Post to Twitter Tweet This Post


Popular Tags:
 threat display   IBM   credit cards   PDF   security   virtual machines   exposure   web application   financial institutions   full virtualization   security threats   cloud computing