Security News > 2021 > January > Week in review: Sudo vulnerability, Emotet takedown, execs targeted with Office 365 phishing

"Serious" vulnerability found in Libgcrypt, GnuPG's cryptographic libraryLibgcrypt 1.9.0, the newest version of a cryptographic library integrated in the GNU Privacy Guard free encryption software, has a "Severe" security vulnerability and should not be used, warned Werner Koch.

Sudo vulnerability allows attackers to gain root privileges on Linux systemsA vulnerability in sudo, a powerful and near-ubiquitous open-source utility used on major Linux and Unix-like operating systems, could allow any unprivileged local user to gain root privileges on a vulnerable host.

Business executives targeted with Office 365-themed phishing emailsAn ongoing campaign powered by a phishing kit sold on underground forums is explicitly targeting high-ranking executives in a variety of sectors and countries with fake Office 365 password expiration notifications, Trend Micro researchers warn.

Security researchers targeted by North Korean hackersOver the past few months, hackers have been trying to surreptitiously backdoor the computer systems of a number of security researchers working on vulnerability research and development at different companies and organizations, the Google Threat Analysis Group has revealed.

How much is a vulnerability worth?As part of its crowdsourced security program, Zoom has recently increased the maximum payout for vulnerabilities to $50,000.

CISOs increasingly focus on mitigating mobile security risksThe emergence of the everywhere enterprise has shifted CISO priorities away from combating network security threats and towards mitigating mobile security risks, Ivanti reveals.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/gpvV5UbNh2w/