Corporations concerned about the release of thousands of CIA documents detailing hacks against Apple iOS and Mac OSX, Google\u2019s Android, Microsoft\u2019s Windows, Linux and Solaris need to conduct a fresh round of risk assessment that takes the new revelations into account.While the trove of leaked data \u2013 known as Vault 7 \u2013 doesn\u2019t include code for actual exploits, it does describe the types of vulnerabilities they take advantage of, which can still be of value to both defenders and potential attackers, says John Pironti, president of IP Architects, a security risk consulting firm.The released documents give a view of the capabilities and targets of the CIA, but it also offers a broader perspective, says Michael Shaulov, head of Check Point Software\u2019s mobile and cloud security products. \u201cReplace the CIA with any other entity and you have a blueprint of how sophisticated actors operate.\u201d The next step is for corporate security pros to figure out whether their current defenses protect against the range of threats the documents describe. \u201cThey need to understand where they have gaps.\u201dPironti says they\u2019ll then need to come up with new compensating controls.For now, given that the actual exploit code has not been released, but the vulnerabilities they take advantage of may still be unpatched, enterprises should consider security tools designed to detect zero day attacks in general, Shaulov says.When, as Wikileaks promises, the specific exploits have been responsibly disclosed so vendors can patch against them, security pros should make sure they patch, he says. But given the spotty track record enterprises have for patching in a timely fashion, the new exploits are likely to be used for a long time. (The Open SSL exploit Heartbleed, for example, is still present on nearly 200,000 Internet exposed servers.)Meanwhile, Pironti says details about vulnerabilities that are documented in the Wikileaks dump can be built into new threats by criminal reverse engineers. These details act as breadcrumbs that lead them to promising flaws. \u201cYou\u2019ve just made their research time a lot shorter,\u201d he says.A section of the released documents entitled \u201cDevelopment Tradecraft DOs and DON'Ts\u201d could be used as a textbook by less experienced hackers, he says. The tips it includes help make it more difficult for victims to respond to incidents, perform forensic reviews and attribute attacks.It offers tips such as keeping binary size small to avoid detection, hiding data being stolen by using common protocols and shutting down network connections that are no longer being used. It\u2019s information top hackers already know, but, \u201cIt\u2019s information that would help raise the education level of the more novice adversary,\u201d Pironti says. And it can give experienced adversaries intelligence to increase the effectiveness of their attacks.The leaks mean more and different types of attacks that will be based on information in these leaks, says Eric O\u2019Neill, National Security Strategist for Carbon Black. \u201cAttackers are brilliant and lazy,\u201d he says. \u201cWhy develop when you can grab something out there and modify it to your use?\u201dCriminals and national espionage agencies will try to make use of the tools described in the Vault 7 data. \u201cIt\u2019s important to understand what\u2019s in there.\u201dNot all of Vault 7 is current, says Kaspersky Labs. For example, one vulnerability mentioned in the leak known as heapgrd, was \u201cpreviously known and fixed in Kaspersky Lab products in 2009,\u201d Kaspersky says. \u201cThe products mentioned in the Wikileaks report \u2026 are outdated versions of Kaspersky Lab software and have been out of the technical support lifecycle for several years.\u201dLeak your comments to Facebook for all to see.