Security News

On Monday, the company said in a blog post that there's no need to worry about that. Zoom execs swear the company won't actually train its AI on your video calls without permission, even though the Terms of Service still say it can.

Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zoom's Zero Touch Provisioning that could be potentially exploited by a malicious attacker to conduct remote attacks. "An external attacker who leverages the vulnerabilities discovered in AudioCodes Ltd.'s desk phones and Zoom's Zero Touch Provisioning feature can gain full remote control of the devices," SySS security researcher Moritz Abrell said in an analysis published Friday.

In this Help Net Security interview, we delve into the world of cybersecurity with Michael Adams, the CISO at Zoom. In addition to adopting appropriate technologies, it's important to provide a comprehensive security training program.

Zoom has introduced a new range of privacy enhancements and tools to make sure users have control over their data and their privacy preferences. One of the notable general privacy enhancements is the implementation of a data subject access requests tool.

"In the two schemes, the defendants created and used fake social media accounts to harass and intimidate PRC dissidents residing abroad," states the Department's announcement of the charges. The DoJ alleges the Group ran a troll farm that "Created thousands of fake online personas on social media sites, including Twitter, to target Chinese dissidents through online harassment and threats."

When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A "Debugging port" typically refers to a listening network connection, usually a TCP socket, that handles debugging requests.

Phishing attack spoofs Zoom to steal Microsoft user credentials We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. That's exactly the case with a recent phishing campaign analyzed by security firm Armorblox in which the attacker spoofed Zoom in an attempt to compromise Microsoft user credentials.

Being able to read reflected headline-size text isn't quite the privacy and security problem of being able to read smaller 9 to 12 pt fonts. "We found future 4k cameras will be able to peek at most header texts on almost all websites and some text documents," said Long.

Beware the Zoom site you don't recognize, as a criminal gang is creating multiple fake versions aimed at luring users to download malware that can steal banking data, IP addresses, and other information. Threat researchers at cybersecurity firm Cyble found six fake Zoom sites offering applications that, if clicked on, will download the Vidar Stealer malware, which also grabs lots of other goodies.

Boffins at the University of Michigan in the US and Zhejiang University in China want to highlight how bespectacled video conferencing participants are inadvertently revealing sensitive on-screen information via reflections in their eyeglasses. In a paper distributed via ArXiv, titled, "Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing," researchers Yan Long, Chen Yan, Shilin Xiao, Shivan Prasad, Wenyuan Xu, and Kevin Fu describe how they analyzed optical emanations from video screens that have been reflected in the lenses of glasses.