Incapsula, a top provider of website and web application security, recently posted a blog on the top three threats of 2014, with an accompanying infographic. As a provider of web security services, they have access to a wide view of the threat landscape. The top three vulnerabilities are listed as follows with a short description of each:
- HeartBleed, an OpenSSL bug that allows an attacker to access information from a client or server’s memory.
- Shellshock, allows attackers to take control of the server, enabling them to steal files, delete information, download malware, and execute DDoS attacks.
- POODLE, affects SSL encryption technology allowing an attacker to trick computers into sharing sensitive data.
These three threats top Incapsula’s list because unlike most – they are specific to a particular OS, browser, or software application. As a result, these mega-vulnerabilities can affect almost anyone.
Click here to view the Incapsula blog post. For more information on HeartBleed and Citrix, take a moment to read the Technical Update Bulletins posted by Mark Ma earlier this year: