On July 6th, NGSSoftware released a set of security vulnerability advisories regarding several SAP enterprise software packages.
The same group stated earlier that it keeps 175 so-called 0-day vulnerabilities in enterprise applications of various vendors (Oracle, IBM, HP, Microsoft, Openbase, Real, Sybase, Ingres, Veritas, CA and Sun) under its pillow and they add more every week. Such 0-day vulnerabilities are flaws in software applications that are not yet fixed by the vendor, thus leaving the customers vulnerable to attacks until the vendor releases a patch.
Note that 0-day vulnerabilities are actively exploited by cybercriminals for one year until they become publicly known. This fact was found by Immunity, a company that buys newly found security vulnerabilities from their founders and sells fixes to Immunities customers.
There is even a fast growing market for security vulnerabilities. Recently we have seen a bidding platform, similar to Ebay, where people can sell and buy unreleased 0-day vulnerabilities for software applications.
Conclusion: it seems that complex business application frameworks as for example provided by IBM, Oracle, SAP and Software AG get more attention of security researchers as well as hackers. Professional attackers are out there that buy know-how about vulnerabilities. As business owner you should be prepared to take meaningful measures in advance.
Get in touch if you want to know more about how to protect your business applications.
Mittwoch, 25. Juli 2007
Abonnieren
Posts (Atom)