Old school vulnerabilities grow in popularity in 2014

Hackers exploiting old, unpatched code

Hackers are increasingly flipping it back to the old school to find a way onto your PC by using legacy vulnerabilities in older code to zero in on unpatched issues that are no longer paid attention.

That's according to HP's Cyber Risk Report, which has just been released, and shows that seven of the top 10 exploits in 2014 were discovered prior to 2013 and it went on to point out that the combined age in years of the code in the Heartbleed, Shellshock and Poodle zero-day exploits is 59.

Further to this, 33 per cent of the exploits discovered in 2014 used an infection vector first detected as part of Stuxnet way back in 2010. It went on to explain that 44 per cent of the known breaches were born out of vulnerabilities that are between two and four years old with server misconfigurations the top vulnerability and programming errors opening enterprises up to increasing attacks.

Internet Explorer top of the charts

HP's annual run down went on to report that software as a service (SaaS) and middleware are seeing exploits via protocols such as HTTP, simple object access protocol (SOAP) and JSON, plus it added that Oracle has gone some way to shutting down exploits in Java.

Much like a similar report earlier this week, Internet Explorer again led the way for discovered exploits with Adobe Flash joining it at the top of the top discovered CVE-2014 exploits.

Via: ZDNet