The IBM Internet Security Systems X-Force\u00ae research and development team discovers, analyzes, monitors and records a wide array of computer security threats and vulnerabilities. The implications of these trends provide a useful backdrop in preparing to enhance information security for the remainder of 2008 and beyond. The overall number of vulnerabilities continued to rise as did the overall percentage of high risk vulnerabilities. Web-based vulnerabilities and threats continue to increase: Over the past few years, the focus of endpoint exploitation has dramatically shifted from the operating system to the Web browser and multimedia applications.<\/p>\n","protected":false},"excerpt":{"rendered":"
— Vulnerabilities affecting Web server applications are climbing and so are the attacks, both evidenced by newcomers to the most vulnerable vendor list and this year’s automated SQL injection attacks.<\/p>\n
— Although standard Web browsers are becoming more secure, attackers continue to rely on automated toolkits, obfuscation, and the prevalence of unpatched browsers and plug-ins to successfully gain hold of new endpoint victims.<\/p>\n
— In the first half of 2008, 94 percent of public exploits affecting Web browserrelated vulnerabilities were released on the same day as the disclosure.<\/p>\n
\u00b7 Independent researchers are almost twice as likely to have exploit code published on the same day as their vulnerability disclosure in comparison to research organizations.<\/p>\n
\u00b7 Although virtual machine breakout vulnerabilities tend to get a lot of attention from the press, they are rare and predominantly target x86 platforms and Type II (virtualization solutions that require a host operating system).<\/p>\n
\u00b7 “Complex” spam (spam that uses images, PDFs, or complex text\/HTML) is on the decline and a simpler type of spam is taking its place.<\/p>\n
\u00b7 This simpler spam relies on Web links and short text messages inside spam e-mails, which may be more difficult for some antispam technologies to detect.<\/p>\n
\u00b7 For the first half of 2008, a password stealer family that targets online games is in first place on the top ten malware list, and, in the password stealer category, gamerelated malware takes 50 percent of the top ten spots overall.<\/p>\n
http:\/\/www-935.ibm.com\/services\/us\/iss\/xforce\/midyearreport\/xforce-midyear-report-2008.pdf<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[],"class_list":["post-1944","post","type-post","status-publish","format-standard","hentry","category-statistics"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1944","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1944"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1944\/revisions"}],"predecessor-version":[{"id":4431,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1944\/revisions\/4431"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1944"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1944"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1944"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}