Search This Blog

Showing posts with label Zoom. Show all posts

Zoom Zero-Day Allowed Remote Code Execution, Patch Issued


Video and audio conferencing software, Zoom patched a zero-day vulnerability that was affecting users running old versions of Windows: Windows 7, Windows Server 2008 R2 and earlier. The flaw was detected on Thursday and later published in a blog post by security research organization ACROS Security.

The vulnerability that was previously unknown, allowed a remote attacker to execute arbitrary code on targeted user’s system on which one of the supported versions of Zoom Client for Windows is installed; in order to set the attack into motion, the attacker manipulates the victim into carrying out some typical action (Opening a received doc. file) and reportedly, there is no security warning displayed to the user as the attack takes place.


After disclosing the zero-day vulnerability to Zoom, ACROS released a micropatch for its 0patch client in order to safeguard its own clients against attack till the time Zoom came out with an official patch. In the wake of various security flaws, the company halted the production of new features for a while so that the major privacy-related concerns that are threatening user security can be treated with much-needed attention. However, this ‘feature freeze’ period ended very recently i.e., on July 1, last week itself, and the zero-day was detected a few days later.


In conversation with Threatpost, 0patch’s co-founder, Mitja Kolsek said, “Exploitation requires some social engineering – which is practically always the case with user-side remote code execution vulnerabilities,”


“While a massive attack is extremely unlikely, a targeted one is conceivable." “Zoom Client features a fairly persistent auto-update functionality that is likely to keep home users updated unless they really don’t want to be,” he wrote.


“However, enterprise admins often like to keep control of updates and may stay a couple of versions behind, especially if no security bugs were fixed in the latest versions.”


“Zoom takes all reports of potential security vulnerabilities seriously. This morning we received a report of an issue impacting users running Windows 7 and older. We have confirmed this issue and are currently working on a patch to quickly resolve it,” said Zoom, while addressing the issue initially.


A few days later, on July 10, a fix was released by the company and the officials said, "Zoom addressed this issue, which impacts users running Windows 7 and older, in the 5.1.3 client release on July 10. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.”

Microsoft Office 365 Users Targeted By a New Phishing Campaign Using Fake Zoom Notifications



As people across the world struggle to survive the onslaught of the corona pandemic by switching to the work-from-home criteria, the usage and demand of cloud-based communication platform providing users with audio and videoconferencing services have seen a sudden upsurge.

Zoom is one such platform that has from the beginning of 2020 has seen an extremely high increase of new monthly active users after a huge number of employees have adopted remote working.

However recently Microsoft Office 365 users are being targeted by a brand new phishing campaign that utilizes fake Zoom notifications to caution the users who work in corporate environments that their Zoom accounts have been suspended, with the ultimate goal of stealing Office 365 logins.

Reports are as such that those targeted by this campaign are all the more ready to believe in such emails during this time since the number of remote workers participating in daily online meetings through video conferencing platforms, as Zoom has definitely increased because of stay-at-home orders or lockdowns brought about by the pandemic.

 As of now the phishing campaign mimicking automated Zoom account suspension alerts has received by more than 50,000 mailboxes based on details given by researchers as email security company Abnormal Security who recognized these continuous attacks.

The phishing messages spoof an official Zoom email address and are intended to imitate a real automated Zoom notification.

Utilizing a spoofed email address and an email body practically free from any grammar blunders or typos (other than a self-evident 'zoom' rather than 'Zoom account') makes these phishing messages all the more persuading and conceivably more viable.

The utilization of a lively "Happy Zooming!" toward the end of the email could raise a few cautions however, as it doesn't exactly fit with the rest of the message's tone.




As soon as the users click the "Activate Account" button, they are redirected to a fake Microsoft login page through 'an intermediary hijacked site'.

On the phishing landing page, they are asked to include their Outlook credentials in a form intended to exfiltrate their account subtleties to attacked controlled servers.

On the off chance that they succumb to the attackers' tricks, the victims' Microsoft credentials will be utilized to assume full control for their accounts and all their data will be ready for the picking, later to be utilized as a part of identity theft and fraud schemes like the Business Email Compromise (BEC) attacks.

Despite the fact that the US Federal Bureau of Investigation (FBI) had warned of BEC abusing popular cloud email services, like Microsoft Office 365 and Google G Suite through Private Industry Notifications issued in March and in April.

Even after this, Office 365 users are continuously targeted by phishing campaigns with the ultimate objective of reaping their credentials.

Regardless Microsoft has warned of phishers' ongoing movement to new types of phishing strategies, like consent phishing, other than conventional email phishing and credential theft attacks.

Microsoft Partner Group PM Manager Agnieszka Girling says, "While application use has accelerated and enabled employees to be productive remotely, attackers are looking at leveraging application-based attacks to gain unwarranted access to valuable data in cloud services,"

The company additionally has made a legal move to destroy some portion of the attack infrastructure used to host malignant 365 OAuth apps utilized in consent phishing to seize victims' Office 365 accounts.

Universities Switch to Online Learning but Is it Enough?


With there being no apparent end in view of the pandemic, everyone has been forced to live within a confined space and spend their days not doing anything that needs going out.

Especially students all over the world are having a hard time managing things without the actual physical classes to dote on. Not that online lectures and a virtual education aren’t lucrative but most students find a lack of motivation a common problem.

With the dearth of options, available students are managing to adjust to the online learning life given most institutions have switched to various online mediums like Zoom, which is a great step, globally.

Universities are trying their best to make do with all the possible resources they have at their disposal. But is it okay to consider that online classes shall suffice?

What the students need at such a gloomy time is a way to make education and learning which could provide them technologically rich experience and not just a mere imitation of what otherwise happens in their classes.

The tech-world is overflowing with contemporary ideas of learning. There are hundreds of ways to create and design interactive sessions via podcasts, and virtual reality. Students, from the comfort of their homes, could be better learners if they encourage the right way and could induce better responses.

Online learning or online lectures shouldn’t just be a professor, going on and on for hours like in a physical class. There is such a variety of avenues to follow when it comes to technology-based learning that too, online.


During the past months, the number of students enrolled in online courses has increased substantially. There has also been a rise in the number of students joining full-time online courses.

People who weren’t as tech-savvy as all that lost their jobs and had to get back to studying for any possible chances of a career change.

Per sources, FutureLearn and UofPeople(University of People) have experienced a hike in demand for online courses because of people wanting to be productive in the days of quarantine by acquiring new skills.

According to reports, there has been seen a significant rise in the demand for online courses for the English language, health-related subjects, and mental health topics.

This culture of interactive online learning if does not limit itself to the pandemic times could lead to a better learning mechanism that would prove to be extremely efficacious for students all across the globe.

The availability of online platforms for students to begin or continue their education is massively contributing to lessening the number of chances of students deferring.

Even though the initial online courses that went and probably still do, by the name Moocs (Massive open online courses) weren’t so much of a big hit, but given the times of the “pandemic induced confinement”, people are warming up to them.

The current predicament has everyone bursting with uncertainty. There is no telling if universities would even begin their next sessions any time soon.

Everything can’t certainly be taught online, especially practical-learning which prompts a huge question mark to which no one has the right answer.

Realizing that there is no way to know when the universities would open and commence their normal operations with the added factor of social distancing, ‘the internet is all we have.'

Users May Risk Losing their Passwords on Dark Web For Sale


In April, Zoom became one of the many victims of the companies that lost their user data to the hackers. Zoom, which is one of the top online video conference platforms, lost more than half a million of account logins on the dark web. The leaked passwords could be bought either for free or for a minimal amount of money. Understandably, the users are blaming the Zoom company for losing its accounts, and they have every right to do so. It is, however, a part of much bigger trouble that includes hackers, some criminal niches on the Internet, and the fault of our own to set very weak user passwords.


How passwords end up on the dark web? 

Every year, more than hundreds of millions of user accounts end up getting exposed to the dark web, either through malware or phishing attacks. According to a report by Privacy Rights Clearinghouse, a non for profit organization in California, around 11.6 Billion user accounts have been hacked since the year 2005. The hacked accounts are then either uploaded on hacker websites or posted on the dark web for sale.

These websites and dark web can be accessed only through a specific browser called Tor. "Then there's Tor, the darkest corner of the Internet. It's a collection of secret websites (ending in .onion) that require special software to access them. People use Tor so that their Web activity can't be traced -- it runs on a relay system that bounces signals among different Tor-enabled computers around the world," says Jose Pagliery from CNN Business.] The hackers use these purchased passwords and try logging in with them to several other websites until they are successful, a technique known as credential stuffing.

The hackers used credential stuffing to steal more than 500,000 Zoom user accounts and uploaded them later on the dark web. In response to this, Zoom spokesperson has confirmed that they suspect the hackers used credential stuffing to breach the accounts. "You can help prevent some of these attacks by banning the use of bad passwords, blocking legacy authentication, and training employees on phishing," says Microsoft's security website on "how to prevent your company from web attacks."

Facebook's Messenger''s Latest Update Supports 50 Participants In a Video Chat Room!


During these ungodly hours of the pandemic with everyone stuck at home and yearning for some one-on-one time with friends and family stuck elsewhere, Facebook has come through like a Knight in shining armor.

It has booted up Messenger and WhatsApp with fresh and much-needed video-calling features in light of the obvious hike in the “need” for video-calls via social media.

In the areas that are affected to the greatest degrees by Coronavirus, researchers have seen an acute escalation in the usage of Messenger and its video calling feature, as much as double the earlier rate.

With the latest WhatsApp update increasing the number of participants in its video/audio calls, Messenger has made available an update that could let users add up to 50 people in the Messenger Rooms.

Turns out that these fresh features were always on the list of updates but they were rolled out to the users a little earlier than planned because of the pandemic and lock-downs.

This update is scheduled to start reaching people soon and would eventually reach all the users but it is bound to take time.

Per sources, Facebook had been working towards preventing ‘unrequired’ and ‘unneeded’ guests from popping in the chats, as well.

There is no dearth of applications willing to help users get through these tough times by connecting virtually with their loved ones. Zoom, another app that has seen crazy growth in the number of its active users to an astonishing 300 Million.

Houseparty is another one that hit the download charts hard when the news of the lock-down first surfaced everywhere in March.

Much like in the formerly mentioned app, until the Messenger Room is ‘open’, guests can drop in and out per their wishes in the group video chats.


With a very thoughtful idea, Facebook had reportedly wanted to create a realistic atmosphere for the video chat users where people could “bump into each other”.

In fact, rumor has it that Facebook is planning to add the group video chat room feature to WhatsApp and Instagram as well but there is no evidence as to when.

The chat rooms that are open to the public shall be listed at the top of the feed. The person creating the chat room would have control over the privacy of the room, about sending the invitations to people who aren’t on Facebook, who gets added and blocking unwanted participants. Participants could also change their backgrounds in real time, mention sources.

Per reports, the feature was first tested in Argentina and Poland where Messenger is supposed to be used the most. The results showed that up to 20 participants could be added at once, but the number is would increase to 50 according to Facebook.

Having uninvited participants show up in their chat rooms has only caused inconvenience to the users especially in the case of Zoom. Facebook has definitely learned from that.

The chats wouldn’t be encrypted end-to-end at least at the beginning of the launching but it’s surely on the to-do list. Monitoring and listening in on the video calls, says Facebook, is absolutely out of question.

The tech giant has also promised that it will keep working towards making Facebook better in every way possible by collecting data from the users about the overall experience, mention sources.

Premium features are being made available for free by the Microsoft teams for some of their apps owing to the Coronavirus outbreak, per sources.

Per reports, usually, the most whopping product launches of Facebook are done via the blog post by Mark Zuckerberg which in this case was used to announce the Messenger Room’s latest update.

To know about the latest feature update of WhatsApp check out the following link:
WhatsApp's Latest Feature Lets You Add More People To Video Calls!

Russia to develop a video platform similar to Zoom


The Ministry of Digital Development, Communications and Mass Media of the Russian Federation will develop a similar Zoom platform for video communication by the beginning of the new school year. This was announced on Saturday by Minister of Education Sergey Kravtsov.

"Together with the Ministry of Digital Development, Communications and Mass Media, we are developing a new domestic product Digital educational environment, which will use only domestic developments, only domestic software, including a video platform similar to Zoom and Skype," said the Minister.

The Minister stressed that such a platform is necessary in order to exclude problems related to the instability of foreign systems from the educational process. Kravtsov noted that, for example, the use of Zoom was abandoned in Singapore, because there was "unauthorized access to the education process".

Recall that on March 14, in order to prevent coronavirus, it was recommended to transfer students to distance learning.

Note that the daily audience of the Zoom app in the world in March 2020 compared to December 2019 increased by 20 times.

In addition, Moscow senator Vladimir Kozhin drew the attention of the state to threats posed by Russians in self-isolation. He was talking about a huge array of personal data that now has to be transmitted online for various purposes. The senator believes that this information can become the goal of cybercriminals and lead to serious damage to citizens and businesses.

He proposed "to develop and adopt a number of amendments to the Criminal Code of the Russian Federation in the shortest possible time, seriously toughening the responsibility for such crimes."

Earlier, E Hacking News reported that users of the Zoom video conferencing service have become targets of hackers. Scammers create Zoom-disguised websites and malware to steal their personal data.

Moreover, hackers appeared in Networks that offer to issue digital passes for moving around the city on social networks.

Zoombombing: what is it and how you can prevent your conference calls from being zoombombed


Amid this Covid-19 lockdown, the use of video conferencing software has seen a rapid rise- be it work-related, teaching or just socializing. Our use of video chats has increased and with it, the security concerns have risen diligently.


One such software "Zoom", which is quite popular for video conferencing has been drawing attention from security researchers and journalists recently over privacy and security issues. Even United States investigative agency FBI issued a warning to the citizens to be cautious while using zoom app citing cases of zoombombing where calls were interrupted by "pornographic and/or hate images and threatening language," and the agency also asked the software companies to practice "due diligence and caution" in their security measures.

 Zoombombing is an incident when your video conference calls are interrupted by unwanted/uninvited attendee and disrupts the meet. 

Measures by Zoom to prevent Zoombombing

On Wednesday, Zoom CEO Eric Yuan published a blog post addressing these security concerns. He mentioned that Zoom will freeze feature updates and focus on coming up with security solutions for the next 90 days. Quoting to dedicate these ninety days to "the resources needed to better identify, address and fix issues proactively." He wrote that these initiatives will focus on "conducting a comprehensive review with third-party experts and representative users to understand and ensure the security of all of our new consumer use cases," according to the post.

Steps you can take to prevent "Zoombombing" 

There are some simple settings you can change on your Zoom app for your calls from being interrupted by unwanted individuals.

  1. Don't use your personal meeting ID, instead use a pre-meeting ID exclusive for that meeting. There are Zoom tutorials to help you understand how to generate a random meeting ID for a meeting. 
  2.  Enable the "waiting room" feature in Account Management. It will allow you to see who is attempting to join the meeting and give them access. 
  3. Once the meeting begins and everyone is in it, lock the meeting to outsiders. 
  4.  Make sure you don't publish or post the meeting ID on public platforms. 
  5.  If any outsider does barge in- 
You can lock them out by going to Participants List in the navigation sidebar, scroll to more and click to Lock Meeting. You can also shut them up, by clicking on Mute all control in the Participants List.

Hackers use fake Zoom domains to spread malware


The coronavirus pandemic is forcing many people around the world to work remotely. This has significantly increased the popularity of video conferencing services such as Zoom. Attackers took advantage of this and began to use fake Zoom domains to spread malware and gain access to other people's video conferencing. This was reported by the security company Check Point.

Researchers note that since the beginning of the virus pandemic, 1,700 domains with the word Zoom have been registered. At the same time, 25% of new domains were registered in the last seven days, and 70 of them are considered suspicious by the company.

Check Point specialists found malicious files like "zoom-us-zoom_##########.exe", where # is a set of digits. After running such a file, the InstallCore batch application is installed on the user's computer, which is used for further downloading malware.

Fraudulent sites that simulate the work of Google Classroom or Google Hangouts have also appeared on the Internet. Disguised sites are created for the purpose of phishing: stealing passwords, credit card data, and other personal information from users. Check Point Cyber Research Manager Omer Dembinsky advised all users to make sure that links to video conferences are secure before using them.

In January of this year, Check Point published a report indicating that Zoom has security flaws. According to the company, hackers could connect to video conferences by generating random numbers that became conference URLs. Zoom then fixed the security breach and made some changes to the service, for example, introducing mandatory password protection for conferences.

Apple pushes out silent update for Mac users to remove Zoom web server

Earlier this week, a US-based security researcher named Jonathan Leitschuh had publicly disclosed a major vulnerability in the Zoom video conferencing software for Apple’s Mac computers which could make any website start a video-enabled call by hacking the webcam of the system. Now, according to a report by TechCrunch, Apple has pushed out an update silently to the macOS which removes the Zoom web server.

As per the report, the US-based technology giant has confirmed the said update has been released and it is installed automatically and does not require any interaction with the user. The purpose of the update is only to remove the local web server installed by the Zoom app. The company said that it pushed the update to protect its users from the risks posed by the exposed web server.

According to Leitschuh’s claims earlier this week, even if Mac users uninstall the Zoom app from their system, the web server continues to persist and it can reinstall Zoom without the user’s permission.

In a statement to The Verge and ZDNet, Zoom had said that it developed the local web server to save Mac users from too many clicks, after Apple changed their Safari browser in a way that requires Zoom users to confirm that they want to launch Zoom every single time. Zoom also said that it will tweak the app such that it will save the user’s and administrator’s preferences for whether the video will be turned on, or not, when they first join a call.

However, it seems Apple took it upon itself to rescue its users from the security vulnerability posed by Zoom app. The silent update was all the more needed because Zoom had installed a local web server that could reinstall the app even if the user had previously uninstalled it.

Flaw in Zoom app could allow Mac webcams to be hacked

Jonathan Leitschuh, a US-based security researcher on Monday had publicly disclosed a major zero-day vulnerability in the Zoom video conferencing software. Leitschuh had demonstrated that any website can start a video-enabled call through the Zoom software on a Mac with the help of a web server which gets installed by the Zoom app.

According to a report by The Verge, the server accepts the requests which the regular would not. The report further says that even if you uninstall the Zoom software, the server will still remain and it can reinstall Zoom without the user’s choice. As per the findings by Leitschuh, the Zoom software can get hijacked by any website which can then force a Mac user to join a call along with an activated webcam even without their permission unless a specific setting is enabled.

On a Medium post published on Monday, Leitschuh gave a demonstration through a form of a link which after being clicked takes Mac users (currently using/or have used Zoom app before) to a conference room activating their webcams. He notes that this particular code can get embedded to any website and also on malicious ads or a phishing campaign.

Leitschuh further writes that even if Mac users uninstall the Zoom app, the local web server still remains and it will “happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage.”

The Verge in its report said that they tried the flaw themselves by using Leitschuh’s demo and were able to confirm that the issue does persist on clicking the link if Mac users have used the Zoom app and have not checked a particular checkbox in settings. The link auto joins the users to a conference call with the web camera on.

As per Leitschuh, he had contacted Zoom back on March 26 earlier this year and had said that he would disclose the exploit publicly in 90 days. According to him, Zoom does not seem to have done enough to resolve the problem. The particular vulnerability was also disclosed to both Chromium and Mozilla teams, however, because it is not an issue with their browsers, there is not much those developers can do about this.