Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks.
The total number of first-time publications of PoCs for fresh CVEs rose by 2%, which indicates an acceleration in exploit creation.
Kaspersky solutions for Windows include vulnerabilities in Microsoft Office, Windows Error Reporting Service, Microsoft Streaming Service Proxy, WinRAR.
Kaspersky products detected vulnerabilities in Linux OverlayFS kernel module, Sudo utility command in the system, dynamic loader ld.so, Netfilter subsystem, kernel memory management system and nftables.
Vulnerabilities critical for exploitation were more likely than before to be related to operating system subsystems.
The ranking of TOP 10 vulnerabilities exploited in APT attacks includes vulnerabilities that grant access to systems running web applications and mail servers.
CVE-2024-47177 (CUPS filters) discovered in Linux version of CUPS, a printing toolkit for Unix-like operating systems can be exploited through FoomaticRIPCommandLine.
CVE-2024-6387 (regreSSHion) vulnerability caused a stir in Q3 2024; an attack on a system at the very stage when the SSH server receives authentication data.
CVE-2024-3183 (Free IPA) provides centralized identity management and authentication for Linux systems. A user with minimal privileges on the network can sniff ticket encryption data and use it to carry out a Kerberoasting attack.
CVE-2024-5290 (Ubuntu wpa_supplicant) vulnerability was caused by a misconfigured RPC interface the default setting allowed a regular user to access quite critical functionality.