Security News

Video conferencing platform Zoom is finally offering all users the option to enable two-factor authentication to secure their accounts against credential stuffing attacks and attacks leveraging phished login credentials. How to enable Zoom 2FA on a Pro, Business, Education, or Enterprise account.

According to a Tuesday public announcement, Hartford's ransomware attack caused an outage of critical systems, including the school district's software system that delivers real-time information on bus routes. Other recent ransomware attacks include one that hit the Clark County school district, which includes Las Vegas, during its first week of school, potentially exposing personal information of employees.

Zoom announced that Zoom for Home is expanding to smart displays including Amazon Echo Show, Portal from Facebook, and Google Nest Hub Max, bringing Zoom to widely-used devices and broadening their capabilities to the work environment. Zoom on Portal is expected to be available publicly in September; Zoom on Echo Show and Zoom on Assistant-enabled Smart Displays, including Google Nest Hub Max are expected to be available by the end of the year.

Video-conferencing behemoth Zoom has been hit with yet another lawsuit stemming from its claim to offer end-to-end encryption for sessions. Zoom previously said that it offered end-to-end encryption, but that marketing claim came into question after a report from The Intercept said that Zoom's platform actually uses transport layer security encryption, providing only encryption between individual users and service providers instead of encrypting communication directly between the users of a system.

Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data-and even run stealthy malware as a sub-process of a trusted application. After Ahmed privately reported the issues to Zoom in April and subsequently in July, the company issued a fix on August 3.

Popular video conferencing app Zoom recently fixed a new security flaw that could have allowed potential attackers to crack the numeric passcode used to secure private meetings on the platform and snoop on participants. Zoom meetings are by default protected by a six-digit numeric password, but according to Tom Anthony, VP Product at SearchPilot who identified the issue, the lack of rate limiting enabled "An attacker to attempt all 1 million passwords in a matter of minutes and gain access to other people's private Zoom meetings."

"I poked about in the Zoom app and noticed the default passwords being six digits and numeric, meaning one million maximum passwords," Anthony explained in a write-up this week. While Anthony focused on the web client for his research, he believed the issue was present in all forms of the Zoom client.

A security issue in popular video conferencing platform Zoom was disclosed this week, which could have allowed attackers to crack private meeting passcodes and snoop in on video conferences. The problem, which has already been fixed, stems from Zoom not having any check against repeated incorrect meeting password attempts.

A vulnerability that Zoom addressed in its web client could have allowed an attacker to join private meetings by brute-forcing the passcode. Related to the lack of a limitation to the number of attempts allowed for checking the correct password for a meeting, the vulnerability could have allowed an attacker to join private meetings by simply trying all of the possible combinations.

Popular video conferencing app Zoom recently fixed a new security flaw that could have allowed potential attackers to crack the numeric passcode used to secure private meetings on the platform and snoop on participants. Zoom meetings are by default protected by a six-digit numeric password, but according to Tom Anthony, VP Product at SearchPilot who identified the issue, the lack of rate limiting enabled "An attacker to attempt all 1 million passwords in a matter of minutes and gain access to other people's private Zoom meetings."