CVE Publishing: A Race to Protect against Dark Web Threat Actors Trying to Exploit

Download Now

To download this white paper you’ll need an Infosecurity Magazine account. Log in or sign up below.

Log In

Sign Up

Get up-to-the-minute news and opinions, plus access to a wide assortment of Information Security resources that will keep you current and informed.

This will be used to identify you if you take part in our online comments.
Your password should be at least six characters long. It is case sensitive. Passwords can only consist of alphanumeric characters or ~!@#$%^&*()_-+=?.

Infosecurity Magazine collects personal information when you register for our magazine and sponsored content. We will use this information to deliver the product or service for which you are registering.

We will also share your information with the declared sponsor of any webinar, whitepaper or virtual event for which you register and this sponsor is clearly indicated on each event page. You can opt out at any time in your user account.

For more information explaining how we use your information please see our privacy policy.

By registering you agree with our terms and conditions and privacy policy.

CVE (Common Vulnerabilities and Exposures) is a list of publicly known cybersecurity vulnerabilities and exposures. Its purpose is to facilitate the sharing of data and to alert users of required actions to mitigate potential threats in the cyber world. Although the practice of alerting the public with new CVEs is a crucial component in contemporary cyber-security strategy, Sixgill has identified a common practice in the Dark Web underground which indicates that publishing CVEs could turn out to be a double-edged sword. From what we are seeing, cyber threat-actors are continuously searching for new vulnerabilities and they invest considerable effort in finding ways to exploit these vulnerabilities.

For example, Sixgill recently identified such a criminal behavior involving CVE-2018-7600. On March 28, 2018, Drupal, a back-end framework used by websites worldwide, confirmed that a highly critical vulnerability (CVE-2018-7600, nicknamed "Drupalgeddon2") was affecting Drupal 8, 7, and 6 sites. Drupal explained that exploiting the vulnerability could have "a dramatic impact" on the site. It seems that this announcement alerted underground actors to the vulnerability and triggered discussions among threat-actors, who were seeking to exploit it before users had the chance to fix it. 

Download this whitepaper to find out: 

  • How cyber threat-actors are continuously lurking for new vulnerabilities and trying to exploit them
  • Insights into the underground discourse regarding new exploits, and how to help mitigate the threat this poses
  • Recommendations regarding the Drupal vulnerability to help mitigate the threat

Brought to You by

Should you download this whitepaper your information will be shared with the sponsor indicated above. See our privacy policy for more information.