The System Administration, Networking, and Security (SANS) Institute has released its quarterly update for Spring 2006 on the Internet vulnerabilities—comprising four software-specific-weakness and four overarching attack trends—it recommends security professionals focus on to thwart the latest cyber exploits:
- Mac OS/X vulnerabilities including a Day Zero vulnerability
- Increase in Windows client-side software flaws
- Even more multiple Internet Explorer Day Zero vulnerabilities
- Discovery of critical Firefox and Mozilla browser vulnerabilities
- Overall surge in Day Zero attacks for profit
- Rapid growth in critical database, data-warehouse, and backup-data vulnerabilities subject to SQL injection and other direct-access attacks
- Continuing surge in file-based attacks, for example, using media and image files
- Increasingly successful spear-phishing attacks, especially among defense and nuclear energy sites
*Source, SANS Institute, Spring 2006 Update, SANS Top 20 Internet Security Vulnerabilities