Security News

India has banned the use of video-conferencing app Zoom for government remote meetings, the government said Thursday, in the latest warning about the platform's security. "Zoom is not a safe platform," the statement said.

Zoom announced on Wednesday that it has teamed up with Katie Moussouris' company, Luta Security, to revamp its bug bounty program. Zoom announced on April 1 that it would be making significant changes to its bug bounty program, after experts raised concerns about Zoom security and researchers reported finding potentially serious vulnerabilities in the video conferencing service.

Flaws target Zoom clients for the Windows and the MacOS operating system, according to a published report by Vice Motherboard. The Windows code could be a significant threat to Zoom users, according to experts quoted by Motherboard.

The ZeroFOX Alpha Team uncovered thousands of cracked Zoom accounts for sale on a single hacking forum and entire websites dedicated to sharing insecure Zoom call IDs. Although Zoom has recently released updates focused on security and privacy, attackers are still able to easily target organizations and their employees through a variety of attacks that abuse the platform.

You've almost certainly heard of Zoom over the past few weeks - Zoom, more properly Zoom Video Communications, Inc., lets you run remote meetings and webinars, with audio and video for all participants, right from your browser. The biggest problems that many new users seem to be having with Zoom have nothing to do with Zoom's programming or its service - in other words, they're mistakes that Zoom itself can't easily stop people from making.

Zoom is in crisis mode, facing grave and very public concerns regarding the trust in management's commitment for secure products, the respect for user privacy, the honesty of its marketing, and the design decisions that preserve a positive user experience. Knowing how to respond and manage product security incidents is becoming more important for digital companies.

A new report from BleepingComputer found that cybercriminals are selling and trading the credentials for more than 500,000 Zoom accounts associated with companies like Chase and Citibank as well as schools like Dartmouth College, the University of Florida, and the University of Vermont. Earlier this month, a report from cybersecurity firm IntSights by cyber threat analyst Charity Wright and chief security officer Etay Maor found that there has been increased chatter across the dark web about ways to take advantage of the increased usage of Zoom globally.

While Zoom Video Communications is trying to change the public's rightful perception that, at least until a few weeks ago, Zoom security and privacy were low on their list of priorities, some users are already abandoning the ship. In the meantime, several governments and prominent companies have prohibited staff and employees from using Zoom for work.

Zoom's security catch-up sprint has seen it announce its users will soon be able to choose where their traffic goes. The new feature will help users in places like Taiwan, where the government banned Zoom after learning traffic could go through its frenemies in Beijing.

12% of users have reportedly stopped using Zoom altogether, the social platform Blind found. Zoom has been slammed for a wide array of security issues over the past couple of weeks, including Zoom bombings, personal data leaks, absence of end-to-end encryption, and more.