Daily Video: Lack of Patching Remains a Top Security Risk, HP Finds

 
 
By eWEEK Staff  |  Posted 2015-03-18 Print this article Print
 
 
 
 
 
 
 

Today's video focuses on an HP security study, which shows that 44 percent of breaches could be attributed to patched vulnerabilities that were between 2 and 4 years old.

 
Facebook Starts 'Journalism Project' to Curb Fake News

DAILY VIDEO: Facebook unveils ambitious project to clean up news feeds; Google rolls out new cloud...

Yahoo to Emerge from Verizon Sale Under New Name: 'Altaba

DAILY VIDEO: CEO, co-founder to leave Yahoo, now known as Altaba; DHS designates election machines,...

Hacker Enters Guilty Plea to Attacks on U.S. Intelligence Officials

DAILY VIDEO: Hacker pleads guilty to attacks against U.S intelligence officials; Google spinoff...

MongoDB Databases Hit by Multiple Groups of Ransomware Attackers

DAILY VIDEO: MongoDB ransomware impacts over 10,000 databases; Labor Department sues Google demanding...

FTC Sues D-Link Over Security Flaws in Routers, IP Cameras

DAILY VIDEO: FTC claims D-Link routers and IP cameras are leaving consumers at risk; Microsoft...

Red Hat Improves Hybrid Cloud Management With CloudForms 4.2

DAILY VIDEO: Red Hat CloudForms 4.2 Improves Hybrid Cloud Management; Virtual Reality-Enabled Windows...

DHS-FBI Report Provides Details on Russian Hacks of U.S. Targets

DAILY VIDEO: DHS-FBI report details Russian malicious cyber activity; U.S. prosecutors charge three...

Amazon Refuses to Give Police Echo Digital Assistant User Transcripts

DAILY VIDEO: Amazon resists warrant for Echo digital assistant user transcripts; South Korea fines...

Congressional Study Concludes Strong Encryption Important for Economy

DAILY VIDEO: Congressional study backs strong encryption essential for U.S. economy; Container...

Security Flaws Detected in Panasonic Airline Entertainment System

DAILY VIDEO: Security vulnerabilities found in airline entertainment systems; Akamai acquires...



Read more about the stories in today's news:

 
 
 

Organizations aren't properly patching their systems, according to the findings of Hewlett-Packard's 2015 Cyber Risk report. The study used data collected across HP's security teams in 2014 to determine that 44 percent of system breaches could be attributed to patched vulnerabilities that were between 2 and 4 years old.

Jewel Timpe, manager of threat research for HP Security Research, told eWEEK that patching is hard for a number of reasons. She explained that in enterprises, the sheer volume of patches IT departments need to apply across multiple systems, while ensuring the patch doesn't break any custom applications or business critical applications is daunting and resource-heavy.

Java-related exploits are an example of a class of patched vulnerabilities that continue to show up in HP's research. Java represented 48 percent of all Web or email exploit samples in 2014, HP's study found.

Brian Gorenc, manager of vulnerability research for HP Security reported the same basic finding at the 2014 Black Hat conference in Las Vegas. At the time, Gorenc reported that the majority of Java malware attacks were leveraging old vulnerabilities because many organizations aren't reliably implementing all of the released patches.

In contrast, HP's report also noted that Oracle has made significant gains in 2014 in securing Java. The report noted that, in 2014, Oracle introduced click-to-play as a security measure, making the execution of unsigned Java code more difficult. Oracle's click-to-play security measure had such a positive impact on Java security that HP stated that it did not encounter any serious Java zero-day flaws in 2014.

Timpe concluded in his interview with eWEEK that he doesn’t understand why the problems with existing software flaws continue because the issues cited in this report are not new and the tech industry knows how to fix them.

 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel