CVE Publishing: A Race to Protect against Dark Web Threat Actors Trying to Exploit

Download Now

To download this white paper you’ll need an Infosecurity Magazine account. Log in or sign up below.

Log in
Sign up

Get up-to-the-minute news and opinions, plus access to a wide assortment of Information Security resources that will keep you current and informed.

This will be used to identify you if you take part in our online comments.

Your password should:

  • be at least eight characters long
  • be no more than 25 characters long
  • contain at least one uppercase, lowercase and special character
  • contain at least one digit
  • only contain alphanumeric characters or ~!@#$%^&*()_-+=?.

For more information explaining how we use your information please see our privacy policy.

By registering you agree with our terms and conditions.

CVE (Common Vulnerabilities and Exposures) is a list of publicly known cybersecurity vulnerabilities and exposures. Its purpose is to facilitate the sharing of data and to alert users of required actions to mitigate potential threats in the cyber world. Although the practice of alerting the public with new CVEs is a crucial component in contemporary cyber-security strategy, Sixgill has identified a common practice in the Dark Web underground which indicates that publishing CVEs could turn out to be a double-edged sword. From what we are seeing, cyber threat-actors are continuously searching for new vulnerabilities and they invest considerable effort in finding ways to exploit these vulnerabilities.

For example, Sixgill recently identified such a criminal behavior involving CVE-2018-7600. On March 28, 2018, Drupal, a back-end framework used by websites worldwide, confirmed that a highly critical vulnerability (CVE-2018-7600, nicknamed "Drupalgeddon2") was affecting Drupal 8, 7, and 6 sites. Drupal explained that exploiting the vulnerability could have "a dramatic impact" on the site. It seems that this announcement alerted underground actors to the vulnerability and triggered discussions among threat-actors, who were seeking to exploit it before users had the chance to fix it. 

Download this whitepaper to find out: 

  • How cyber threat-actors are continuously lurking for new vulnerabilities and trying to exploit them
  • Insights into the underground discourse regarding new exploits, and how to help mitigate the threat this poses
  • Recommendations regarding the Drupal vulnerability to help mitigate the threat

Brought to you by

Should you download this content your information may be shared with the sponsors indicated above. Please see Infosecurity Magazine’s privacy policy for more information.