[ISN] Security experts warn firms of the higher risks of lower-risk flaws

From: InfoSec News <alerts_at_private>
Date: Wed, 17 Mar 2010 00:18:48 -0600 (CST)

By Dave Bailey
16 March 2010

Medium- and lower-risk flaws are being used more by hackers to penetrate 
enterprise networks, due to firms taking longer to patch them.

Security experts have warned businesses that hackers are moving their 
focus from flaws designated as high risk by software vendors to flaws 
normally seen as lower risks.

Lloyd's of London chief information security officer Marcus Alldrick 
said, " [Hackers] are not going for the normal high risk flaws, they're 
going for the medium risk ones. In the patch management cycle, the 
medium risk flaws are being patched later."

That delay in patching is also being exacerbated by hackers combining 
the lower-risk flaws to create so-called blended threats, explained BT 
global head of business continuity, security & governance practice Ray 

By combining two lower-risk flaws, hackers can cause high-risk threats 
to an organisation.


Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
Received on Tue Mar 16 2010 - 23:18:48 PDT

This archive was generated by hypermail 2.2.0 : Tue Mar 16 2010 - 23:23:38 PDT