A central point for collection of information that relates to computer security. Including, but not limited to, security advisories from the major vendors, major data breaches, “phishing” alerts, commentary regarding staffing levels. etc. etc.
New IBM Security Vulnerability Report
March 24, 2012 at 1:25 pm #156948
IBM Press Release
The X-Force 2011 Trend and Risk Report revealed a 50 percent decline in spam email compared to 2010; more diligent patching of security vulnerabilities by software vendors, with only 36 percent of software vulnerabilities remaining unpatched in 2011 compared to 43 percent in 2010; and higher quality of software application code, as seen in web-application vulnerabilities called cross site scripting half as likely to exist in clients’ software as they were four years ago.
In light of these improvements, it seems attackers are adapting their techniques. The report uncovers a rise in emerging attack trends including mobile exploits, automated password guessing, and a surge in phishing attacks. An increase in automated shell command injection attacks against web servers may be a response to successful efforts to close off other kinds of web application vulnerabilities.
The IBM X-Force 2011 Trend and Risk Report is based on intelligence gathered by one of the industry’s leading security research teams through its research of public vulnerability disclosures findings from more than 4,000 clients, and the monitoring and analysis of an average of 13 billion events daily in 2011.
March 24, 2012 at 1:31 pm #156955
Internet Evolution blog commentary
Are you satisfied with your enterprise security? According to a report from IBM released today, you may want to avoid getting too complacent.
Results of IBM’s latest X-Force 2011 Trend and Risk Report indicate that, though application security vulnerabilities, exploit code, and spam are down from a year earlier, more danger lurks where IT may not be so vigilant. Specifically, the report showed a 19 percent increase in exploits aimed at mobile devices. And phishing emails related to social networks were also up. The report warns too that online criminals appear to be having a field day with the information gleaned by careless social site users.
“In 2011, we’ve seen surprisingly good progress in the fight against attacks through the IT industry’s efforts to improve the quality of software,” said Tom Cross, manager of threat intelligence and strategy for IBM X-Force, in a prepared statement. “In response, attackers continue to evolve their techniques to find new avenues into an organization. As long as attackers profit from cyber crime, organizations should remain diligent in prioritizing and addressing their vulnerabilities.”
March 24, 2012 at 8:07 pm #156953
WARNING: This is an exceptionally long post intended for security and privacy geeks everywhere, including sys admins, Internet security hawks, CIOs, and innocent but interested bystanders everywhere. No Web servers were hacked in the preparation of this report: at least, none by me!
OK, troopers, it’s that time of year again. You know, the time when IBM releases its report card for security incidents, the X-Force Trend and Risk Report.
Google has the search “Zeitgeist” every year, we have the security “poltergeist!”
This time around, we’re looking back at the wild and wacky 2011, a year which showed surprising improvements in several areas of Internet security. Improvements, you ask? Surely you jest, Turbo
March 24, 2012 at 8:42 pm #156950
Believe this is a valid copy of the report…
You must be logged in to reply to this topic.