Exploits and vulnerabilities in Q1 2024


Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component of evolving cyberthreat landscape.

In this report, Kaspersky researchers present a series of insightful statistical and analytical snapshots relating to the trends in the emergence of new vulnerabilities and exploits, as well as the most prevalent vulnerabilities being used by attackers. Additionally, they take a close look at several noteworthy vulnerabilities discovered in Q1 2024.

Read more…
Source: Kaspersky


Sign up for our Newsletter


Related:

  • iPhone flaw could read your saved passwords out loud – update now

    October 7, 2024

    Apple has issued security updates for iOS 18.0.1 and iPadOS 18.0.1 which includes a fix for a bug that could allow a user’s saved passwords to be read aloud by its VoiceOver feature. VoiceOver allows users to use their iPhone or iPad even if they can’t see the screen. It gives audible descriptions of what’s on ...

  • CISA flags major Ivanti security flaw – patch now

    October 3, 2024

    The US Cybersecurity and Infrastructure Security Agency (CISA) has added a known Ivanti bug to its Known Exploited Vulnerabilities (KEV) catalog, signalling that it’s being actively abused in the wild. The bug that was just added is an SQL Injection vulnerability, found this spring in the Core server of Ivanti Endpoint Manager (EPM) 2022 SU5 and ...

  • Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks

    September 30, 2024

    Have you ever wondered why there are so many vulnerable drivers and what might be causing them to be vulnerable? Do you want to understand why some drivers are prone to crossing security boundaries and how we can stop that? Vulnerable drivers not only put the system where they are installed at risk, but they can ...

  • Proactive Visibility Is Foundational to Strong Cybersecurity

    September 30, 2024

    Exposures are more than CVEs, so organizations need to move beyond the traditional thinking of vulnerability management to a holistic view. Part of that view must be greater visibility into devices, users, applications, and all the digital infrastructure connected to an organization’s environment. Gaps in that view create risk exposure. Organizations must proactively identify anything that ...

  • Multiple Vulnerabilities in Common Unix Printing System (CUPS)

    September 27, 2024

    On Thursday, September 26, 2024, a security researcher publicly disclosed several vulnerabilities affecting different components of OpenPrinting’s CUPS (Common Unix Printing System). CUPS is a popular IPP-based open-source printing system primarily (but not only) for Linux and UNIX-like operating systems. According to the researcher, a successful exploit chain allows remote unauthenticated attackers to replace existing printers’ ...

  • Zooming in on CVE‑2024‑7965

    September 19, 2024

    On August 21, Google released an update for Chrome, fixing a total of 37 security flaws. Researchers across the globe paid their attention to the CVE‑2024‑7965 vulnerability described as an inappropriate implementation in the browser’s V8 engine. The vulnerability can lead to remote code execution (RCE) in the Chrome renderer and thus become a starting point ...