SANS Institute: Organizations are failing to invest in the proper tools to mitigate two major cyber risks. Client-side application software vulnerabilities pose the largest threat to network security, report says. Web applications constitute more than 60 percent of the total attack attempts observed on the Internet, SANS says. Many spear-phishing attacks exploit vulnerabilities in commonly-used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office. Report: Operating systems continue to have fewer remotely-exploitable vulnerabilities that lead to massive Internet worms.”]
Source: https://www.csoonline.com/article/2124360/sans–security-ignores-the-two-biggest-cyber-risks.html