 
|
|
In partnership with:
21st November 2006 35% of SANS top 20 newEleanor DallawayOver a third of this year’s SANS top twenty is new for 2006, and VoIP has emerged as a major threat vector. The SANS Institute has revealed the top 20 dangerous Internet vulnerabilities of this year. This is the sixth time around for the top 20. The SANS top 20 is a consensus list of vulnerabilities that require immediate attention. New entries to the list include VoIP servers and phones, network common configuration weaknesses and users (phishing and spear phishing). There has been a major surge of zero-day attacks in 2006. This year’s list features 65% of the same vulnerabilities reported last year. Internet Explorer now features at the top and Windows Libraries has also gone up the ladder in terms of vulnerability levels. Instant Messaging is continuing to become more of a target. Backup software and Windows software on the other hand, are becoming less of a risk. Anti-virus software and Cisco IOS-based products no longer feature on the SANS top 20 list. It is important that organizations and users ensure that they have patched the critical vulnerabilities listed in the 2005 list, in addition to concentrating on the updated list. This is because the most recent SANS top 20 lists only report vulnerabilities from 2006. This does not mean that the vulnerabilities listed the previous year are no longer a threat. As more critical and current vulnerabilities become apparent, the list will be updated. The latest list is available to view at the following address and the flaws are divided between the following categories; operating systems, cross-platform applications, network devices, security policy and personnel and special section. http://www.sans.org/top20/?ref=1814.
|
|