According to a report by TrustWave, companies are so busy chasing down the latest vulnerabilities that they are overlooking the most common, frequently exploited ones. As a result, companies continue to be pagued by old and supposedly well-understood vulnerabilities, reports Computerworld.
The most common vulnerability discovered by TrustWave had to do with the management interfaces for Web application engines such as Websphere. In many cases, attackers could access the interfaces directly from the Internet as they had little or no password protection. This could allow attackers to unleash their own malicious applications on the Web server. The second most common vulnerability has to do with unprotected network infrastructure components such as routers, switches and VPN concentrators.
These vulnerabilities are common well-understood issues that should have been addressed a long time ago, says Nicholas Percoco, senior vice president at TrustWave's SpiderLabs research unit.
As we reported on our Network Security Edge site, TrustWave's reports also notes that the hotel industry was a popular target of cyber criminals last year.