Security News

Zoom has introduced a new range of privacy enhancements and tools to make sure users have control over their data and their privacy preferences. One of the notable general privacy enhancements is the implementation of a data subject access requests tool.

"In the two schemes, the defendants created and used fake social media accounts to harass and intimidate PRC dissidents residing abroad," states the Department's announcement of the charges. The DoJ alleges the Group ran a troll farm that "Created thousands of fake online personas on social media sites, including Twitter, to target Chinese dissidents through online harassment and threats."

When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A "Debugging port" typically refers to a listening network connection, usually a TCP socket, that handles debugging requests.

Phishing attack spoofs Zoom to steal Microsoft user credentials We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. That's exactly the case with a recent phishing campaign analyzed by security firm Armorblox in which the attacker spoofed Zoom in an attempt to compromise Microsoft user credentials.

Being able to read reflected headline-size text isn't quite the privacy and security problem of being able to read smaller 9 to 12 pt fonts. "We found future 4k cameras will be able to peek at most header texts on almost all websites and some text documents," said Long.

Beware the Zoom site you don't recognize, as a criminal gang is creating multiple fake versions aimed at luring users to download malware that can steal banking data, IP addresses, and other information. Threat researchers at cybersecurity firm Cyble found six fake Zoom sites offering applications that, if clicked on, will download the Vidar Stealer malware, which also grabs lots of other goodies.

Boffins at the University of Michigan in the US and Zhejiang University in China want to highlight how bespectacled video conferencing participants are inadvertently revealing sensitive on-screen information via reflections in their eyeglasses. In a paper distributed via ArXiv, titled, "Private Eye: On the Limits of Textual Screen Peeking via Eyeglass Reflections in Video Conferencing," researchers Yan Long, Chen Yan, Shilin Xiao, Shivan Prasad, Wenyuan Xu, and Kevin Fu describe how they analyzed optical emanations from video screens that have been reflected in the lenses of glasses.

The Zoom video conference platform was down and experienced an outage preventing users from logging in or joining meetings. According to an incident posted on Zoom's service status page, the company confirmed issues starting and joining meetings and video sessions.

"In most cases, the vulnerabilities exist because the software fully trusted data coming from the PLC without performing extensive security checks," Team82 said. Security researchers at Accenture have highlighted the following point: the type of data being sold online after ransomware attacks is exactly the sort of stuff that's ideal for launching business email compromise attacks.

If you want to understand a little more about it, your Naked Security article explains it incredibly well for people that are not normally acquainted with things like APIC controllers. Do you think, Chester, that they've targeted the Conti gang because they had a little bit of dishonour among thieves, as it were?