Latest


Another bug found in video meet app Zoom, fixed now

  •   Thu, Jul 16 2020 06:08:40 PM

New Delhi, Jul 16 (IANS): Researchers at cybersecurity firm Check Point on Thursday said that video conferencing platform Zoom issued a fix to resolve a security issue related to its customisable Vanity URL feature.

If exploited, a hacker would have been able to manipulate ID meeting links by posing as an employee of a potential victim organisation via Zoom, giving the hacker a vector for stealing credentials or sensitive information.

"Because Zoom has become one of the world's leading communication channels for businesses, governments and consumers, it's critical that threat actors are prevented from exploiting Zoom for criminal purposes," Adi Ikan, Group Manager at Check Point Research, said in a statement.

Bogged down by numerous privacy and security issues in March, Zoom took a 90-day pledge on April 1 to make a number of enhancements to address security and privacy.

"Working together with Zoom's security team, we have helped Zoom provide users globally with a safer, simpler and trusted communication experience so they can take full advantage of the service's benefits," said Ikan.

According to Zoom, a ‘Vanity URL' is a custom URL for your company, such as yourcompany.zoom.us.

The potential security issue could have allowed a hacker to attempt to manipulate a Vanity URL in two ways -- targeting via direct links and dedicated Zoom web interfaces.

When applying the first method, the hacker could change the invitation URL to include a registered sub-domain of their choice when setting up a meeting.

Without particular cybersecurity training on how to recognise the appropriate URL, a user receiving this invitation may not recognise that the invitation was not genuine or issued from an actual or real organization.

Secondly, some organisations have their own Zoom web interface for conferences. A hacker could target such an interface and attempt to redirect a user to enter a meeting ID into the malicious Vanity URL rather than the actual or genuine Zoom web interface.

As with the direct links attacks, without careful cybersecurity training, a victim of such attacks may not have been able to recognize the malicious URL and have fallen prey to the attack.

Check Point Research and Zoom worked together to resolve this issue, setting additional safeguards in place for the protection of users.

Previously, Check Point Research worked with Zoom in January to fix a different potential vulnerability that could have allowed hackers to join a meeting uninvited.

The new potential Vanity URL security issue was found by researchers following up on the prior January collaboration.

 
  

Top Stories

Tulu comedy sensation ‘Private Challenge’ reaches historic 200th episode

  •   1 day ago    6

Leave a Comment

Title: Another bug found in video meet app Zoom, fixed now



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.

You might also like