Security vulnerabilities are always in the news, but the biggest threats might be the ones that don't get talked about, that don't end up in CERT advisories or trade publications. Here's a list of some of the most dangerous and least-discussed IT security vulnerabilities we've seen in recent weeks
What you don't know can hurt you.
If you've been following security lately, you probably know all about the big vulnerabilities. You've built defenses for denial-of-service attacks, and you've stopped the Storm worm. You've got your Microsoft Windows patches scheduled for the month, and you know about all the malware that hides in spam.
At the end of the day, though, the biggest threats might be the ones that don't get talked about, that don't end up in CERT advisories or trade publications. You can't track every vulnerability—their sheer volume almost guarantees there will be a few that operate below your radar.
With this in mind, the folks here at Dark Reading have developed a list of some of the most dangerous and least-discussed IT security vulnerabilities we've seen in recent weeks. Some of these are emerging threats; others have been operating at a low level for years. Some of them you may know about; others might be new to you.
We didn't rank them, nor are we saying that these are the only unheralded vulnerabilities out there. So if you know of other little-discussed, but potentially pointy security flaws, tell us about them via our message board. You'll be helping out those who don't know as much as you do.
And now here's our list of little-known, yet possibly dangerous, security flaws:
Cross-Site Request Forgery (CSRF)
Network Access Control Flaws
PHP Remote File Inclusion
Rogue Anti-Spyware
Stealth Malware by Design
Targeted Attacks
Rustock Trojan Horses
SOX-Breaking Accounting Flaws
Next Page: Cross-Site Request Forgery (CSRF)
