19 Oct 2022

Zoom Patches High-Severity Flaw in macOS Client

Zoom released a patch last week that fixes a high-severity flaw in its client for macOS devices. The video messaging platform identified the vulnerability, which is tracked as CVE-2022-28762, as a debugging port misconfiguration that affects versions between 5.10.6 and 5.12.0. The flaw has been assigned a 7.3 out of

Read More
01 Jun 2022

You Need to Update iOS, Chrome, Windows, and Zoom ASAP

Security researchers at WIRED have urged users to update iOS, Chrome, Windows, and Zoom as soon as possible to stay up to date with relevant security issues. According to Wired, Google has had a busy month releasing patches for the Chrome browser and the Android operating system. In addition, Zoom

Read More
25 May 2022

Zoom patches XMPP vulnerability chain that could lead to remote code execution

Zoom users have been advised to update their software to the latest version, 5.10.0, to fix a number of flaws detected by Google Project Zero researchers. According to the researcher who discovered the holes, Ivan Fratric, user interaction is not required for an attacker to successfully leverage the flaws. The

Read More
19 Jan 2022

Zoom vulnerabilities impact clients, MMR servers

Project Zero researcher Natalie Silvanovich published a new analysis of security flaws present in the Zoom video chat platform. The vulnerabilities were uncovered as part of an investigation after a zero-click attack was demonstrated at Pwn2Own. Silvanovich, inspired by the demonstration, located two different bugs. The first is a buffer

Read More
16 Jul 2021

Fake Zoom App Dropped by New APT ‘LuminousMoth’

A suspected Chinese advanced persistent threat (APT) group is spreading malicious Zoom software, seeking to spy on targets in Southeast Asia. The group is referred to as LuminousMoth, and focuses on cyber espionage and information theft from high-profile targets such as governments in Asia. Cybersecurity researchers have detected roughly 100

Read More
17 Nov 2020

Zoom Debuts New Tools to Fight Meeting Disruptions

Zoom has launched new features that allow hosts and co-hosts to pause live Zoom meetings. The feature aims to reduce the onslaught of so-called zoom-bombers, users that join meetings seemingly at random with the intention to disrupt the activity. The capabilities will allow hosts to pause the meeting, allowing them

Read More
10 Nov 2020

Zoom Settles with FTC After Charges it Misled Customers

The Federal Trade Commission (FTC) announced that it had reached a settlement with web conferencing company Zoom after the FTC alleged that Zoom misled its users by offering a false sense of security whereas they practice poor security measures. One of the features in question was the security issues in

Read More
17 Jul 2020

Zoom Addresses Vanity URL Zero-Day

Check Point security and Zoom announced on Thursday that a new zero-day has been discovered within the “Vanity URL” feature on Zoom, which allows companies to create their own meeting domain. Through exploiting this zero-day, attackers could pose as a company employee, and then use socially engineered conversation to extract

Read More
11 Jun 2020

Zoom suspends account of US-based Chinese activists after Tiananmen meeting

Popular video conferencing platform Zoom has suspended the account of known US-based Chinese activists after they reportedly held a Zoom virtual meeting to commemorate the Tiananmen Square crackdown. Zoom stated that the account was shut down due to the fact that it did not comply with “local laws.” The account

Read More
24 Apr 2020

Phishers exploiting employees’ layoff, payroll concerns

Two new phishing campaigns that aim to obtain Zoom and WebEx credentials have emerged, capitalizing on fears of layoffs and payroll changes. The phishing emails deliver fake information with “Zoom meeting about termination” in the headline, scaring recipients into clicking malicious links that then harvest Zoom passwords. Abnormal Security discovered

Read More