Saturday, 06 June, 2020


Two Zoom Zero-Day Flaws Uncovered

Ex-NSA hacker drops new zero-day doom for Zoom Zoom vulnerabilities could give attackers webcam, microphone access
Melba Vasquez | 04 April, 2020, 00:40

Zoom Video Communications is facing increased scrutiny over customer privacy this month as New York's top prosecutor is probing the suddenly popular teleconferencing company's security practices during the coronavirus work-from-home movement. Zoom has now released a new update that addresses the issues revealed by Seele.

"However if you value either your (cyber) security or privacy, you ... should avoid using the macOS version of the app, as neither of these essential values seem to be part of their ethos", Wardle writes.

The Intercept would also go on to report that Zoom's meetings aren't protected by end-to-end encryption, despite the company claiming that its product uses the feature several times in marketing.

The zero-day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to access victims' microphone and camera.

A researcher discovered two new flaws in video conferencing app Zoom that allow hackers to hijack users' webcam and their microphone.

The first of the two zero-day vulnerabilities enables an attacker to exploit Zoom's insecure install settings to gain "root" privileges. "This affords malware the ability to record all Zoom meetings, or, simply spawn Zoom in the background to access the mic and webcam at arbitrary times".

The Zoom Windows client vulnerability lets attackers steal the Windows credentials of users who click on the link which is sent via the chats and is compromised. While recent versions of macOS require explicit user approval for these permissions, Zoom has an "exception" that allows code to be injected by third party libraries.

Unfortunately, Zoom has been beset with security issues. The FBI on Tuesday warned of multiple reports of conferences being disrupted by pornographic or hate images and threatening language, in so-called "Zoom-bombing" attacks. The video conferencing platform automatically turns links posted to a meeting's chat window into clickable hyperlinks, a feature that would be harmless if not for the fact that the software also makes UNC paths clickable.

Zoom used by Kids and adults: Is it safe? UNC or Universal Naming Convention is a filename format that is used to specify the location of files, folders, and resources on a local-area network.

"We are actively investigating and working to address these issues".

Since the ides of March, Twitter users of Zoom have been reporting that this feature is grouping thousands of strangers as if they all worked for the same company - sharing private information amongst the group.

Recommended

loading...
...

Robert F. Kennedy’s Granddaughter, Young Son Missing in Maryland Robert F. Kennedy’s Granddaughter, Young Son Missing in Maryland McKean, 40, was at the home of her former lieutenant governor mother Kathleen Kennedy Townsend when she went missing, he said. A search and rescue searched Thursday until nightfall and began again Friday morning for the missing pair to no avail.

Warm Ocean Expected To Cook Up A Busy 2020 Atlantic Hurricane Season Warm Ocean Expected To Cook Up A Busy 2020 Atlantic Hurricane Season The 1992 hurricane seasons is an example of why coastal residents need to be prepared regardless of the seasonal forecast. Water temperatures in the Gulf of Mexico are also warm, running as high as two degrees above normal as of April 2.

Ireland's tests in Australia highly unlikely to go ahead Ireland's tests in Australia highly unlikely to go ahead The news came as RA also announced it was standing down 75 per cent of its staff. Rugby Australia has announced a preliminary $9.4 million loss for 2019.

4 more members of Senators organization have coronavirus 4 more members of Senators organization have coronavirus Broadcaster Gord Wilson , who is well known for doing radio commentary for Senators games on TSN 1200, tested positive last week. Fifty-two people travelled with the team on the road trip, including players, staff, media, guests and flight crew.

Bill Withers has died aged 81 Bill Withers has died aged 81 Withers was just three years into his recording career when he headed to London with his band to record the live session. Withers joined the Navy at 17 and spent nine years as an aircraft mechanic installing toilets, the AP reports.

Retired NHS doctor 'dies after contracting Covid-19' Retired NHS doctor 'dies after contracting Covid-19' Born in Nigeria, Dr Saadu had been a medical director on the Princess Alexandra Hospital in Harlow earlier than retiring in 2017. A 68-year-old medical doctor in the United Kingdom has become the latest medic to die from coronavirus in the European nation.

Top Gun: Maverick release date pushed back due to coronavirus Top Gun: Maverick release date pushed back due to coronavirus The Joseph Kosinski-directed film is the latest project to have been pulled from release because of the coronavirus pandemic . In Maverick , Cruise returns to the role after the first film debuted in theaters more than 30 years ago.

Iran: Top General Says Closely Monitoring US Military Moves In Region Iran: Top General Says Closely Monitoring US Military Moves In Region America has repeatedly offered humanitarian assistance to Iran, but Iranian leaders have rebuffed the offers. Iran has been hit hard by the CCP (Chinese Communist Party) virus , commonly known as the novel coronavirus.

Forgivable loans for small businesses affected by COVID-19 available Friday Forgivable loans for small businesses affected by COVID-19 available Friday Banks have been scrambling to prepare for overwhelming demand for the loans while awaiting guidance from the government. While Congress could approve more money later on, the program as it stands is expected to run out quickly.

Deepika Padukone STEALS Ranveer Singh’s favourite thing, read for more details Deepika Padukone STEALS Ranveer Singh’s favourite thing, read for more details In the most recent post, Ranveer posted a photograph of Deepika indulging in a jar of Nutella, which had the label 'Khilji on it. Prime Minister Narendra Modi has announced 21-days of complete lockdown till April 14 in order to combat pandemic COVID-19.

Form staggered lockdown exit strategy: PM to CMs Form staggered lockdown exit strategy: PM to CMs The government had announced a three-week nationwide lockdown beginning 25 March to contain the spread of the virus. We are not alone. "The fight could go for any length and we can't predict how things will turn", he advised.

Quibi will be free for T-Mobile subscribers Quibi will be free for T-Mobile subscribers It has a bunch of content already lined up, from names like Chrissy Teigen , Jennifer Lopez , Will Forte, BBC News and 60 Minutes. Unlike some of the other perks that T-Mobile offers its subscribers, the Quibi deal is limited to those with qualified plans.

COVID-19 Stimulus Checks: Do Social Security Recipients Qualify? COVID-19 Stimulus Checks: Do Social Security Recipients Qualify? If a single filer's income is more than $99,000, he or she is not eligible ($198,000 for joint filers with no children). When will you get a check? Payments will be distributed automatically, with no action required for most people.

Diabetes, lung and heart disease common in US coronavirus patients - CDC Diabetes, lung and heart disease common in US  coronavirus patients - CDC A 58-year-old woman attended a singing class on 27 February, and was exposed to a patient with confirmed COVID-19. Both women developed COVID-19 symptoms a few days later.

World Bank supports Ghana’s coronavirus response with $100m World Bank supports Ghana’s coronavirus response with $100m The World Bank is also encouraging others to provide financial support to developing countries for the COVID-19 health response. Support will focus on immediate needs and response to the pandemic, while helping strengthen health systems across the country.