Class is officially in session.
Every day, system administrators are working against vulnerabilities in software and operating systems, and based on the severity of threats, it sometimes seems vendors and service providers are fighting a losing battle – especially when you consider the statistics.
GFI points out in a recent blog post that in 2012 alone, 4,347 new security vulnerabilities were reported – the highest number over the last three years. This means that last year, nearly 12 new security vulnerabilities were discovered each day –compared to the 3,532 vulnerabilities reported for 2011 (a rate of about 10 new vulnerabilities discovered every day), shown in data from the National Vulnerability Database (NVD).
In light of this, GFI Software Product Engineer, Cristian Florian, schooled us on this issue in the post to take a closer look at what this data means now and in the near future.
If you take a closer look by breaking down the number of vulnerabilities by severity, there are fewer high severity vulnerabilities than there were in 2011. But as Florian pointed out, it is the number of medium and low severity vulnerabilities that has consistently increased.
The NVD also ranked the top 10 vendors in terms of the number and severity of vulnerabilities, which ranks Oracle (News - Alert) at the top with 424 vulnerabilities, which is much higher than their 262 entries in 2011. A significant number of these vulnerabilities are related to Java.
Image via GFI
According to the NVD, Apple (News - Alert) has reported the most high severity vulnerabilities during 2012, with Safari, iTunes and iOS generating most of them. Interestingly, Microsoft continues to decrease the number of vulnerabilities it reported with 169 vulnerabilities – down from 244 in 2011 and 318 in 2010.
In addition, 86 percent of reported vulnerabilities come from third-party applications, 10 percent from operating systems and four percent from hardware devices.
In a related study, GFI Software released its VIPRE Report for December 2012, complete with a listing of the 10 most prevalent threat detections encountered that month. In December, GFI threat researchers also found a handful of phony Google Play app markets hosting mobile Trojans, as well as a number of spam e-mail campaigns posing as messages from Amazon, PayPal and LinkedIn (News - Alert).
“Cybercriminals often make the effort to create phony websites and spam e-mails that appear authentic in order to increase the chances of catching users off guard and infecting their PCs,” explained Christopher Boyd, senior threat researcher at GFI Software.
Boyd said that over the past year, cybercriminals have improved their ability to fabricate even more convincing sites that prey on users who rush into providing personally identifiable information or installing applications without completely investigating the legitimacy of the source.
“Users should be extra careful in every situation by taking the time to look at URLs and manually navigating to the sites that they want to visit,” he advised.
GFI Software offers its VIPRE line of antivirus solutions, which are available as an on-premise, cloud-managed or stand-alone solution. Each version includes free tech support by phone, e-mail or online chat.
Now that class is dismissed, head on over to GFI’s website to learn more about this and all of its award-winning offerings at www.GFI.com.
Small to mid-sized businesses are under attack
Until small to mid-sized businesses (SMBs) take proactive, measurable improvements to IT security, many will succumb to cyber criminals...
The Technology Trap: How your business can break out and step up
Technology management itself can be a time-consuming exercise and requiring a lot of administrative time...
Unlocking the benefits of managing IT services in the cloud
Managing IT can quickly become a logistical and cost headache for organizations of all sizes...
A business case for cloud-based IT management
Cloud computing services have seen rapid adoption among organizations of all sizes...