DigitalCIO
No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
Digitalcio
No Result
View All Result
Home Archive

Knowing the Security Vulnerabilities of Zoom App

DigitalCIO Bureau by DigitalCIO Bureau
April 3, 2020
in Archive
0
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Video conferencing app Zoom, in the coronavirus pandemic is an indispensable tool. However it’s privacy and security issues is a serious concern. Read on to know more…

Video conferencing app Zoom, in the coronavirus pandemic is an indispensable tool for every users working from home. However, Zoom app, which has seen its popularity skyrocket in the coronavirus pandemic, is in trouble after users complained to the FBI and security experts for the lack of users privacy and security.

Vulnerabilities
According to a recent report, Zoom app is prone to hacking, saying an unpatched bug can let hackers steal users Windows password. ‘The Hacker News’ reported that  ‘Zoom client for Windows’ is vulnerable to the ‘UNC path injection’ vulnerability that could let remote attackers steal login credentials for victims’ Windows systems. The report added that the latest finding by cybersecurity expert @_g0dmode, has also been “confirmed by researcher Matthew Hickey and Mohamed A. Baset,’

Another media report claimed that Zoom doesn’t use end-to-end encryption to protect calling data of its users.

Working Mechanism
The attack involves the “SMBRelay technique” wherein Windows automatically exposes a user’s login username and NTLM password hashes to a remote server, when attempting to connect and download a file hosted on it. The report claimed that “The attack is possible only because Zoom for Windows supports remote UNC paths, which converts such potentially insecure URLs into hyperlinks for recipients in a personal or group chat,”

Besides Windows credentials, the vulnerability can also be exploited to launch any programme present on a targeted computer.

FBI Warning
The US Federal Bureau of Investigation (FBI) has warned people about porn material being popped up during the video meetings — as businesses, schools and colleges and millions of SMBs use video conferencing tool Zoom during the work-from-home scenario.

The Zoom app late last month updated its iOS app to remove the software development kit (SDK) that was providing users’ data to Facebook through the Login with Facebook feature.

Mitigation
Zoom has been notified of the latest bug but the flaw is yet to be fixed. “Users are advised to either use an alternative video conferencing software or Zoom in your web browser instead of the dedicated client app,” said the report.

Security experts suggested  some measures for enhancing the security of Zoom meetings which included: Keeping the Zoom software patched and up-to-date and always set strong, difficult-to-guess and unique passwords for all meetings and webinars. This is especially recommended for any meetings where sensitive information may be discussed.

One can enable ‘waiting room’ feature so that the call manager will have a better control over participants; all participants can join a virtual ‘waiting room’, but they will be approved by call manager to be part of the actual meeting.

Operators of the platform can disable the ‘join before host’ feature as that lets others to continue with a meeting in the absence of an actual host this option enables the first person who joins the meeting to automatically become the host and will have full control over the meeting. Alternatively, ‘scheduling privilege’ may be given to a trusted participant to host the meeting in the absence of an actual host.

Share30Tweet19
DigitalCIO Bureau

DigitalCIO Bureau

Recommended For You

Pax8 Introduces Era of Managed Intelligence

by DigitalCIO Bureau
June 19, 2025
0
Pax8 Introduces Era of Managed Intelligence

Pax8 has released its inaugural research report, The Agentic Inflection Point: And the Rise of the Managed Intelligence Provider. The comprehensive study defines the future of small-to-midsized business (SMB) operations, transformed...

Read moreDetails

Barracuda Unveils AI-Powered Cybersecurity Platform BarracudaONE in India

by DigitalCIO Bureau
June 3, 2025
0

Barracuda Networks has unveiled the BarracudaONE AI-powered cybersecurity platform. BarracudaONE maximizes threat protection and cyber resilience by unifying layered security defenses and providing deep, intelligent threat detection and response for...

Read moreDetails

Check Point Acquires Veriti To Minimize Digital Vulnerabilities

by DigitalCIO Bureau
May 28, 2025
0
Check Point Acquires Veriti To Minimize Digital Vulnerabilities

Check Point Software Technologies has announced a definitive agreement to acquire Veriti Cybersecurity, the first fully automated, multi-vendor pre-emptive threat exposure and mitigation platform. “The acquisition of Veriti...

Read moreDetails

Vats Srivatsan named Interim CEO of WatchGuard Technologies

by DigitalCIO Bureau
May 8, 2025
0
Vats Srivatsan named Interim CEO of WatchGuard Technologies

WatchGuard Technologies Chief Executive Officer (CEO) Prakash Panjwani will transition out of his operational role, continuing to serve on the Board of Directors and as a strategic advisor...

Read moreDetails

Google 2024 Ads Safety Report: AI plays key role in safer advertising ecosystem

by DigitalCIO Bureau
April 19, 2025
0
Google 2024 Ads Safety Report: AI plays key role in safer advertising ecosystem

Google has released its 2024 Ads Safety Report, demonstrating how it is using advanced AI technology to create a safe and responsible advertising ecosystem. A notable finding from...

Read moreDetails
Next Post

Google to publish user location data to help govts tackle virus

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

Demand for WiFi gear surges as India Inc. increasingly works from home

March 20, 2020
LRN Appoints New Leadership For Asia-Pacific Region

New Relic Appoints Charlie Thompson As SVP & MD Of EMEA

November 30, 2024

IceWarp offers Free Video Conferencing Solution enabling Work From Home

March 26, 2020

Browse by Category

  • Acquisition
  • Appointment
  • Archive
  • Artificial Intelligence
  • CIO Interviews
  • Cloud
  • Datacenter
  • Events and Conferences
  • Market Insights
  • News
  • Opinion and Analysis
  • Products
  • Resources
  • Security
  • Storage
  • Tech News
  • Telecom
Digitalcio

Welcome to DigitalCIO, your ultimate source for staying ahead in the ever-evolving world of technology and business.

BROWSE BY TAG

Acquisition AI Appointment artificial intelligence Artificial Intelligence and Machine Learning AWS Big Data and Analytics Blockchain CISCO Cloud Computing Cloudflare Commvault CrowdStrike Cybersecurity Dell Technologies Digital Transformation Dynatrace E-books Fortinet Gartner GenAI Generative AI Google Cloud HCLTech Honeywell IBM Infographics Internet of Things (IoT) Kaspersky Microsoft Netskope NTT DATA Palo Alto Networks Panel Discussion Qlik Salesforce ServiceNow Sophos Tenable Veeam Veeam Software Vertiv Webinars Whitepaper Zscaler

CATEGORIES

  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
  • Archive

NAVIGATION

  • Home
  • About Us
  • Advertise with Us
  • Contact Us

© 2024 digitalcio.in - All rights reserved.

No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources

© 2024 digitalcio.in - All rights reserved.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?