The Last HITB Security Conference in Malaysia

Hands-on Technical Trainings - 13th & 14th October

http://conference.hitb.org/hitbsecconf2014kul/#tile_schedule

Triple-Track Conference - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/conference-speakers/

 

Capture the Flag - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/capture-the-flag/

HackWEEKDAY - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/hackweekday/

CommSec Village - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/commsec-village/

REGISTER ONLINE NOW

Why is a 14-month-old patched Microsoft vulnerability still being exploited?

http://sophosnews.files.wordpress.com/2012/02/cumulative_numbers.png

The media - and indeed many parts of the security industry - just looove zero-day exploits. They are exciting to report, to research, to block...but interestingly, SophosLabs sees much more malware exploiting patched vulnerabilities.

I know - it's a bit weird. Why would malware authors bother to target a vulnerability for which a patch is already available for download...for free? Surely, it would be a lost cause, a dud, a lemon, a non-starter.

Alas, many people - and companies - don't get around to patching. And I just don't get why. If i cut myself, i put a plaster on it so I don't bleed all over the place. A no-brainer. Isn't patching security vulnerabilities in the same boat?