This week’s most important release is Kali Linux 2022.2 which brings additional tools. The tension between Russia and Ukraine also continues. Pro-Russian hackers attacked the Eurovision song contest. Hackers attempted to disrupt the voting during the contest and launched DDoS attacks. Also, Zyxel released a patch addressing a critical vulnerability with a severity score of 9.8. The vulnerability allows attackers to modify specific files and then execute some OS commands on a vulnerable device.
Table of Contents
Kali Linux 2022.2 is ready for download
Cyber security experts’ one of the most popular distros, Kali Linux has received a new update. The second update of 2022 comes with enhancements, bug fixes, package updates as well as new hacking tools. It uses the latest GNOME version, 42, and KDE Plasma 5.24 LTS. Some of the new tools included in the 2022.2 release are BruteShark, Evil-WinRM, Hakrawler, Httpx, LAPSDumper, PhpSploit, PEDump, SentryPeer, Sparrow-wifi, and wifipumpkin3. Also, the latest release introduces Win-KeX 3.1 which eliminates a restriction preventing GUI applications from being run as root.
Russian attackers target Eurovision 2022
Italian police announced that pro-Russian hackers attempted to disrupt voting during the Eurovision Song Contest, which decided to ban Russia from the competition following the invasion. Ukraine won the song competition with huge support from public votes, however, during the competition, pro-Russian hackers attacked Eurovision with DDoS attacks. Italian police stated that their cybersecurity division blocked the incoming attacks. Eurovision organizers also stated that they have noticed irregular voting patterns in six countries.
CISA warned domain controllers not to install May Windows updates
CISA has temporarily removed a vulnerability from its Known Exploited Vulnerability Catalog due to a risk of authentication failures. CISA stated that installing the May 10 rollup update on domain controllers can cause authentication failures. These failures can affect both server and client for services, including Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP).
Intel firmware has many vulnerabilities; patch them immediately
Intel has disclosed a bunch of vulnerability issues on the firmware of its products, including CPUs, SSDs, BIOS firmware, and other software. Some of the disclosed vulnerabilities are based on Spectre and Meltdown vulnerability families, which re-appeared after 4 years. The severity score of the vulnerabilities varies from 7.3 to 8.2. Some of the vulnerabilities allow escalation of privileges for the users who already have privileges. Intel urged users to apply the patch as soon as possible to protect their systems against possible threats.
Windows Server 20H2 is about to reach the end-of-service phase
Microsoft is going to terminate the support for the Windows Server 20H2 operating system in the next few months. According to the announcement, Windows Server 20H2 will reach its end-of-service status on 9th August 2022. It was released on 20th October 2022; making it a total of 22 months of support. After reaching EOS in August, it will not receive any updates, including security-related ones. In addition to Windows Server 20H2, the Windows Server Semi-Auto Channel is also retiring. Users using the 20H2 are urged to switch to a newer version of Windows Server.
Zyxel patches critical vulnerability
Zyxel published a security advisory urging users to apply a patch to address a vulnerability allowing arbitrary code execution. The vulnerability was discovered by Jacob Baines from Rapid7 in the CGI program of some firewall versions. The vulnerability has a severity score of 9.8 and allows attackers to modify specific files and then execute some OS commands. Researchers stated that the flaw is currently under attack and urged users to apply the patch immediately.
Inkscape 1.2: free Illustrator alternative is now available to download
The developers of Inkscape have published the 1.2 version of the popular Adobe Illustrator alternative. The release brings many new features alongside bug fixes, improvements, and minor tweaks. Inkscape 1.2 allows users to shape the Color Palette by the heights and widths of all color boxes. It also allows users to create and edit multi-page files for exporting them as PDF files. Inkscape 1.2 gives the option for customizing elements in the Layers and Objects panel.