Security News

Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol messages and execute malicious code.CVE-2022-22786 - Update package downgrade in Zoom Client for Meetings for Windows.

Zoom has fixed a security flaw in its video-conferencing software that a miscreant could exploit with chat messages to potentially execute malicious code on a victim's device. The upshot is that someone who can send you chat messages could cause your vulnerable Zoom client app to install malicious code, such as malware and spyware, from an arbitrary server.

Researchers uncover URL spoofing flaws on Zoom, Box, Google DocsResearchers have discovered several URL spoofing bugs in Box, Zoom and Google Docs that would allow phishers to generate links to malicious content and make it look like it's hosted by an organization's SaaS account. A 10-point plan to improve the security of open source softwareThe Linux Foundation and the Open Source Software Security Foundation, with input provided by executives from 37 companies and many U.S. government leaders, delivered a 10-point plan to broadly address open source and software supply chain security, by securing open source security production, improving vulnerability discovery and remediation, and shortening the patching response time of the ecosystem.

Researchers have discovered several URL spoofing bugs in Box, Zoom and Google Docs that would allow phishers to generate links to malicious content and make it look like it's hosted by an organization's SaaS account. The vulnerabilities arise for a lack of validation of so-called vanity URLs, and they allow attackers with their own SaaS accounts to change the URL of the pages hosting malicious files, forms and landing pages, as to maximize their potential to trick users.

Hot on the heels of Microsoft's report card from the Dutch department of Justice and Security comes news of rival messaging platform Zoom receiving a nod via a renewed Data Protection Impact Assessment. Zoom's end to end encryption on all chats and meetings received a thumbs-up, as did a commitment from Zoom to process all personal data exclusively in European data centres by the end of the year.

Apple Mac users running the Zoom meetings app are reporting that it's keeping their computer's microphone on when they aren't using it. Users began complaining about the issue after Monterrey was released late last year, and on December 27, Zoom Inc put out an update that was meant to address the bug, stating that version 5.9.1 "Resolved an issue regarding the microphone light indicator being triggered when not in a meeting."

A new SEO poisoning campaign is underway, dropping the Batloader and Atera Agent malware onto the systems of targeted professionals searching for productivity tool downloads, such as Zoom, TeamViewer, and Visual Studio. These campaigns rely on the compromise of legitimate websites to plant malicious files or URLs that redirect users to sites that host malware disguised as popular apps.

An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could be exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues impact both Zoom clients and Multimedia Router servers, which transmit audio and video content between clients in on-premise deployments.

Amazon AWS is experiencing an outage that has impacted numerous online services, including Twitch, Zoom, PSN, Xbox Live, Doordash, Quickbooks Online, and Hulu. AWS engineers are working on addressing the root cause behind this outage and said they have already taken steps to restore connectivity.

One good way to prevent unwelcome participants or late arrivals from joining your Zoom meetings is to lock those meetings. Before you schedule or start your Zoom meeting, alert all potential participants that the meeting will be locked at a certain point, such as 10 minutes after it has started.