It’s that time of the year, our annual christmas present – the Sans Top 20 Vulnerabilities for 2007.
The SANS Top 2007 list is not “cumulative.” We include only critical vulnerabilities from the past year or so. If you have not patched your systems for long time, it would be wise to patch the vulnerabilities listed in the Top 20 2006 list as well as those in the prior lists. At the end of this document, you will find a short FAQ (list of frequently asked questions) that answers questions you may have about the project and the way the list is created.
This year’s list of top risks diverges from lists in past years that focused on very specific technical vulnerabilities that could be fixed by tweaking a configuration or applying one patch. Because attackers are moving so quickly today, such point-fixes are outdated almost immediately. For that reason, this year’s list of top risks focuses more on the areas that attackers are targeting and where organizations need to enhance their security processes to ensure consistent application of technical fixes.
Read the full list here:
Recent in Exploits/Vulnerabilities:
- Evernote Hacked – ALL Users Required To Reset Passwords
- Apple, Facebook & Hundreds More Hacked By 0-Day Java Exploit
- Weevely – PHP Stealth Tiny Web Shell
- SANS Gateway Asia 2006
- NSA Together With Mitre CWE and SANS Identifies Top 25 Programming Errors
- 0-day Vulnerability Effects Solaris – Disable Telnet NOW!
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 218,579 views
- AJAX: Is your application secure enough? - 117,837 views
- eEye Launches 0-Day Exploit Tracker - 84,870 views