Existing threats such as phishing and document format vulnerabilities have continued to expand, even as users improve security, according to a new IBM report. […]
The 2009 X-Force Trends and Risk Report also finds that:
– Vulnerabilities have decreased. Overall, 6,601 new vulnerabilities were discovered in 2009, an 11 percent decrease over 2008. The report indicates declines in the largest categories of vulnerabilities such as SQL Injection, in which criminals inject malicious code into legitimate Web sites, and ActiveX controls, or small programs used on the Internet to help with tasks, may indicate some of the more easily discovered vulnerabilities in these classes have been eliminated and security is improving.
– Critical and high vulnerabilities with no patch have decreased significantly year-over-year in several key product categories. Vulnerabilities with Web browsers and document readers and editors have decreased, which indicates that software vendors have become more responsive to security issues.
– Vulnerability disclosures for document readers and editors and multimedia applications are climbing dramatically. 2009 saw more than 50 percent more vulnerability disclosures for these categories versus 2008.
– New malicious Web links have skyrocketed globally. The number has increased by 345 percent compared to 2008. This trend is further proof that attackers are successful at both the hosting of malicious Web pages and that Web browser-related vulnerabilities and exploitation are netting a serious return.
Continue reading in http://www.net-security.org/secworld.php?id=8918