Security News > 2020 > July > A New Flaw In Zoom Could Have Let Fraudsters Mimic Organisations

The latest Zoom flaw could have allowed attackers mimic an organization, tricking its employees or business partners into revealing personal or other confidential information using social engineering tricks.

Attacking dedicated Zoom web interfaces: Since some organizations have their Zoom web interface for conference calls, a hacker could also target such an interface and attempt to redirect a user to enter a meeting ID into the malicious Vanity URL rather than the actual Zoom web interface and join the relevant Zoom session.

"Because Zoom has become one of the world's leading communication channels for businesses, governments and consumers, it's critical that threat actors are prevented from exploiting Zoom for criminal purposes," Adi Ikan, Group Manager at Check Point Research, told The Hacker News.

"Working together with Zoom's security team, we have helped Zoom provide users globally with a safer, simpler and trusted communication experience so they can take full advantage of the service's benefits."

Just last week, Zoom patched a zero-day vulnerability in all supported versions of the Zoom client for Windows that could have allowed an attacker to execute arbitrary code on a victim's computer running Microsoft Windows 7 or older.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/ImSuQYFpla4/zoom-vanity-url-vulnerability.html