Hackers — whether criminal or apparent agents of foreign governments — are exploiting unpatched applications on Web servers and client computers to infect entire networks, according to report recently released on predominant cybersecurity risks. “Attackers have long picked up on this opportunity and have switched to different types of attacks in order to take advantage of these vulnerabilities, using social engineering techniques to lure end-users into opening documents received by e-mail or by infecting Web sites with links to documents that have attacks for these vulnerabilities embedded,” according to the Top Cyber Security Risks list. Waves of targeted e-mail attacks, often called 'spear phishing,' are exploiting client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office,” the report states. “This is currently the primary initial infection vector used to compromise computers that have Internet access.” These targeted attacks are the primary threat faced by government organizations and by top executives with access to sensitive data.

For more information:
http://gcn.com/articles/2009/09/15/top-cybersecurity-risks-list-released.aspx