So we'd like to know: What threat do you feel posed the most risk to your enterprise's information security?
Listed below are five of our top Threat Monitor tips from the past year, including a description of what we thought made the threats particularly dangerous. Now, we want to know what you think. Take the poll next to the tip descriptions, and check out the top security threats 2010 on Thurs., Dec. 16, when we reveal the results.
Online Surveys powered by SurveyGizmo
Zeus botnet analysis: Past, present and future threats
The Zeus botnet has become one of the most dangerous botnets in history because of the targeted crimes that have been committed using the malware it propagates and the ease with which attackers commit the crimes.
Defending against RAM scraper malware in the enterprise
Today's RAM scrapers are able to bypass most security protections and access sensitive credit card data by either injecting themselves into running processes to hide or directly executing on machines.
Clientless SSL VPN vulnerability and Web browser protection
Exploiting this vulnerability, an attacker could construct a malicious webpage that is designed to access all of the protected domains on the client-side Web browser, as well as steal session cookies or hijack the user's VPN session.
Operation Aurora: Tips for thwarting zero-day attacks, unknown malware
Attackers showed that they could use something as simple as a zero-day Internet Explorer vulnerability to breach the likes of Google. Smaller organizations with fewer resources would have an even tougher time protecting against such attacks.
SSL vulnerabilities: Trusted SSL certificate generation for enterprises
Researchers at DefCon 2010 showed that clever, ambitious attackers could cause major damage across the Web by exploiting fewer than two dozen CAs, since any CA can sign a certificate for any DNS name.
This was first published in December 2010