“Make sure you’ve patched your software’s older vulnerabilities! Cybercriminals are buying up older exploits for a vulnerability because they are cheaper and easy to find!”
Glenn Baruck, Chicago Voice & Data
FYI, patching the latest critical software vulnerability may not be as important as making sure the most popular one from several years ago is fixed. A new study from antivirus vendor Trend Micro found that cybercriminal forums continue to advertise exploits for a vulnerability years after a patch has been released, with sellers adjusting prices to market demand and bundling multiple old exploits together to maximize profits.
The study, which spanned nearly two years and numerous illicit marketplaces, found that almost half of all the software exploits requested on forums were for vulnerabilities that were at least three years old.
This quick read by Sean Lyngaas for Cyberscoop.com provides essential info into the study results and trends on the dark web.