{"uuid": "72290748-ab88-4aef-8a35-edbf00620421", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0022", "type": "exploited", "source": "https://t.me/information_security_channel/15310", "content": "At the micro level, the big takeaway from this report is the anomalous position of CVE-2017-0022. It is the third most discussed vulnerability on the dark web forums, yet in relation to just two pieces of malware: exploit kits Astrum (aka Stegano) and Neutrino. This is the lowest number of associated malware in the top ten vulnerabilities -- both of the two more popular vulnerabilities are associated with ten different peices of malware. CVE-2017-0199 is associated with malware including Hancitor, Dridex (https://www.securityweek.com/dridex-campaign-abuses-ftp-servers)\u00a0and FinFisher (https://www.securityweek.com/net-zero-day-flaw-exploited-deliver-finfisher-spyware), while CVE-2016-0189 is associated with nine different exploit kits and the Magniber (https://www.securityweek.com/new-magniber-ransomware-emerges) ransomware.\nBut it's not just in malware associations that CVE-2017-0022 is anomalous. It has a Common Vulnerability Scoring System (CVSS) rating of just 4.3. The next lowest rating in the top ten vulnerabilities is 7.6, while the top two are rated at 9.3 and 7.6. CVSS defines a 4.3 score as medium risk; and yet Recorded Future's research shows it to be the third most exploited vulnerability, commenting, \"'In the wild' severity does not always correlate with the Common Vulnerability Scoring System (CVSS) score.\"\nThis is a prime example of the reason for the analysis. Security teams could check the CVSS score and conclude on this evidence alone that the vulnerability does not require expedited remediation or patching. As the third most exploited vulnerability, Recorded Future's latest threat analysis suggests otherwise.\nBoston, Mass.-based Recorded Future raised $25 million in a Series E funding round led by Insight Venture Partners in October 2017 -- bringing the total funding raised to $57.9 million.\nRelated: Use of Fake Code Signing Certificates in Malware Surges (https://www.securityweek.com/use-fake-code-signing-certificates-malware-surges)\u00a0\nRelated: Researchers Warn Against Knee-Jerk Attribution of 'Olympic Destroyer' Attack (https://www.securityweek.com/researchers-warn-against-knee-jerk-attribution-olympic-destroyer-attack)\n\n                         \n            \n            \n  \n        \n                         \n            \n                \n            \n            \n            \n                Tweet (http://twitter.com/share)", "creation_timestamp": "2018-03-27T17:55:16.000000Z"}