Security News

UPDATE. A newly discovered bug in the Zoom Client for Windows could allow remote code-execution, according to researchers at 0patch, which disclosed the existence of the flaw on Thursday after pioneering a proof-of-concept exploit for it. The company told Threatpost: "Zoom addressed this issue, which impacts users running Windows 7 and older, in the 5.1.3 client release on July 10. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.".

As more remote workers turned to Zoom for business meetings, virtual get-togethers and other forms of socially distanced communication, it soon became apparent that security -thanks to headaches such as a wave of ' Zoom-bombing ' - was an area that needed more work. As a result, Zoom CEO Eric Yuan launched a 90-day programme that pledged to address key privacy and security concerns.

Just as quickly as Zoom became a household name for connecting work colleagues, church and school groups, friends, family, book clubs and others during stay-at-home lockdowns, it also gained a reputation for lax security as intrusive "Videobombers" barged into private meetings or just spied on intimate conversations. The work on "Security and privacy is never going to be done, but it is now embedded in how we approach everything we do at Zoom now," the company's chief financial officer, Kelly Steckelberg, told The Associated Press in a recent interview.

Zoom announced that Jason Lee will join the company as its Chief Information Security Officer, effective June 29, 2020. Lee will lead Zoom's security team and report to Aparna Bawa, Zoom's Chief Operating Officer.

Zoom announced on Wednesday that it has appointed Jason Lee as its chief information security officer. Lee, who will take on the role of Zoom's CISO on June 29, has 20 years of experience in information security and operating mission-critical services.

Zoom CEO Eric Yuan announced in a blog post Wednesday that Zoom is extending its end-to-end encryption offering to all Zoom account holders. Zoom released the first draft of its E2EE plan in late May as part of a response to criticism of its security flaws, which became public as Zoom signups skyrocketed during the COVID-19 pandemic.

Zoom Video Communications has decided to extend the benefits of end-to-end encryption not only to paying Zoom customers, but to those who create free accounts, as well. Zoom does an about-face on E2EE. Zoom CEO Eric Yuan announced their decision to bring E2EE to paid users only in early June.

Zoom announced on Wednesday that it has decided to offer end-to-end encryption to free users after all, as long as they verify their account by providing an additional piece of information, such as a phone number. Zoom said earlier this month that only paying customers and schools would benefit from its upcoming end-to-end encryption feature, arguing that free users are more likely to commit abuse and the company wants to be able to assist law enforcement investigations.

Zoom today said it will make end-to-end encryption available to all of its users, regardless of whether they pay for it or not. We note that Google Meet and other rival services do not offer E2EE. "Today, Zoom released an updated E2EE design on GitHub," Zoom CEO Eric Yuan said.

Zoom is doing the right thing: it's making end-to-end encryption available to all users, paid and unpaid. We have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform.