Daily Video: Lack of Patching Remains a Top Security Risk, HP Finds

 
 
By eWEEK Staff  |  Posted 2015-03-18 Print this article Print
 
 
 
 
 
 
 

Today's video focuses on an HP security study, which shows that 44 percent of breaches could be attributed to patched vulnerabilities that were between 2 and 4 years old.

 
Microsoft Closes $26 Billion LinkedIn Social Network Buyout

DAILY BRIEFING: Microsoft completes $26 Billion LinkedIn social network acquisition; Google develops...

Windows 10 Creators Updates Includes New Security Features

DAILY VIDEO: Microsoft bolsters security features in windows 10 creators update; Dynamics 365...

AT&T 5G Wireless Trial Handles Streaming 4K HD Video, Camera Feeds

DAILY VIDEO: AT&T's first 5G business trial handles new high speed mobile apps; SCOTUS trims...

Amazon Shows Off Grocery Store Without Checkout Counters

DAILY VIDEO: Amazon unveils no-checkout POS system for early 2017; Google patches Android for 74...

Avalanche Botnet Shut Down by International Law Enforcement Action

DAILY VIDEO: Avalanche botnet disabled by law enforcement; Google launches continuous testing service...

More than 1 Million Android Devices Infected by 'Gooligan' Trojan

DAILY VIDEO: 'Gooligans' malware infects more than 1.3 million Android devices; Firefox patched for...

Azure Cloud Flaw Posed Hacking Risk to RHEL Virtual Machines

DAILY VIDEO: Microsoft Azure flaw posed RHEL hacking risk; Google explores use of machine learning to...

Microsoft Readying New Smartphone Models for Late 2017, Reports Say

DAILY VIDEO: Microsoft readying new mobile device push in 2017, reports say; Cisco extends security...

San Francisco Transit Agency Gets Back Online After Ransomware Attack

DAILY VIDEO: Cyber-attack knocks out San Francisco transit system fare terminals; Cisco extends...

Recount in Wisconsin Unlikely to Reveal Vote System Fraud, Hacking

DAILY VIDEO: Election recount unlikely to reveal evidence of vote system hacking; Mimecast brings...



Read more about the stories in today's news:

 
 
 

Organizations aren't properly patching their systems, according to the findings of Hewlett-Packard's 2015 Cyber Risk report. The study used data collected across HP's security teams in 2014 to determine that 44 percent of system breaches could be attributed to patched vulnerabilities that were between 2 and 4 years old.

Jewel Timpe, manager of threat research for HP Security Research, told eWEEK that patching is hard for a number of reasons. She explained that in enterprises, the sheer volume of patches IT departments need to apply across multiple systems, while ensuring the patch doesn't break any custom applications or business critical applications is daunting and resource-heavy.

Java-related exploits are an example of a class of patched vulnerabilities that continue to show up in HP's research. Java represented 48 percent of all Web or email exploit samples in 2014, HP's study found.

Brian Gorenc, manager of vulnerability research for HP Security reported the same basic finding at the 2014 Black Hat conference in Las Vegas. At the time, Gorenc reported that the majority of Java malware attacks were leveraging old vulnerabilities because many organizations aren't reliably implementing all of the released patches.

In contrast, HP's report also noted that Oracle has made significant gains in 2014 in securing Java. The report noted that, in 2014, Oracle introduced click-to-play as a security measure, making the execution of unsigned Java code more difficult. Oracle's click-to-play security measure had such a positive impact on Java security that HP stated that it did not encounter any serious Java zero-day flaws in 2014.

Timpe concluded in his interview with eWEEK that he doesn’t understand why the problems with existing software flaws continue because the issues cited in this report are not new and the tech industry knows how to fix them.

 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel