Zero day attacks target unpatched applications

Secure web gateway products developer Finjan says the current wave of attacks is focusing on applications that are often left unpatched or untracked by administrators for vulnerabilities. While most enterprises are scheduling Microsoft’s security patch deployments, applications from other vendors are usually left unpatched and, as a result, are becoming an easy way in for hackers installing Trojans on end-user machines to steal corporate data. “The problem … is that these threats are not tracked in general vulnerability reporting services, which makes the task of identifying and protecting against these types of attacks all the more difficult,” says Finjan CTO Yuval Ben-Itzhak. “The problem of open source and other non-Microsoft software security [is] difficult to track and resolve. ” His advice: review non-Microsoft applications in use wherever they are on the network and ensure that all available patches are deployed. “IT managers should also regularly review their security needs and ensure that their web security technology is capable of defending company IT resources against the multi-vectored and hybrid nature of today’s electronic attacks.”