According to the data obtained during the study of the PreciseSecurity resource, in the third quarter of 2019, attackers most often exploited applications included in the Microsoft Office suite. In addition, cybercriminals actively used browsers and operating systems.
The data collected suggests that various vulnerabilities in MS Office applications were exploited by attackers in 72,85% of cases. Vulnerabilities in browsers were used in 13,47% of cases, and in different versions of the Android mobile OS - in 9,09% of cases. The top three are followed by Java (2,36%), Adobe Flash (1,57%) and PDF (0,66%).
Some of the most common vulnerabilities in the MS Office suite are buffer overflows in the Equation Editor stack. In addition, CVE-2017-8570, CVE-2017-8759, and CVE-2017-0199 were among the most exploited vulnerabilities. Another important issue was related to the zero-day vulnerability CVE-2019-1367, which led to memory corruption and allowed arbitrary code to be remotely executed on the target system.
According to the data provided by the PreciseSecurity resource, the top five countries that are the sources of the largest network attacks are the United States (79,16%), the Netherlands (15,58%), Germany (2,35%), France (1,85%) and Russia (1,05%).
Experts note that a large number of vulnerabilities in browsers are currently being discovered. Hackers are constantly looking for new vulnerabilities and bugs that can be used to achieve their goals. Most of the vulnerabilities discovered during the reporting period allowed remote privilege escalation within the system.
Source: 3dnews.ru