Q4 2024 saw fewer published exploits for Windows and Linux compared to the first three quarters. Although the number of registered vulnerabilities continued to rise, the total number of Proof of Concept (PoC) instances decreased compared to 2023. Among notable techniques in Q4, attackers leveraged undocumented RPC interfaces and targeted the Windows authentication mechanism.

Statistics on registered vulnerabilities

This section contains statistics on registered vulnerabilities. Data is sourced from the CVE portal: cve.org.

Total number of registered vulnerabilities and number of critical ones, Q4 2023 vs. Q4 2024 (download)

In Q4 2024, the trend of documenting software flaws that create vulnerabilities continued to gain momentum. The share of vulnerabilities labeled as critical was slightly higher than in Q4 2023. In general, more and more vulnerabilities are being assigned CVE identifiers through Bug Bounty programs and general software security research. Let’s also examine the number of public exploits.

Number of vulnerabilities, the share of critical ones, and those for which exploits exist, 2019–2024 (download)

As shown in the graph, the number of published exploits for vulnerabilities ended up at around 6%, which is 4 p.p. lower than in 2023. This decline may be due to vendors’ requirements not to disclose information about exploitation methods for discovered vulnerabilities and corresponding exploits—we believe researchers are increasingly encountering such requests. Thus, the main trends of 2024 were the growth in the number of registered vulnerabilities, the decrease in the number of PoCs, and the share of critical vulnerabilities remaining at 2023 levels.

Let’s examine the most popular types of vulnerabilities exploited in real attacks in 2023 and 2024.

Number of vulnerabilities by the most prevalent CWEs used in attacks on users in 2023 (download)

Number of vulnerabilities by the most prevalent CWEs used in attacks on users in 2024 (download)

As in 2023, the top three in the list are the following software issues:

• CWE-78—Improper or insufficient neutralization of command-line inputs (OS Command Injection);
• CWE-20—Improper input filtering and validation. This includes most vulnerabilities that allow attackers to take control of applications;
• CWE-787—Memory corruption vulnerabilities (Out-of-bounds Write).

These types of flaws have been known for a long time and remain actively exploited by attackers. The number of associated vulnerabilities has remained at the same level over the past two years.

Next are software flaws that are less common but no less critical. In 2024, some of the most popular CWEs included the following:

• CWE-416—Improper use of dynamic memory resources (Use After Free);
• CWE-22—Improper handling of file system path formats (Path Traversal);
• CWE-94—Improper control of code generation (Code Injection);
• CWE-502—Deserialization of untrusted data;
• CWE-843—Improper handling of data types (Type Confusion);
• CWE-79—Improper neutralization of input during web page generation (Cross-site Scripting);
• CWE-122—Heap-based Buffer Overflow.

Compared to 2023, CWE-119—associated with performing operations outside buffer bounds—was the only one to drop out of the TOP 10. However, it was replaced by a similar type, CWE-122, associated with buffer overflow—so memory corruption vulnerabilities remained on the list. This confirms that the landscape of software flaws leading to exploitable vulnerabilities has remained unchanged over the past two years.

Exploitation statistics

This section contains statistics on the use of exploits in Q4 2024. The data is based on open sources and our telemetry.

Windows and Linux vulnerability exploitation

Among the exploits detected by Kaspersky solutions for Windows, the most popular throughout 2024, including Q4, were vulnerabilities in Microsoft Office applications:

• CVE-2018-0802—Remote code execution vulnerability in the Equation Editor component;
• CVE-2017-11882—Another remote code execution vulnerability also affecting the Equation Editor;
• CVE-2017-0199—A vulnerability in Microsoft Office and WordPad that allows an attacker to take control of the system.

Following these, the most common vulnerabilities in Q4 included those in WinRAR and various Windows subsystems:

• CVE-2023-38831—A vulnerability in WinRAR related to improper handling of objects contained in an archive;
• CVE-2024-38100—A vulnerability known as Leaked Wallpaper, which allows an attacker to obtain a NetNTLM hash used in user authentication protocols;
• CVE-2024-21447—A vulnerability in improper link handling within the file system. It resides in the UserManager service and, if exploited, allows privilege escalation;
• CVE-2024-28916—A vulnerability similar to CVE-2024-21447 in the Xbox Gaming Service.

Each of the above vulnerabilities can be used to compromise the system and gain the highest possible privileges, so we recommend regularly updating the corresponding software.

Dynamics of the number of Windows users encountering exploits, Q1 2023—Q4 2024. The number of users who encountered exploits in Q1 2023 is taken as 100% (download)

Kaspersky products for the Linux operating system triggered on exploits for the following vulnerabilities:

• CVE-2024-1086—Improper resource handling vulnerability in the nf_tables component of the kernel. Exploiting it allows privilege escalation in the system;
• CVE-2024-0582—A memory leak vulnerability in the io_uring component, which can be used to escalate privileges on the vulnerable system;
• CVE-2022-0847—A widespread vulnerability known as Dirty Pipe, allowing privilege escalation and control over running applications;
• CVE-2022-34918—Improper handling of kernel objects related to the netfilter component. Exploiting the vulnerability allows privilege escalation in the system.

Dynamics of the number of Linux users encountering exploits, Q1 2023—Q4 2024. The number of users who encountered exploits in Q1 2023 is taken as 100% (download)

For the Linux operating system, it is critically important to keep kernel components up to date, as well as any software used.

Most common published exploits

The distribution of published exploits for vulnerabilities by platform, Q3 2024 (download)

The distribution of published exploits for vulnerabilities by platform, Q4 2024 (download)

In Q4 2024, operating systems remained the most popular category of software in terms of the number of publicly available working exploits. At the same time, the share of exploits targeting Microsoft Office tools decreased, and no exploits for SharePoint vulnerabilities were published.

The distribution of published exploits for vulnerabilities by platform, 2024 (download)

Data for 2024 shows that the overall trend of attacks on operating systems continues to grow, increasingly displacing other categories of software. Researchers and attackers are finding new operating system components that still contain potentially exploitable vulnerabilities.

Vulnerability exploitation in APT attacks

We analyzed which vulnerabilities were most commonly used in APT attacks in Q4 2024. The ranking below is based on our telemetry, research, and open sources.

TOP 10 vulnerabilities exploited in APT attacks, Q4 2024 (download)

The list of vulnerabilities commonly used in APT attacks shows changes in the software exploited by attackers. Microsoft Office applications, whose vulnerabilities were not used as much in 2023, have returned to the top ten most frequently exploited types of software. In addition, vulnerabilities for PAN-OS appeared on the list for the first time. Moreover, remote access systems and corporate data processing solutions once again appeared among the vulnerable applications. These statistics highlight the issue of delayed patch installation, which attackers quickly exploit. We strongly recommend promptly updating the software listed.

Interesting vulnerabilities

This section contains the most interesting vulnerabilities published in Q4 2024.

CVE-2024-43572—Remote code execution vulnerability in Microsoft Management Console

The Windows operating system has many useful features and mechanisms that allow users to customize it for their convenience. One such feature is the Microsoft Management Console (MMC)—an interface for running applications that contain strictly structured information. These applications are called “snap-ins.” The operating system provides a number of built-in tools for working with MMC, such as
services.msc—an interface for managing services. This is an XML file that interacts with individual COM objects and allows you to set parameters for them in the management console.
According to Microsoft documentation, .msc files can be used for system administration. Attackers exploited this functionality to run commands on user systems: inside the .msc file, they specified the URI
urn:schemas-microsoft-com:xslt and commands in JavaScript and VBScript. These files were distributed as email attachments.

Header of the main .msc file

CVE-2024-43451—NetNTLM hash disclosure vulnerability

This vulnerability is also related to the functionality of the Windows operating system, specifically to the NTLM authentication mechanism with the SSPI interface, which is automatically launched in all versions of the OS up to and including Windows 10. During the transmission of the NetNTLM hash, an attacker can intercept it or redirect it to another service, resulting in the compromise of the victim’s credentials. In common legitimate Windows scenarios, users frequently need to authenticate using the NTLM protocol, which may attract attackers. In 2024, we observed the active use of files of various formats with the .url extension in attacks: these files contained links to resources that triggered authentication using NTLM mechanisms.

CVE-2024-49039—Elevation of privilege vulnerability in Windows Task Scheduler

Our 2024 reports mainly included vulnerabilities that were used either solely for privilege escalation or for initial system access. However, CVE-2024-49039 stands out because it allows stealthy persistence within the system, privilege escalation, and command execution.

This vulnerability exploits an undocumented RPC endpoint on the server side, which contains interfaces with a misconfigured security descriptor, enabling privilege escalation.

In recent versions of Windows, when a scheduled task is registered, applications can run in AppContainer, which generally limits their privileges. To exploit the vulnerability, an attacker needs to create a scheduled task that, upon execution, calls the undocumented RPC endpoint. The Task Scheduler contains a vulnerable application launch algorithm, and as a result of the RPC call, the application will be relaunched without AppContainer with the privileges of a regular or system user.

Conclusion and advice

The total number of vulnerabilities registered in the Q4 2024 continues to grow compared to 2023, but the number of published exploits decreased. This may be due to the fact that software vendors have not yet released patches because of the traditional lull during the holiday period. Notably, attackers continue to invent new methods of privilege escalation, as seen in the Task Scheduler vulnerability.

To stay safe, it is essential to respond promptly to the evolving threat landscape. Also, make sure that you:

• Ensure round-the-clock monitoring of your infrastructure, paying special attention to the perimeter;
• Maintain a patch management process: promptly apply security fixes. To configure and automate vulnerability and patch management, you can use solutions like Vulnerability Assessment and Patch Management and Kaspersky Vulnerability Data Feed;
• Use reliable solutions that can detect and block malware on corporate devices, and comprehensive tools that include incident response scenarios and up-to-date cyberthreat databases.

securelist.com/vulnerabilities…

Camper shells are a time-honored piece of truck gear, but with modern trucks having increasingly vestigial beds, the length of your overnight abode has increasingly shrunk as well. To combat this problem, [Ed’s Garage] built a camper shell that extends once you’ve arrived at your campsite.

[Ed] wanted to keep things relatively low profile while still tall enough to sit up in for convenience, leading to a small bit of the shell peeking over the truck’s roof. To keep the cold Canadian winter out, attention was paid to proper weather sealing around the sliding portion of the shell so that it stays warm and dry inside.

While this would work on any truck, the mains power plugs in the bed of some modern trucks mean that certain glamping conveniences like a heater and projector can be easily powered while you’re in camp. We get to see the camper shell in action at the end of the video where the pros and cons of having your sleeping space also being your storage while en route become apparent.

If you’re looking for something a little less conventional for your camping experience, how about this solar camper or this retro bike camper?

youtube.com/embed/MfxifnxYbPI?…

hackaday.com/2025/02/26/want-a…

Muon tomography (muography) is the practice of using muons generated by cosmic rays interacting with Earth’s atmosphere (or equivalent) to image structures on Earth’s surface, akin to producing an X-ray. In lieu of spending a lot of spending a fair bit of money on dedicated muon detectors, you can also hack such a device together with two Geiger-Müller tubes and related circuitry for about $100 or whatever you can source the components for.

The reason for having two Geiger-Müller tubes is to filter out the countless other (much more prevalent) sources of ionizing radiation that we’re practically bathed in every second. Helped by a sheet of lead between both tubes, only a signal occurring at the same time from both tubes should be a muon. Specially cosmic ray muons, as these have significantly more kinetic energy that allows them to pass through both tubes. As a simple check it’s helpful to know that most of these muons will come from the direction of the sky.

The author of the article tested this cobbled-together detector in an old gold mine. Once there the presence of more rock (and fewer muons) was easily detected, as well as a surge in muons indicating a nearby void (a mine shaft). While not a fast or super-easy way to image structures, it’s hard to beat for the price and the hours of fun you can have while spelunking.

hackaday.com/2025/02/26/buildi…

This week, Jonathan Bennett and Rob Campbell talk with Shimon Schocken about Nand2Tetris, the free course about building a computer from first principles. What was the inspiration for the course? Is there a sequel or prequel in the works? Watch to find out!

• Nand2Tetris

youtube.com/embed/X-CavXZjfGU?…

Did you know you can watch the live recording of the show right on our YouTube Channel? Have someone you’d like us to interview? Let us know, or contact the guest and have them contact us! Take a look at the schedule here.

play.libsyn.com/embed/episode/…

Direct Download in DRM-free MP3.

If you’d rather read along, here’s the transcript for this week’s episode.

Places to follow the FLOSS Weekly Podcast:

• Spotify
• RSS

Theme music: “Newer Wave” Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

hackaday.com/2025/02/26/floss-…

Picture a football (soccer ball) in your head and you probably see the cartoon ideal—a roughly spherical shape made with polygonal patches that are sewn together, usually in a familiar pattern of black and white. A great many balls were made along these lines for a great many decades.

Eventually, though, technology moved on. Footballs got rounder, smoother, and more colorful. This was seen as a good thing, with each new international competition bringing shiny new designs with ever-greater performance. That was, until things went too far, and the new balls changed the game. Thus was borne the “knuckleball” phenomenon.

Smoother Is Better, Right?

An Adidas Telstar from the 1974 World Cup. The original Telstar design actually predates 1974, and the combination of 12 pentagonal and 20 hexagonal panels and black and white patterns had been used before, too. Regardless, the Adidas design was soon globally known, and eventually became the “default” design for a football in media. Credit: shine2010, CC BY 2.0
From the late industrial era onwards, footballs were traditionally made with leather panels wrapped around some form of rubber bladder. As it’s not easy to produce a seamless leather sphere, balls were instead sewn together from individual leather panels in order to create a vaguely spherical whole. Early designs had few panels, and weren’t particularly good at approximating the shape of a sphere. They often had large, wide seams that stretched far across the surface of the ball. Larger seams were by and large undesirable, as they made the ball harder to control. Ridges where the panels met could catch on the foot and lead to unpredictable behavior.
The 32-panel design persisted at the World Cup level until 2002, with the Fevernova ball. Credit: Nicola, CC BY-SA 4.0
Over time, there was a desire to create smoother, rounder balls for professional play. By the 1970s, football designs began to coalesce around a common format. The standard became 12 pentagonal and 20 hexagonal panels, which could be sewn together into a relatively good approximation of a sphere. This also allowed the construction of a ball with very fine seams, creating a more predictable ball which enabled far finer control. The format was perhaps best popularized by the Adidas Telstar as used in the 1970 and 1974 World Cups. Even though it wasn’t the first to use the 12-and-20 design, the layout and the black-and-white pattern has been firmly etched in footballing consciousness ever since. Indeed, starting at the 1970 World Cup, Adidas has made every following World Cup ball since.

For a time, it seemed as if the design of the football was settled science. Adidas stuck with the 32-panel design up until the 2006 World Cup, when it revealed the +Teamgeist design. It used 14 curved panels that were bonded instead of stitched, creating a smoother ball for yet more predictable handling. It was also intended that the design would be more waterproof, to avoid gaining weight in wet matches. The ball was criticised by some for its erratic flight patterns, but by and large was seen as fit for purpose.
The Jabulani proved controversial, with its ultra-smooth design criticised for creating its unpredictability in flight. Credit: Adidas, editorial use
With another successful World Cup under its belt, Adidas innovated further for the 2010 World Cup. It created the Jabulani, which consisted of just eight spherically-moulded panels bonded together into an ultra-smooth and cohesive sphere. If the 2006 World Cup ball was slightly controversial, the Jabulani was outrageous. The ball was referred to as “supernatural” for its tendency to suddenly change direction in flight, which pleased strikers to a degree, but frustrated goalkeepers to no end. Ultimately, though, this tendency wasn’t good for getting balls on target. Just 147 goals were scored in the 2010 World Cup, the fewest since the competition changed its tournament format in 1998.

The problem came down to a phenomenon known as “knuckling.” This happens when the ball is travelling through the air with little to no spin. At a certain speed, the seams on the ball tend to interact with the airflow, channeling it such that it creates sudden and unpredictable movements. The term first developed in baseball, but became relevant to football with the development of the 2006 and 2010 World Cup balls, which suffered this phenomenon more often in play.

The phenomenon became so well known that NASA scientists took the opportunity to throw World Cup balls in a test chamber to demonstrate the effects at play. Knuckling behavior tends to peak at a certain critical speed, with the effect lessened either side of the peak. The problem was that the smoother designs were “knuckling” at higher speeds than balls from previous generations. NASA researchers found that the Jabulani would undergo unpredictable flight due to knuckling at speeds of 50 to 55 mph—right around the speed at which professional strikers can deliver a ball to the net. Meanwhile, more traditional 32-panel balls tend to see a peak in knuckling around 30 mph. Since strikers were typically kicking beyond this speed, knuckling—and thus unpredictable flight—wasn’t such a problem with the older designs.
The Brazuca demonstrated a critical knuckling speed closer to a traditional 32-panel ball in NASA’s tests. “What we are looking for in the smoke patterns is at what speed the smoke patterns suddenly change,” notes Rabi Mehta, NASA’s chief of the Experimental Aero-Physics Branch. “This is when the knuckling effect is greatest.” Credit: NASA
Being well aware of the problem after the 2010 World Cup, Adidas went back to the drawing board and developed the Brazuca for the 2014 competition. The number of panels was reduced yet further to just six. However, Adidas wasn’t intending to just go smoother yet again. Instead, the Brazuca had longer, deeper seams than the Jabulani, and panels covered in textured bumps. Through the company’s careful design efforts, this brought the critical knuckling speed back down to around 30 mph, much more akin to a traditional 32-panel ball.

By and large, the Brazuca proved far less controversial than its two predecessors. Search for articles on the 2014 ball, and you’ll find a little speculation from before the World Cup, before the story died completely once competition began. No more were unpredictable balls confounding the world’s finest footballers. Meanwhile, democratically speaking, where the +Teamgeist and Jabulani each have hundreds of words spilled on Wikipedia over controversy and criticism, the Brazuca has none.
Adidas gave the Brazuca deeper seams and a bumpy finish to improve its stability in flight. Credit: Nicola, CC BY-SA 4.0
The story of the Jabulani is one of unintended consequences. Adidas had intended to improve its product in a predictable and routine manner, only to find an unexpected effect at play which threw a spanner in the works. Once the effect was understood, it could be controlled and refined out with careful design. Football hasn’t suffered a “supernatural” ball since, even as the technology marches ever further into the Smart Ball era. Still, who knows what comes next at the 2026 World Cup?

hackaday.com/2025/02/26/too-sm…

'Cries and Whispers' è il nuovo album dei Corde Oblique, in uscita il 14 febbraio 2025 per The Stones of Naples Records.

Il gruppo partenopeo torna dopo cinque anni di silenzio discografico e lo fa con un gran disco. La creatura musicale di Riccardo Prencipe è un unicum a livello nazionale ed internazionale, con la sua musica sempre originale che nasce da una creatività senza fine, capace di agire su più livelli differenti. Questo ultimo lavoro è diviso in due parti : la prima si intitola “Cries” e tratta di qualcosa che Riccardo aveva in mente da molto tempo, ovvero tornare alle sue radici musicali in un contesto totalmente differente rispetto a quello della gioventù. Il chitarrista e compositore napoletano quando aveva diciotto anni, oltre a militare nei Lupercalia suonava in un gruppo di metal estremo che faceva black e death metal, e certi elementi di quei generi gli sono rimasti dentro, e li ha fatti uscire con la prima parte di questo disco, e il risultato è assai notevole. iyezine.com/corde-oblique-crie…

#TheStonesOfNaplesRecords
#RiccardoPrencipe
#Neofolk
#MetalEstremo
#MusicaOriginale
#SussurriEGrida
#IngmarBergman
#CreativitàMusicale
#SoundtrackDellaVita

Corde Oblique - Cries and whispers

Corde Oblique - Cries and whispers - Corde Oblique torna con "Cries and Whispers", un album innovativo in uscita il 14 febbraio 2025. Scopri il viaggio musicale di Riccardo Prencipe! - Corde Oblique

^{Massimo Argo (In Your Eyes ezine)}