Security News

Zoom has announced today the launch of an automatic update feature designed to streamline the update process for desktop clients. "For most individual users, automatic updates will be enabled by default. When enabled, users will have the opportunity to opt-out of automatic updates for their desktop client after the first install or first update where this feature is present," said Jeromie Clark, Security & Privacy Technical Product Manager at Zoom.

Zoom has patched vulnerabilities in its range of local solutions for conferences, negotiations and recordings - Zoom Meeting Connector Controller, Zoom Virtual Room Connector, Zoom Recording Connector and others. As a result of exploiting this vulnerability, intruders could compromise the software's functionality, creating a situation when holding Zoom conferences would have been impossible.

US-sanctioned Positive Technologies has pointed out three vulnerabilities in Zoom that can be exploited to crash or hijack on-prem instances of the videoconferencing system. One of the trio of bugs is an input validation flaw, which can be abused by a malicious Zoom portal administrator to inject and execute arbitrary commands on the machine hosting the software.

Zoom's ties to China are at the center of a US government investigation into the video-conferencing giant's $15bn plan to take over Five9, a California call-center-in-the-cloud. The FCC was reviewing an application [PDF] by Zoom and Five9 as part of the takeover bid until the regulator was asked by Justice Department official David Plotinsky to hold off until the committee had finished scrutinizing the overall deal.

Zoom just lost an $85 million class-action lawsuit this week for its cybersecurity missteps, proving that even the most essential and relied-upon brands can be tripped up by inadequate security. "This large Zoom settlement should be a wake-up call to not only all software and service providers, but also for the enterprises that use them," Emil Sayegh, president and CEO of Ntirety explained to Threatpost.

The facts aren't news, but Zoom will pay $85M - to the class-action attorneys, and to users - for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent. The proposed settlement would generally give Zoom users $15 or $25 each and was filed Saturday at US District Court for the Northern District of California.

Zoom, the videoconferencing firm, has agreed to settle a class-action US privacy lawsuit for $85 million, it said Sunday. The suit charged that Zoom's sharing of users' personal data with Facebook, Google and LinkedIn was a breach of privacy for millions.

US-based Zoom users may have a little cash coming their way after the video meeting outfit lodged a preliminary settlement in a class action related to some of its less-than-brilliant security and data protection practices. The settlement was filed Saturday in an attempt to end a class action that alleged Zoom indulged in unlawful activities - including misrepresenting its end-to-end encryption capabilities and unauthorized transfer of personal data to third parties like Facebook, Google and LinkedIn - as well as implementing grossly inadequate security and privacy controls.

First comes spear-phishing, next download of malicious DLLs that spread to removable USBs, dropping Cobalt Strike Beacon, and then, sometimes, a fake Zoom app. Luminous Moth was first going after important organizations in Myanmar, where researchers came across about 100 victims.

VMware announced its work with Zoom to enable a better and more secure collaboration experience for hybrid work environments. VMware Anywhere Workspace is available today and brings together the benefits of three innovative solutions - VMware Workspace ONE, VMware Carbon Black Cloud and VMware SASE. Through relationships with Zoom, VMware is delivering interoperable solutions with VMware Anywhere Workspace to better support a hybrid workforce.