Security News

Privacy commissioners worldwide urged video conferencing systems like Microsoft, Cisco and Zoom to adopt end-to-end encryption, two-factor authentication and other security measures. Global privacy commissioners issued a joint public decry against leading video conferencing companies such as Cisco Systems, Microsoft and Zoom to demand the companies beef up their security and privacy strategies.

An issue related to the Zoom feature that allows for the customization of meeting URLs could have been exploited for phishing attacks, Check Point reveals. The recently identified security issue, Check Point says, is related to the Zoom Vanity URL, a custom URL that organizations are required to use when looking to enable single sign-on.

Disclosed by Zoom and Check Point on Thursday, the security flaw existed in the "Vanity URL" feature for Zoom, which allows companies to set up their won Zoom meeting domain, i.e. "Yourcompany.zoom.us." Companies can add customized logos and branding to the page, and end users access the page and click meeting links within that page to connect to a Zoom call. "A hacker could target such an interface and attempt to redirect a user to enter a meeting ID into the malicious Vanity URL rather than the actual or genuine Zoom web interface. As with the direct links attacks, without careful cybersecurity training, a victim of such attacks may not have been able to recognize the malicious URL and have fallen prey to the attack."

Massively popular video conferencing platform Zoom has worked with cybersecurity company Check Point to resolve a glaring security issue centered on vanity URLs. Check Point researchers Adi Ikan, Liri Porat, and Ori Hamama said in a study that they worked with Zoom to identify two ways cybercriminals could exploit the widely used feature.

The latest Zoom flaw could have allowed attackers mimic an organization, tricking its employees or business partners into revealing personal or other confidential information using social engineering tricks. Attacking dedicated Zoom web interfaces: Since some organizations have their Zoom web interface for conference calls, a hacker could also target such an interface and attempt to redirect a user to enter a meeting ID into the malicious Vanity URL rather than the actual Zoom web interface and join the relevant Zoom session.

The latest Zoom flaw could have allowed attackers mimic an organization, tricking its employees or business partners into revealing personal or other confidential information using social engineering tricks. Attacking dedicated Zoom web interfaces: Since some organizations have their Zoom web interface for conference calls, a hacker could also target such an interface and attempt to redirect a user to enter a meeting ID into the malicious Vanity URL rather than the actual Zoom web interface and join the relevant Zoom session.

With world+dog on Zoom these days, news of a zero-day attack against the videoconferencing app would cause a stir, but relax - it's only if you're on Windows 7 or older. An independent researcher told ACROS Security about the flaw that would allow for remote code execution on any Zoom Client for Windows used by Windows 7, even with extended support after the OS was shuttered in January.

With world+dog on Zoom these days, news of a zero-day attack against the videoconferencing app would cause a stir, but relax - it's only if you're on Windows 7 or older. An independent researcher told ACROS Security about the flaw that would allow for remote code execution on any Zoom Client for Windows used by Windows 7, even with extended support after the OS was shuttered in January.

Zoom is working on resolving a remote code execution vulnerability affecting the Windows client, but a third-party fix has been made available for users who don't want to wait for the official patch. On Thursday, ACROS Security announced the availability of a micro-patch for a remote code execution vulnerability in Zoom Client for Windows.

A zero-day vulnerability has been discovered in Zoom video conferencing software for Windows that could allow an attacker to execute arbitrary code on a victim's computer running Microsoft Windows 7 or older. The vulnerability has been discovered by a researcher who reported it to Acros Security, who then reported the flaw to the Zoom security team earlier today.