Attackers have shifted their attention from operating systems, such as Windows and Unix, to the applications that run on those systems, the SANS Institute, a training and education group, said on Tuesday in a statement marking the release of its annual list of top-20 vulnerabilities.
"The most notableable set of applications that are being targeted by attackers are the backup and recovery tools and the antivirus and other security tools that most organizations think are keeping them safe from attacks and loss of data," the SANS Institute stated in its release. "Now, many of those systems have been shown to have critical vulnerabilities."
This year, only eight of the highlighted vulnerabilities affected operating systems. Network accessible services left unsecured by Microsoft's Windows topped the list of flaws in that operating system. Bugs in Internet Explorer and security issues in the core Windows libraries rounded out the top-three issues for Windows.
The top applications that should concern information-security professionals are backup software, antivirus software and PHP-based applications, the SANS Institute stated. A significant number of flaws have been found in each application over the past year.
Symantec, which produces both antivirus software and backup applications, owns SecurityFocus.
Posted by: Robert Lemos