Week in review: Sudo vulnerability, Emotet takedown, execs targeted with Office 365 phishing

/in


Here’s an overview of some of last week’s most interesting news and articles:

“Serious” vulnerability found in Libgcrypt, GnuPG’s cryptographic library
Libgcrypt 1.9.0, the newest version of a cryptographic library integrated in the GNU Privacy Guard (GnuPG) free encryption software, has a “severe” security vulnerability and should not be used, warned Werner Koch.

Apple fixes three actively exploited iOS zero-days
Apple has release a new batch of security updates and has fixed three iOS zero-days that “may have been actively exploited” by attackers.

Sudo vulnerability allows attackers to gain root privileges on Linux systems (CVE-2021-3156)
A vulnerability (CVE-2021-3156) in sudo, a powerful and near-ubiquitous open-source utility used on major Linux and Unix-like operating systems, could allow any unprivileged local user to gain root privileges on a vulnerable host (without authentication).

Business executives targeted with Office 365-themed phishing emails
An ongoing campaign powered by a phishing kit sold on underground forums is explicitly targeting high-ranking executives in a variety of sectors and countries with fake Office 365 password expiration notifications, Trend Micro researchers warn.

Security researchers targeted by North Korean hackers
Over the past few months, hackers have been trying to surreptitiously backdoor the computer systems of a number of security researchers working on vulnerability research and development at different companies and organizations, the Google Threat Analysis Group (TAG) has revealed.

SonicWall hit by attackers leveraging zero-day vulnerabilities in its own products?
SonicWall announced that it “identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products.”

International law enforcement effort pulls off Emotet botnet takedown
Law enforcement and judicial authorities worldwide have effected a global takedown of the Emotet botnet, Europol announced.

Small security teams overwhelmed by onslaught of cyber attacks
Companies with small security teams, generally SMEs, are facing a number of…

Source…