Cyber Threat Report: Zoom Security Exploit

Cyber Threat Report: Zoom Security Exploit

Zoom Security Exploit problems plague Zoom, a major provider of video conferencing services. According to Tom Anthony, the Product VP of SearchPilot, hackers may quickly and easily crack the passwords for private Zoom meetings.

This happened as a result of Zoom’s web client failing to rate-limit attempts to enter the default passcode of six digits. Cybercriminals were able to brute-force their way into any password-protected meeting as a result of this.
Anthony tested his hypothesis and then submitted the bug to Zoom, who repaired it.
Zoom stated that it “enhanced rate-limiting, rectified the CSRF token concerns, and relaunched the web client” in an official statement. The problem was totally fixed. Anthony’s complete report on the Zoom Security Exploit is available here.

READ MORE: Cyber Threat Report: New Zero-Day Attacks

More than 500,000 Zoom accounts were listed for sale on the Dark Online in April, and a zero-day vulnerability in the web conferencing client allowed anyone to surreptitiously eavesdrop on unprotected active sessions (January), an attack for a zero-day remote code execution.

Following the coronavirus pandemic, video conferencing services have seen a substantial rise in usage for both professional and social reasons.
The web and video conferencing area for business technology has seen a 500% spike in buyer activity, according to TrustRadius. 67% of businesses also boosted their video conferencing budgeting.

Without a doubt, the way we communicate is evolving, and video conferencing is proving to be a useful tool.
It’s also proven to be a security issue, though. You can protect your data, systems, and information with smart defence. The following are our top tips for video conferencing:

Implement staff training

Regarding video collaboration, your business should require appropriate training and offer all staff instructional materials.
Include topics like video conferencing etiquette and expectations, security settings, what equipment should be turned on and off at the start and end of each conversation, etc.

Password protect your meetings

Passwords ought to be required for each meeting in order to keep your video conference free of intrusive visitors and to safeguard all shared information.
If you can construct a password with your video conferencing programme, make it long and complicated using numbers, letters, and special characters.
Make sure that each account has a unique password.

Verify your attendees

Verify your attendance list once more before sending out the invitation to the meeting.
Use the “waiting room” when the meeting is ready to start so you can see who is logging in before the video conference starts. Immediately expel any unauthorised users if you find any.
Once everyone has joined, be careful to lock the meeting.

Be wary of shared links

Make sure you are familiar with and confident in the sender before accepting an invitation to a meeting. Before clicking on a link, always double-check it. Hover your cursor over the link to accomplish this. Your browser’s bottom left corner will show the right URL.

Utilize a Randomized ID

Your personal meeting ID will be kept secure and prevented from being impersonated if you use a created ID for the meeting.

Don’t permit file sharing (when applicable)

Although file sharing can be a useful tool, it can also be used by hackers to trick people into opening harmful documents. Simply use caution before opening any documents you do not believe.

Take a look at your security settings

Use a corporate package, not a free, consumer-friendly one, if you’re using video conferencing for business-related meetings. These simple programmes frequently lack the security-enhancing administrative capabilities that are required.

Check for updates to your conference platform

Every day, new vulnerabilities are discovered, and the more current your programme is, the better protected you are.

READ MORE: Cyber Threat Report: Insider Threats

Report suspicious activity

Make careful to alert your IT personnel to any questionable activity, including any phishing emails.
Suspicious behaviour should be reported promptly and in great detail in order to help stop future network attacks.