19 Jan 2022

Zoom vulnerabilities impact clients, MMR servers

Project Zero researcher Natalie Silvanovich published a new analysis of security flaws present in the Zoom video chat platform. The vulnerabilities were uncovered as part of an investigation after a zero-click attack was demonstrated at Pwn2Own. Silvanovich, inspired by the demonstration, located two different bugs. The first is a buffer

Read More
16 Jul 2021

Fake Zoom App Dropped by New APT ‘LuminousMoth’

A suspected Chinese advanced persistent threat (APT) group is spreading malicious Zoom software, seeking to spy on targets in Southeast Asia. The group is referred to as LuminousMoth, and focuses on cyber espionage and information theft from high-profile targets such as governments in Asia. Cybersecurity researchers have detected roughly 100

Read More
17 Nov 2020

Zoom Debuts New Tools to Fight Meeting Disruptions

Zoom has launched new features that allow hosts and co-hosts to pause live Zoom meetings. The feature aims to reduce the onslaught of so-called zoom-bombers, users that join meetings seemingly at random with the intention to disrupt the activity. The capabilities will allow hosts to pause the meeting, allowing them

Read More
10 Nov 2020

Zoom Settles with FTC After Charges it Misled Customers

The Federal Trade Commission (FTC) announced that it had reached a settlement with web conferencing company Zoom after the FTC alleged that Zoom misled its users by offering a false sense of security whereas they practice poor security measures. One of the features in question was the security issues in

Read More
17 Jul 2020

Zoom Addresses Vanity URL Zero-Day

Check Point security and Zoom announced on Thursday that a new zero-day has been discovered within the “Vanity URL” feature on Zoom, which allows companies to create their own meeting domain. Through exploiting this zero-day, attackers could pose as a company employee, and then use socially engineered conversation to extract

Read More
11 Jun 2020

Zoom suspends account of US-based Chinese activists after Tiananmen meeting

Popular video conferencing platform Zoom has suspended the account of known US-based Chinese activists after they reportedly held a Zoom virtual meeting to commemorate the Tiananmen Square crackdown. Zoom stated that the account was shut down due to the fact that it did not comply with “local laws.” The account

Read More
24 Apr 2020

Phishers exploiting employees’ layoff, payroll concerns

Two new phishing campaigns that aim to obtain Zoom and WebEx credentials have emerged, capitalizing on fears of layoffs and payroll changes. The phishing emails deliver fake information with “Zoom meeting about termination” in the headline, scaring recipients into clicking malicious links that then harvest Zoom passwords. Abnormal Security discovered

Read More
20 Apr 2020

Zoom Bombing Attack Hits U.S. Government Meeting

According to an internal letter released by the government, a recent US House Oversight Committee meeting was the victim of a Zoom-bombing attack. The committee meeting was disrupted at least three times by uninvited individuals. The incident was disclosed in an internal letter from two representatives, Jim Jordan and Carolyn

Read More
17 Apr 2020

Zoom Revamps Bug Bounty Program

On Wednesday, the video conferencing platform Zoom announced that it is re-launching its bug bounty program in collaboration with Luta Security. The company aims to make significant changes to the program amid security alerts regarding the platform’s cybersecurity practices and safety. Researchers have reported finding potentially serious vulnerabilities in the

Read More
17 Apr 2020

Alleged Zoom Zero-Days for Windows, MacOS for Sale, Report

New Zoom zero-days have allegedly been discovered for sale, effecting Windows and macOS. Hackers have claimed that they discovered two zero-day vulnerabilities for the Zoom video conferencing platform, being sold online for $500,000. The zero-days may allow threat actors to spy on private video conferences hosted through Zoom and exploit

Read More