| Article | Summary |
Zero Day Attacks and Prevention Strategies  | While the risks of zero day vulnerabilities in popular applications and subsequent exploitation have been discussed for several years, zero day attacks saw a significant upward trend in 2006. |
| Users (Phishing/Spear Phishing) Attacks | The word "phishing" was first used around 1996 when hackers began stealing America On-Line accounts by sending email to AOL users that appeared to come from AOL. Phishing attacks now target users of online banking, payment services such as PayPal, and online e-commerce sites. |
|
|
| Excessive User Rights and Unauthorized Devices Attacks | Some attacks cannot be effectively prevented by technical controls alone. Unwary users can be enticed to do unsafe things. Clever users can find unsafe ways to get things done, unintentionally exposing the company to attack. To protect against attacks exploiting these weaknesses, administrative controls supplement technical and physical controls. |
| Network and Other Devices Common Configuration Weaknesses | Because of the unique role these devices play in network infrastructure, they often have default configurations that emphasize ease of use and configuration, rather than security. This section discusses the common insecurities present in many default configurations of network and network-accessible devices. |
|
|
| VoIP Servers and Phones Attacks | VoIP technology has seen rapid adoption during the past year. At the same time, there has been an increase in security scrutiny of typical components of a VoIP network such as the call proxy and media servers and the VoIP phones themselves. |
| Security, Enterprise, and Directory Management Servers Attacks | Applications such as on-server virus and spam filters, directory servers, and management and monitoring systems pose a unique security challenge; in addition to compromising the system hosting them, they provide opportunities to attack other systems. |
|
|
| Backup Software Attacks | During the last year a number of critical backup software vulnerabilities have been discovered. These vulnerabilities can be exploited to completely compromise systems running backup servers and/or backup clients. |
| DNS Servers Attacks | The Domain Name System (DNS) is a critical Internet mechanism that primarily facilitates the conversion of globally unique host names into corresponding globally unique Internet Protocol addresses using a distributed database scheme. |
| Instant Messaging Attacks | The widespread use of instant messaging (IM) continues to increase the security risks for both organizations and individual users. While instant messaging can be a very useful communication tool, it is also subject to many security concerns. |
| P2P Filesharing Attacks | Peer to Peer networks consist of collections of computers or “nodes” that simultaneously function as both “clients” and “servers” to achieve a common purpose. The nodes may exchange data, share resources, provide directory services, support communications and provide real time collaboration tools. |
|
|
) Date (