Security News

Contestants hacked Microsoft's Windows 10 OS twice during the second day of the Pwn2Own 2021 competition, together with the Google Chrome web browser and the Zoom video communication platform. The first to demo a successful Windows 10 exploit on Wednesday and earn $40,000 was Palo Alto Networks' Tao Yan who used a Race Condition bug to escalate to SYSTEM privileges from a normal user on a fully patched Windows 10 machine.

Two researchers earned $200,000 on the second day of the Pwn2Own 2021 hacking competition for a Zoom exploit allowing remote code execution without user interaction. Also on the second day of Pwn2Own 2021, Bruno Keith and Niklas Baumstark of Dataflow Security earned $100,000 for an exploit that works both on the Chrome and Microsoft Edge web browsers.

A newly discovered glitch in Zoom's screen sharing feature can accidentally leak sensitive information to other attendees in a call, according to the latest findings. It's worth pointing out that the screen sharing functionality in Zoom lets users share an entire desktop or phone screen, or limit sharing to one or more specific applications, or a portion of a screen.

A security blip in the current version of Zoom could inadvertently leak users' data to other meeting participants on a call. The flaw stems from a glitch in the screen sharing function of video conferencing platform Zoom.

Messaging apps such as Messenger or WhatsApp and video calls on Zoom face stricter privacy rules in Europe, after a draft law passed a key EU hurdle on Wednesday. The EU's 27 member states approved a proposal that was stuck since 2017, with countries split between those wanting strict privacy online and others wanting to give leeway to law enforcement and advertisers.

Zoom announced the general availability of Zoom Rooms innovations that will help organizations safely re-enter the office and sustain an 'everywhere workforce'. Pair a Zoom Room with your mobile device: Pair your iOS or Android mobile client to a Zoom Room, easily join meetings on the Zoom Rooms directly from your client and your mobile client is automatically placed in companion mode during the meeting.

Newfield said that it's easy to zoom in on items in the background of a Zoom window, such as bills or phone numbers hanging on a refrigerator or bulletin board. TechRepublic submitted three screenshots of a reporter's working environment at home and Newfield said he didn't see any security risks when he blew up the images.

Pwn2Own Vancouver typically takes place during the CanSecWest conference in Vancouver, Canada, but due to the coronavirus pandemic, this year's event will be hybrid - participants can submit their exploits remotely and ZDI staff in Toronto and Austin will run the exploits. The car is being offered to those who participate in the automotive category.

Embattled and embarrassed network management shop SolarWinds has reportedly hired two of the highest profile security bods in the biz to sort out its woes. On Friday the news broke that Chris Krebs, formerly the head of the US government's Cybersecurity and Infrastructure Security Agency until he was fired by presidential tweet for saying the American election wasn't hacked, has started a consultancy with former Facebook and Yahoo! security chief Alex Stamos.

Amazon Web Services announced that Zoom has selected AWS as its preferred cloud provider. AWS and Zoom are collaborating to develop new solutions for Zoom's enterprise users, leveraging the breadth and depth of AWS to integrate Zoom services with Amazon devices and capabilities to make it easier for organizations to run hybrid office and remote work models.