Security News

Tim Keeler, CEO of Remediant, a security consultant and penetration tester, explained how Zoom became a target. The Windows version of Zoom "Tricked users into disclosing usernames and password hashes by clicking on links in a Zoom session chat window," which "Took advantage of the Universal Naming Convention path injection vulnerability in the Zoom Windows client."

Such attacks are possible because Zoom for Windows supports remote UNC paths that convert potentially insecure URIs into hyperlinks when received via chat messages to a recipient in a personal or group chat. Hacking Zoom to Steal Windows Passwords Remotely Confirmed by researcher Matthew Hickey and demonstrated by Mohamed Baset, the first attack scenario involves the SMBRelay technique that exploits the fact that Windows automatically exposes a user's login username and NTLM password hashes to a remote SMB server when attempting to connect and download a file hosted on it.

Over the past few weeks, the use of Zoom video conferencing software has exploded ever since it emerged the platform of choice to host everything from cabinet meetings to yoga classes amidst the ongoing coronavirus outbreak and work from home became the new normal. Zoom came under the lens for its "Attendee tracking" feature, which, when enabled, lets a host check if participants are clicking away from the main Zoom window during a call.

Learn how to prevent internet trolls from crashing your Zoom video conferences and flooding them with inappropriate content.

As reports of "Zoom bombing" explode, the FBI is cracking down on the issue with a new warning that web conference hijackers could face jail time. These are punishable by fines and even imprisonment, according to the FBI. "You think Zoom bombing is funny? Let's see how funny it is after you get arrested," stated Matthew Schneider, United States Attorney for Eastern Michigan in a Friday public statement.

Popular video-conferencing app Zoom may currently be in the cybersecurity hot seat, but other collaboration tools, such as Slack, Trello, WebEx and Microsoft Teams, are certainly not immune from cybercriminal attention. According to a HackerOne bug-bounty report, a HTTP Request Smuggling bug, in a proof-of-concept, was used to force open-redirects within Slack, leading users to a rogue client outfitted with Slack domain cookies.

Marriott International 2020 data breach: 5.2 million customers affectedMarriott International has suffered a new data breach in mid-January 2020, which affected approximately 5.2 million guests. Are your MS SQL servers part of a cryptomining botnet? Check now!For the last two years or so, attackers have been infecting and reinfecting poorly secured MS SQL servers, booting other criminals' malware from them and exploiting their compute power to mine Vollar and Monero cryptocurrency.

Zoom in its documentation, and in an in-app display message, has claimed its conferencing service is "End-to-end encrypted," meaning that an intermediary, include Zoom itself, cannot intercept and decrypt users' communications as it moves between the sender and receiver. When reports emerged that Zoom Meetings are not actually end-to-end encrypted encrypted, Zoom responded that it wasn't using the commonly accepted definition of the term.

Video conferencing app Zoom has had a meteoric rise in users due to the coronavirus outbreak, and with that rise in users has come security woes and an annoying new trend known as "Zoom bombing." Zoom bombing is, in essence, crashing a digital meeting and doing things like screaming obscenities, broadcasting pornography, and otherwise interrupting people's attempts to talk to coworkers, family, and friends. Even with all of Zoom's security issues, it can't be blamed entirely for the Zoom bombing trend-internet trolls have been using publicly posted meeting links, guessing meeting IDs, and using personal meeting IDs posted online as ways to join meetings uninvited.

It was just a matter of time once people began using Zoom more frequently to collaborate remotely, that their conversations would be hijacked in a phenomenon known as Zoom bombing. Zoom bombing is an emerging trend where attackers find publicly posted Zoom invite links, then join them to screenshare pornography or other inappropriate content, said Paul Bischoff, a privacy advocate with Comparitech, a pro-consumer website that provides information on tech services.