Security News

During the first day of Pwn2Own Vancouver 2022, contestants won $800,000 after successfully exploiting 16 zero-day bugs to hack multiple products, including Microsoft's Windows 11 operating system and the Teams communication platform. The first to fall was Microsoft Teams in the enterprise communications category after Hector Peralta exploited an improper configuration flaw.

Microsoft has released the first ISO image for the new Windows 11 Preview builds in the Dev channel, allowing Windows Insiders to perform clean installs of the operating system. Last week, Microsoft again started offering different Windows 11 builds in the 'Dev' and 'Beta' channels, with the beta channel receiving Windows 11 build 22621 and the Dev channel receiving Windows 11 build 25115.

The rules of Pwn2Own are somewhat strange, given that some entrants may end up not actually competing at all. The Tesla hackers, plus the browser and virtualisation entrants, will all definitely get a turn, because they're the only competitors in their categories.

The latest variant of the Sysrv botnet malware is menacing Windows and Linux systems with an expanded list of vulnerabilities to exploit, according to Microsoft. The strain, which Microsoft's Security Intelligence team calls Sysrv-K, scans the internet for web servers that have security holes, such as path traversal, remote file disclosure, and arbitrary file download bugs, that can be exploited to infect the machines.

Microsoft has reminded customers today that Windows Server, version 20H2, will be reaching the end of service on August 9, 2022. In a support document published today, Microsoft says that Windows Server 20H2 will reach the mainstream support end date for Datacenter Core and Standard Core users.

NVIDIA has released a security update for a wide range of graphics card models, addressing four high-severity and six medium-severity vulnerabilities in its GPU drivers. The security update fixes vulnerabilities that can lead to denial of service, information disclosure, elevation of privileges, code execution, etc.

Unpatched vulnerabilities in the Spring Framework and WordPress plugins are being exploited by cybercriminals behind the Sysrv botnet to target Linux and Windows systems. The botnet variant is being called Sysrv-K by Microsoft Security Intelligence researchers that posted a thread on Twitter revealing details of the botnet variant.

Microsoft is warning of a new variant of the srv botnet that's exploiting multiple security flaws in web applications and databases to install coin miners on both Windows and Linux systems. The tech giant, which has called the new version Sysrv-K, is said to weaponize an array of exploits to gain control of web servers.

The U.S. Cybersecurity and Infrastructure Security Agency has removed a Windows security flaw from its catalog of known exploited vulnerabilities due to Active Directory authentication issues caused by the May 2022 updates that patch it. Unauthenticated attackers abuse CVE-2022-26925 to force domain controllers to authenticate them remotely via the Windows NT LAN Manager security protocol and, likely, gain control over the entire Windows domain.

Sophos has released a fix for a known issue triggering blue screens of death on Windows 11 systems running Sophos Home antivirus software after installing the KB5013943 update. "Customers on Windows 11 running Sophos Home may encounter a BSOD/Stop error after installing Windows Update KB5013943 and restarting their machines," the cybersecurity vendor explains.