By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: Old bugs topped list of security exploits last year
Share
Font ResizerAa
TechgoonduTechgoondu
Font ResizerAa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Enterprise > Old bugs topped list of security exploits last year
EnterpriseInternetMobile

Old bugs topped list of security exploits last year

Aaron Tan
Last updated: April 13, 2015 at 9:02 AM
Aaron Tan
Published: April 13, 2015
3 Min Read

data-protection

High profile software bugs like Heartbleed and Shellshock have caused a stir in the IT industry, but many security breaches last year took advantage of software vulnerabilities that were at least two years old.

These were some of the findings revealed in HP’s annual Cyber Risk Report, which analyses the most pressing security issues affecting enterprises in 2014.

According to HP, the top exploit in 2014 was a bug in Microsoft’s Windows Shell that allows remote attackers to execute arbitrary code. It was discovered in 2010, and was responsible for 33 per cent of breaches last year.

“None of the top 10 exploits took advantage of the zero-day bugs last year,” said Art Gilliland, senior vice president and general manager of enterprise security products at HP.

“All the stuff about Heartbleed, Shellshock and Poodle didn’t even make it into the top 10 exploits,” he added.

Gilliland said because newly discovered zero-day bugs are getting so much attention, IT administrators are not doing enough to plug security loopholes that have existed for as long as five years.

The patches for these loopholes could have been missed by IT administrators who needed to get a new system up and running quickly, he said. “We have to start thinking about how to better patch vulnerabilities that we already know about”.

Besides software vulnerabilities, misconfigured servers were also one of the top causes of security breaches, according to HP.

Misconfigured servers could allow attackers to access critical systems or files that are more important than the ones being breached. “For example, if you break into a web server, you could get access to a database that the web server doesn’t need,” he said.

In addition, HP found that mobile devices were also targeted through more mobile malware. Mobile web apps were also found to have fewer vulnerabilities compared to native apps, Gilliland said.

To address these security bugbears, Gilliland advised organisations to adopt a “comprehensive and timely patching strategy” to ensure systems are up-to-date and reduce the chances of a successful breach.

They should also conduct regular penetration testing and verify the configurations of their IT systems by working with security vendors, he said.

But more importantly, Gilliland said organisations should develop capabilities, not just in preventing attacks, but also in detecting cyber criminals who have broken into their systems to steal sensitive data.

“Companies spend about 85 per cent of their resources to block the bad guys,” he said. “But if you’re competing against an adversary who is the best in the world, you’re going to lose if you’re spending less than 15 per cent of your budget to find him.”

Kronicles offers on-site and off-site backup for SMEs – at a monthly cost
Banning, curtailing VPN could set unwanted precedent for Singapore
Commentary: Singapore considers “do-not-call” list in overdue data protection law
HP ZBook Firefly G9 review: A futuristic look for a mobile workstation
Hands on: redesigned Yahoo Mail app promises better e-mail for everyday life
TAGGED:security

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Whatsapp Whatsapp LinkedIn Copy Link Print
Previous Article Goondu review: D-Link DIR890L
Next Article Goondu review: GoQii Band
Leave a Comment

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

FacebookLike
XFollow

Latest News

Singapore expands AI assurance pilot to test AI agents, detect prompt injections
Enterprise Software
July 7, 2025
In search of fairer deal for content creators, Cloudflare blocks AI scrapers
Internet Media
July 3, 2025
Samsung The Frame Pro (2025) review: Appealing design, excellent images
Audio-visual
July 1, 2025
AWS opens Asia-Pacific innovation hub in Singapore
Enterprise
June 30, 2025

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
© 2024 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact
Follow Us!
Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Username or Email Address
    Password

    Lost your password?