http://www.darkreading.com/advanced-threats/167901091/security/application-security/229625502/attackers-step-away-from-mainstream-target-lesser-known-apps.html By Robert Lemos Contributing Writer Dark Reading May 24, 2011 Microsoft has Patch Tuesday. Oracle and Adobe are on regular patch cycles, often issuing ten or more patches at once. But many smaller vendors haven't yet developed such rigorous patching processes -- and that may make them prime targets for new exploits, experts say. After years of attacking popular Microsoft file formats such as Word and Excel, attackers moved on to Adobe's PDF and Flash formats. Today, more attacks are focusing on Oracle's Java. As they became subject to more frequent attacks, software vendors strengthened their platforms to make them more difficult to assault. But for the most part, smaller software vendors have not had to weather the scrutiny of cybercriminals and security researchers. And because of this lack of scrutiny, attackers are beginning to develop more targeted and sophisticated attacks that take advantage of flaws in less popular software that has not had as much rigorous security testing. "At some point, [attackers] are going to exhaust all the different file formats that they can exploit," says Mike Dausin, manager of advanced security intelligence for HP TippingPoint's DVLabs. "It was only .exes at first, and then it was screen savers, and on and on down the list. ... As the holes get plugged, [attackers] will likely move on to the more exotic formats." [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Wed May 25 2011 - 00:50:54 PDT
This archive was generated by hypermail 2.2.0 : Wed May 25 2011 - 00:55:25 PDT