Security News

Zoom just lost an $85 million class-action lawsuit this week for its cybersecurity missteps, proving that even the most essential and relied-upon brands can be tripped up by inadequate security. "This large Zoom settlement should be a wake-up call to not only all software and service providers, but also for the enterprises that use them," Emil Sayegh, president and CEO of Ntirety explained to Threatpost.

The facts aren't news, but Zoom will pay $85M - to the class-action attorneys, and to users - for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent. The proposed settlement would generally give Zoom users $15 or $25 each and was filed Saturday at US District Court for the Northern District of California.

Zoom, the videoconferencing firm, has agreed to settle a class-action US privacy lawsuit for $85 million, it said Sunday. The suit charged that Zoom's sharing of users' personal data with Facebook, Google and LinkedIn was a breach of privacy for millions.

US-based Zoom users may have a little cash coming their way after the video meeting outfit lodged a preliminary settlement in a class action related to some of its less-than-brilliant security and data protection practices. The settlement was filed Saturday in an attempt to end a class action that alleged Zoom indulged in unlawful activities - including misrepresenting its end-to-end encryption capabilities and unauthorized transfer of personal data to third parties like Facebook, Google and LinkedIn - as well as implementing grossly inadequate security and privacy controls.

First comes spear-phishing, next download of malicious DLLs that spread to removable USBs, dropping Cobalt Strike Beacon, and then, sometimes, a fake Zoom app. Luminous Moth was first going after important organizations in Myanmar, where researchers came across about 100 victims.

VMware announced its work with Zoom to enable a better and more secure collaboration experience for hybrid work environments. VMware Anywhere Workspace is available today and brings together the benefits of three innovative solutions - VMware Workspace ONE, VMware Carbon Black Cloud and VMware SASE. Through relationships with Zoom, VMware is delivering interoperable solutions with VMware Anywhere Workspace to better support a hybrid workforce.

Non-profit research and development organization MITRE on Friday announced that video conferencing giant Zoom has been named a CVE Numbering Authority. Zoom can now assign CVE identifiers to vulnerabilities found in Zoom and Keybase products - Zoom acquired Keybase in 2020 - but it cannot assign CVEs to security holes found in third-party products.

While apps like Zoom, Slack, Teams and others are great for working from anywhere, they also create a larger attack surface.

The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade. A zero-click exploit targeting Zoom that employed a three-bug chain to exploit the messenger app and gain code execution on the target system.

The annual Pwn2Own contest features live hacking where top cybersecurity researchers duke it out under time pressure for huge cash prizes. Pwn2Own is a bug bounty program with a twist.