SANS report flags backup software flaws

By
Follow google news

Flaws in data back-up products were among the software problems cited as most serious in a quarterly update of the SANS top 20 most critical vulnerabilities released Monday.

Vulnerabilities in Veritas backup software and Computer Associates BrightStor ARCServe Backup are very troubling, according to the SANSInstitute and the team of experts who compiled the update.


"Backup software is typically at the core of critical and important data for any organization," said Gerhard Eschelbeck, CTO at Qualys. "Compromise of a backup infrastructure is equal to compromise of a complete organization."

The update also cites several vulnerabilities in Microsoft products, including Internet Explorer, Oracle, Apple iTunes, and Firefox.

The report, which is an update to the SANS Top 20 list published annually in the fall, was culled from 422 new vulnerabilities discovered in the second quarter of this year. That number represents nearly a 20 percent increase from the number of flaws found in the second quarter of 2004.

"These critical vulnerabilities are widespread and many of them are being exploited right now," said Alan Paller, director of research at the SANS Institute. "We're publishing this list as a red flag for individuals as well as IT departments."

SANS began releasing quarterly updates to its annual list this year. Details are available at www.sans.org

Add iTnews as your trusted source

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Bendigo Bank aims to have Australia's "first agentic SOC"

Bendigo Bank aims to have Australia's "first agentic SOC"

Microsoft device telemetry key to unmasking alleged Scattered Spider hacker

Microsoft device telemetry key to unmasking alleged Scattered Spider hacker

ASD to retire Essential Eight cyber security framework within next two years

ASD to retire Essential Eight cyber security framework within next two years

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

Log In

  |  Forgot your password?