Security News > 2022 > January > Week in review: PolKit vulnerability, fake tax apps pushing malware, EU’s bug bounty for open source

Week in review: PolKit vulnerability, fake tax apps pushing malware, EU’s bug bounty for open source
2022-01-30 09:00

PolKit vulnerability can give attackers root on many Linux distrosA memory corruption vulnerability in PolKit, a component used in major Linux distributions and some Unix-like operating systems, can be easily exploited by local unprivileged users to gain full root privileges.

Attackers connect rogue devices to organizations' network with stolen Office 365 credentialsAttackers are trying out a new technique to widen the reach of their phishing campaigns: by using stolen Office 365 credentials, they try to connect rogue Windows devices to the victim organizations' network by registering it with their Azure AD. Stealthy Excel malware putting organizations in crosshairs of ransomware gangsThe HP Wolf Security threat research team identified a wave of attacks utilizing Excel add-in files to spread malware, helping attackers to gain access to targets, and exposing businesses and individuals to data theft and destructive ransomware attacks.

EU launches bug bounty programs for five open source solutionsThe European Union is, once again, calling on bug hunters to delve into specific open source software and report bugs.

Strong security starts with the strengthening of the weakest link: passwordsDarren Siegel is a cyber security expert at Specops Software.

Beware of fake tax apps pushing malwareWith the self-assessment tax deadline fast approaching in the UK, self-employed individuals will be looking to take advantage of the many apps that are on the market to help make the tax return process as smooth as possible.

Built by admins for admins, Runecast enables a proactive approach to operational transparency, vulnerability and configuration management, security compliance and remediation of issues.


News URL

https://www.helpnetsecurity.com/2022/01/30/week-in-review-polkit-vulnerability-fake-tax-apps-pushing-malware-eus-bug-bounty-for-open-source/