New Zoom vulnerability lets hackers record meetings even when host disables recording functionality for participants.
Hackers are actively exploiting critical flaws in the video communications service provider Zoom to carry out malicious acts amid Coronavirus. Then, there are those who are selling millions of authentic Zoom login credentials. And now, a Zoom vulnerability that puts millions of users at risk across the globe. Recently, the IT security researchers at Morphiec have discovered a critical malware vulnerability which if exploited can allow attackers to record live Zoom meetings and audio conversations. What’s worse is that by using the vulnerability attackers can carry out recordings even if the host disables recording functionality for participants. All that without the host’s knowledge or permission. In a blog post, Morphisec’s researcher Daniel Petrillo wrote that, The trigger (evading detection) is a malware that injects its code into a Zoom process without any interaction of the user and even if the host did not enable the participant to record. When recording in this way, none of the participants are notified that the session is being recorded while the malware fully controls the output. The vulnerability can not only open doors for malware attacks, but hackers can also use the opportunity to launch large scale espionage campaigns against businesses, steal secrets or credentials, and much more. Furthermore, since millions of Zoom accounts are already being sold on the dark web, all attackers would need is to sign in and perform the attack. The good news is that Morphiec researchers have already informed Zoom about the vulnerability however it is unclear if the company has patched the flaw or not. Therefore, if you are a Zoom user follow the below-given precautions to protect yourself from hackers. 1- Enforce complex Zoom meeting passwords by default for all users 2- Credential stuffing is a known issue in the industry, and the Zoom application is one of the hackers’ targets. 3- Users (and average consumers) are advised not to re-use their passwords on other apps and websites and monitor for potential data breaches via services such as HaveIbeenPwned and AmIbreached.com. 4- Implement multi-factor authentication where possible 5- Organizations are encouraged to consider a data breach monitoring solution to reduce their exposure window and mitigate the risks
Here at VortexShield we are dedicated to providing you and your computer with the best security possible. To find out more please go to our site vortexshield.com