After a new CVE (common vulnerabilities and exposures) is made public, cybercriminals often start searching the internet for systems that can be exploited within an hour. However, what happens if the developers of the vulnerable software do not release patches quickly? This prompts the question of how much time organizations that utilize potentially vulnerable software have to enhance their security and how best to address the issue.
Hackers run active scans of IP addresses to identify vulnerable services during the initial intelligence-gathering stage (based on the MITER ATT&CK matrix). Again, according to expert estimates, this can be observed a few minutes after the publication of the CVE.
This article has been indexed from DZone Security Zone
Read the original article: