With COVID taking over physical meetings, schools, companies, organisations have been trying to find solutions to have an online meeting room with features that would allow video, muting, individual choice for audio/video etc.
Zoom has been the most handy so far above FB Messenger or Google Hangouts. A lot of competitors have not come close.
However, Zoom already had a previous issue where they had a hidden server and it would allow the hijack of Cameras of Mac users. Zoom has since done an update to remove this. Apple has also done a “silent update” using the Malware Removal Tool.
BleepingComputer has recently reported that Zoom has allowed attackers to steal Windows Login Credentials from other users.
BleepingComputer said, “Security researcher @_g0dmode discovered that the Zoom client will convert Windows networking UNC paths into a clickable link in the chat messages as well”
They added, “Security research Matthew Hickey (@HackerFantastic), tested the UNC injection in Zoom and as you can see below was able to capture the NTLM password hashes being sent to a server hosting the clicked on share. BleepingComputer was also able to verify the same results in a local test.”
This is not a good look for Zoom as they are currently being sued for allegedly disclosing personal data to third parties without full user content.
Sources:
https://sea.mashable.com/tech/9861/zoom-security-bug-lets-attackers-steal-windows-passwords
https://finance.yahoo.com/news/zoom-shares-pull-back-company-064025576.html
https://www.theverge.com/2019/7/8/20687014/zoom-security-flaw-video-conference-websites-hijack-mac-cameras
