Security News
Non-profit research and development organization MITRE on Friday announced that video conferencing giant Zoom has been named a CVE Numbering Authority. Zoom can now assign CVE identifiers to vulnerabilities found in Zoom and Keybase products - Zoom acquired Keybase in 2020 - but it cannot assign CVEs to security holes found in third-party products.
While apps like Zoom, Slack, Teams and others are great for working from anywhere, they also create a larger attack surface.
The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade. A zero-click exploit targeting Zoom that employed a three-bug chain to exploit the messenger app and gain code execution on the target system.
The annual Pwn2Own contest features live hacking where top cybersecurity researchers duke it out under time pressure for huge cash prizes. Pwn2Own is a bug bounty program with a twist.
Contestants hacked Microsoft's Windows 10 OS twice during the second day of the Pwn2Own 2021 competition, together with the Google Chrome web browser and the Zoom video communication platform. The first to demo a successful Windows 10 exploit on Wednesday and earn $40,000 was Palo Alto Networks' Tao Yan who used a Race Condition bug to escalate to SYSTEM privileges from a normal user on a fully patched Windows 10 machine.
Two researchers earned $200,000 on the second day of the Pwn2Own 2021 hacking competition for a Zoom exploit allowing remote code execution without user interaction. Also on the second day of Pwn2Own 2021, Bruno Keith and Niklas Baumstark of Dataflow Security earned $100,000 for an exploit that works both on the Chrome and Microsoft Edge web browsers.
A newly discovered glitch in Zoom's screen sharing feature can accidentally leak sensitive information to other attendees in a call, according to the latest findings. It's worth pointing out that the screen sharing functionality in Zoom lets users share an entire desktop or phone screen, or limit sharing to one or more specific applications, or a portion of a screen.
A security blip in the current version of Zoom could inadvertently leak users' data to other meeting participants on a call. The flaw stems from a glitch in the screen sharing function of video conferencing platform Zoom.
Messaging apps such as Messenger or WhatsApp and video calls on Zoom face stricter privacy rules in Europe, after a draft law passed a key EU hurdle on Wednesday. The EU's 27 member states approved a proposal that was stuck since 2017, with countries split between those wanting strict privacy online and others wanting to give leeway to law enforcement and advertisers.
Zoom announced the general availability of Zoom Rooms innovations that will help organizations safely re-enter the office and sustain an 'everywhere workforce'. Pair a Zoom Room with your mobile device: Pair your iOS or Android mobile client to a Zoom Room, easily join meetings on the Zoom Rooms directly from your client and your mobile client is automatically placed in companion mode during the meeting.