Security News

Video-conferencing app maker Zoom has promised to do better at security after a bruising week in which it was found to be unpleasantly leaky in several ways. Host a weekly webinar on Wednesdays at 10am PT to provide privacy and security updates to our community.

BitDam, a leading provider of cybersecurity solutions that protect enterprise communications from unknown threats hidden in files and links, announced that its Advanced Threat Protection solution now supports Microsoft Teams and Zoom. Aiming to support organizations' ability to collaborate safely when working from home, BitDam has accelerated these solution releases and is offering businesses its trial for Zoom and Microsoft Teams protection for free for three months.

Concerns over privacy and security raise important questions: is Zoom safe, and is it even GDPR compliant? In our current example, we do not know whether the host asked for a copy to be kept by Zoom for future reference, or whether Zoom kept a copy by default.

Zoom has nixed a feature that came under fire for "Undisclosed data mining" of users' names and email addresses, used to match them with their LinkedIn profiles. Zoom founder Eric Yuan said in a Wednesday post responding to the concerns that Zoom will freeze the development of its features and instead focusing on security and privacy issues.

According to data gathered by a new automated Zoom meeting discovery tool dubbed "zWarDial," a crazy number of meetings at major corporations are not being protected by a password. Lo said a single instance of zWarDial can find approximately 100 meetings per hour, but that multiple instances of the tool running in parallel could probably discover most of the open Zoom meetings on any given day.

Security researchers discovered recently that the Zoom video conferencing app is affected by vulnerabilities that can be exploited to spy on users, escalate privileges on the system, and capture Windows credentials. "At Zoom, ensuring the privacy and security of our users and their data is paramount. We are aware of the UNC issue and are working to address it," a Zoom spokesperson told SecurityWeek via email.

Malicious, re-packaged versions of the Zoom video conferencing application are targeting work-from-home Android users with adware and Trojans, Bitdefender reports. One type of attack, Bitdefender reveals, involves the use of re-packaged Zoom clones that are being distributed via third-party markets.

UPDATE. Two zero-day flaws have been uncovered in Zoom's macOS client version, according to researchers. The two flaws, uncovered by Patrick Wardle, principle security researcher with Jamf, emerge as Zoom comes under increased scrutiny over its security measures, particularly with more employees working from home over the past few weeks due to the coronavirus pandemic.

That's a good thing because miscreants hijacking unprotected Zoom calls is a thing. When we say end-to-end.... Despite Zoom offering a meeting host the option to "Enable an end-to-end encrypted meeting," and providing a green padlock that claims "Zoom is using an end to end encrypted connection," it appears that the company is able to access data in transit along that connection, and can also be compelled to provide it to governments.

Collaboration platform Zoom has seen usage skyrocket since the COVID-19 pandemic forced hundreds of thousands of workers to begin telecommuting. Zoom has been the subject of privacy concerns before; the video conferencing software experienced a webcam hacking scandal in 2019 and a bug that allowed uninvited users to potentially join meetings they hadn't been invited to, according to CNET. Here are a few things to keep in mind when using Zoom, especially for work-related functions.