Cisco cites increase in Silverlight security exploits

Companies that run Microsoft Silverlight might need to be wary of security risks, according to a recent post that appeared on the official Cisco blog. The authors warn about the exploits currently affecting this program, calling it "the drive-by flavor of the month." Your business should make sure that whatever screen scraping tools it uses are up-to-date and allow for secure access, especially if you run on Microsoft and are likely to have Silverlight installed.

Data presented in the post shows how the vulnerability for Silverlight seems to be increasing, with 10 percent of users resisting potentially helpful upgrades. This current rush of exploits has been spurred on by "malvertising" efforts, which can be extremely visible and easily accessible in the workplace.

"While traditional security mechanisms (firewall, IDS, etc.) are reasonable to support defense-in-depth, it is the advanced statistical analysis of all available data that will automatically identify behavioral anomalies and deliver finished threat intelligence to analysts, especially in the context of web based drive-by attacks," the authors of the post write.

There may be other consequences of this, too, as CNET reports that Google will not be supporting Silverlight plug-ins in Chrome over the course of the next few years. Other plugins will no longer be supported, including Java.

The main targets of this effort are those plugins that use Netscape Plug-In Application Programming Interface, which have been slowly dropping over the past few months and are the target of modernization companies.

The ease with which users can encounter malware on the internet, combined with the ways that necessary upgrades can go un-implemented, means that only the most trustworthy manner of sharing screens and broadening functional mobile use should be considered.