PC Mag: Don’t obsess over zero-day vulnerabilities and the highly sophisticated, targeted attacks. Attackers are more likely to exploit older, known flaws in Web applications, so focus on basic patching and security hygiene instead.
A vulnerability patched in 2010 and another in 2009 were among the ten most frequently targeted Web vulnerabilities in April, Barry Shteiman, Imperva’s director of security strategy, told SecurityWatch. Despite their age, both private and industrialized attackers continue to target these vulnerabilities, because these attack campaigns are “lucrative.” The attack doesn’t require buying or developing expensive zero-day exploits “as old ones that are widely available work just as well,” Shteiman said.