Daily Video: Lack of Patching Remains a Top Security Risk, HP Finds

 
 
By eWEEK Staff  |  Posted 2015-03-18 Print this article Print
 
 
 
 
 
 
 

Today's video focuses on an HP security study, which shows that 44 percent of breaches could be attributed to patched vulnerabilities that were between 2 and 4 years old.

 
Windows Server 2016 Debuts at Microsoft Ignite Conference

DAILY VIDEO: Microsoft's Windows Server 2016 debuts at Ignite conference; Docker now runs on Windows...

Salesforce, Other Suitors Reportedly Considering Twitter Buyout

DAILY VIDEO: Salesforce reportedly considering buying Twitter; Apple unveils public version of iOS...

Apple iPhone 7 Users Report 'Hissing' Noise That May Prove Innocuous

DAILY VIDEO: "Hissing" iPhone 7s reported, but that may be a normal noise; Microsoft delivers Version...

Google Smartphone, VR Headset Expected to Debut at Oct. 4 Event

DAILY VIDEO: Google expected to unveil smartphone, VR headset at Oct. 4 event; Ellison claims...

Samsung Says Green Charging Light Hallmark of Safe Note7 Handsets

DAILY VIDEO: Samsung Note7 recall update: How to ID a non-defective handset; Oracle launches a major...

Google to Roll Out Allo Messaging App on Sept. 21: Report

DAILY VIDEO: Google reportedly launching Allo messaging app Sept. 21; Intel, GE partner to make...

iPhone 7 Plus So Far More Popular Than iPhone 7

DAILY VIDEO: iPhone 7 sales patterns contrast with those of iPhone 6 and 6s; mobile carriers unveil...

Apple Says iPhone 7 Sales Start With Some Models Already Sold Out

DAILY VIDEO: Apple says some iPhone 7 models are already sold out; Qualcomm pushes for more dual...

Apple Says It's Fixed iOS 10 Bug That Disabled Some iPhones, iPads

DAILY VIDEO: Apple's new iOS 10 update disables iPhones, iPads for some users; Samsung to limit Note7...

Apple Delivers iOS 10 Ahead of iPhone 7 Arrival

DAILY VIDEO: Apple releases iOS 10 just before iPhone 7 arrives; official recall of Samsung Galaxy...



Read more about the stories in today's news:

 
 
 

Organizations aren't properly patching their systems, according to the findings of Hewlett-Packard's 2015 Cyber Risk report. The study used data collected across HP's security teams in 2014 to determine that 44 percent of system breaches could be attributed to patched vulnerabilities that were between 2 and 4 years old.

Jewel Timpe, manager of threat research for HP Security Research, told eWEEK that patching is hard for a number of reasons. She explained that in enterprises, the sheer volume of patches IT departments need to apply across multiple systems, while ensuring the patch doesn't break any custom applications or business critical applications is daunting and resource-heavy.

Java-related exploits are an example of a class of patched vulnerabilities that continue to show up in HP's research. Java represented 48 percent of all Web or email exploit samples in 2014, HP's study found.

Brian Gorenc, manager of vulnerability research for HP Security reported the same basic finding at the 2014 Black Hat conference in Las Vegas. At the time, Gorenc reported that the majority of Java malware attacks were leveraging old vulnerabilities because many organizations aren't reliably implementing all of the released patches.

In contrast, HP's report also noted that Oracle has made significant gains in 2014 in securing Java. The report noted that, in 2014, Oracle introduced click-to-play as a security measure, making the execution of unsigned Java code more difficult. Oracle's click-to-play security measure had such a positive impact on Java security that HP stated that it did not encounter any serious Java zero-day flaws in 2014.

Timpe concluded in his interview with eWEEK that he doesn’t understand why the problems with existing software flaws continue because the issues cited in this report are not new and the tech industry knows how to fix them.

 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel