Security News
A security blip in the current version of Zoom could inadvertently leak users' data to other meeting participants on a call. The flaw stems from a glitch in the screen sharing function of video conferencing platform Zoom.
Messaging apps such as Messenger or WhatsApp and video calls on Zoom face stricter privacy rules in Europe, after a draft law passed a key EU hurdle on Wednesday. The EU's 27 member states approved a proposal that was stuck since 2017, with countries split between those wanting strict privacy online and others wanting to give leeway to law enforcement and advertisers.
Zoom announced the general availability of Zoom Rooms innovations that will help organizations safely re-enter the office and sustain an 'everywhere workforce'. Pair a Zoom Room with your mobile device: Pair your iOS or Android mobile client to a Zoom Room, easily join meetings on the Zoom Rooms directly from your client and your mobile client is automatically placed in companion mode during the meeting.
Newfield said that it's easy to zoom in on items in the background of a Zoom window, such as bills or phone numbers hanging on a refrigerator or bulletin board. TechRepublic submitted three screenshots of a reporter's working environment at home and Newfield said he didn't see any security risks when he blew up the images.
Pwn2Own Vancouver typically takes place during the CanSecWest conference in Vancouver, Canada, but due to the coronavirus pandemic, this year's event will be hybrid - participants can submit their exploits remotely and ZDI staff in Toronto and Austin will run the exploits. The car is being offered to those who participate in the automotive category.
Embattled and embarrassed network management shop SolarWinds has reportedly hired two of the highest profile security bods in the biz to sort out its woes. On Friday the news broke that Chris Krebs, formerly the head of the US government's Cybersecurity and Infrastructure Security Agency until he was fired by presidential tweet for saying the American election wasn't hacked, has started a consultancy with former Facebook and Yahoo! security chief Alex Stamos.
Amazon Web Services announced that Zoom has selected AWS as its preferred cloud provider. AWS and Zoom are collaborating to develop new solutions for Zoom's enterprise users, leveraging the breadth and depth of AWS to integrate Zoom services with Amazon devices and capabilities to make it easier for organizations to run hybrid office and remote work models.
The Better Business Bureau warned last week that the attack uses Zoom's logo, and in a message tells recipients that their Zoom accounts were suspended and to click a link to reactivate; or that they missed a Zoom meeting, and to click a link to see the details and reschedule. Another recent variant of the attack has been a message welcoming some recipients to the platform and requesting they click on a link to activate the account, said the BBB. In all cases, victims are taken to a phishing landing page, where they are asked to input their Zoom credentials.
The Turkey-Day themed email ploy leverages the juggernaut popularity of the Zoom Video Communications platform. The day after Thanksgiving, Twitter was abuzz with tweets not only about people's various Zoom meetings with family and friends, but also about numerous special events hosted on Zoom to celebrate the holiday.
Everyone should be on the lookout for a massive ongoing phishing attack today, pretending to be an invite for a Zoom meeting. With many in the USA hosting virtual Thanksgiving dinners and people in other countries conducting Zoom business meetings, as usual, today is a prime opportunity to perform a phishing attack using Zoom invite lures.