Attacks/Breaches
12/24/2009
12:06 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Top 10 Security Challenges For 2010

Cloud-hosted malware, bot blasts, compromised smartphones, and privacy-busting malvertising are a few of the security pitfalls we can expect this year.

9. A Major Insider Theft Scandal Will Surface

Ongoing improvements in network security will encourage organized cybercrime groups to think about the long con. Somewhere next year, expect someone with access to data at a large organization to be caught working for or with a cybercrime group. The Identity Theft Resource Center anticipates a rising number of insider cases because of failure to follow basic workplace security protocols.

Contrarian view: As above, but the organization will be able to hide the incident, at least until 2011. This prediction has the added benefit of being difficult to prove wrong next year.

10. Clickjacking Strikes Back

Zscaler believes that the clickjacking vulnerability -- a way to alter a Web app's user interface to dupe users into clicking on concealed buttons -- will be employed in attacks more frequently. Jeremiah Grossman, founder and CTO of WhiteHat Security, and Robert "RSnake" Hansen, founder and CEO of SecTheory, disclosed information about the technique in October 2008. While some effort has been made to mitigate the risk of clickjacking, Zscaler says the technique can still be effective, particularly in attacks with a social engineering component.

Contrarian view: Why bother ,when you can just launch a window that displays a fake security scan and get clueless users to pay for fake security software? Ignorance is a vulnerability that isn't easy to patch.

For Further Reading:

Top 10 Smartphone Advances Of 2009

Getting Started With Full Disk Encryption

Wolfe's Den Podcast: Trend Micro Takes Security To The Cloud

Rolling Review: PGP Mobile 9.9.0 For Security On The Go

Previous
4 of 4
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant