A naukri.com initiative
Securelist
1M
237
Image Credit: Securelist
Exploits and vulnerabilities in Q4 2024
- Q4 2024 saw fewer published exploits for Windows and Linux compared to the first three quarters.
- Although the number of registered vulnerabilities rose, the total number of Proof of Concept instances decreased compared to 2023.
- Attackers in Q4 leveraged undocumented RPC interfaces and targeted the Windows authentication mechanism.
- There was growth in the number of registered vulnerabilities and a decrease in the number of PoCs.
- The most prevalent CWEs exploited included OS Command Injection, improper input filtering, and memory corruption vulnerabilities.
- New popular CWEs in 2024 included Use After Free, Path Traversal, Code Injection, and Deserialization of untrusted data.
- In Q4, Windows exploits targeted vulnerabilities in Microsoft Office, WinRAR, and various Windows subsystems.
- Linux vulnerabilities exploited vulnerabilities in nf_tables, io_uring, Dirty Pipe, and netfilter components.
- Most common exploits continue to target operating systems, with attackers finding new exploitable vulnerabilities.
- Top 10 vulnerabilities exploited in APT attacks included Microsoft Office vulnerabilities and vulnerabilities for PAN-OS.
Read Full Article
14 Likes
For uninterrupted reading, download the app