Skip to main content

Zoom Bug Could Have Let Uninvited People Join Private Meetings - Use these precautions

Zoom Bug Could Have Let Uninvited People Join Private Meetings -  Use these precautions


 Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic made it overnight a favorite tool for millions of people.



Though Zoom is an efficient online video meeting solution, it's still not the best choice in terms of privacy and security.
Precautions
According to the latest finding by cybersecurity expert @_g0dmode, which was also confirmed by researcher Matthew Hickey and Mohamed A. Baset, the Zoom client for Windows is vulnerable to the 'UNC path injection' vulnerability that could let remote attackers steal login credentials for victims' Windows systems.
The attack is possible only because Zoom for Windows supports remote UNC paths, which converts such potentially insecure URLs into hyperlinks for recipients in a personal or group chat.
To steal the login credential of user running zoom for Windows, all an attacker needs to do is sent a crafted URL (i.e. \\x.x.x.x\abc_file) to the victim over its chat interface, as shown, and wait for the victim to click it once.

 To be noted, the captured passwords are not plaintext, but a weak one can easily be cracked in seconds using password cracking tools like HashCat or John the Ripper.

In a shared environment, like office space, stolen login details can be reused immediately to compromise other users or IT resources and launch further attacks.

Besides stealing Windows credentials, the flaw can also be exploited to launch any program already present on a targeted computer or downloaded as part of the attacker's social engineering campaign.
Zoom has already been notified of this bug, but since the flaw has not yet been patched, users are advised to either use an alternative video conferencing software or Zoom in your web browser instead of the dedicated client app.
Besides always using a secure password, Windows users can also change the security policy settings to restrict the operating system from automatically passing their NTML credentials to a remote server.

FOLLOW US  :  INSTAGRAM  |  TWITTER 

Comments

Post a Comment

Popular posts from this blog

Now Get Your PAN Card Free and Within 10 Minutes

Income Tax Department Big update Now Get Your PAN Card Free and Within 10 Minutes  Get Your PAN Card Allotted By Registering through Aadhaar Card Link -    CLICK HERE If want Physical Copy then it will be charged
Post a Comment
Read more

TEXT TO HANDWRITING - You don't have time to write your Assignments? Here is the quick solution.

Are you a 9-6 job person?  Are you fed up of writing so many assignments?  Is your Deadline to submit your assignment is near and you dont have time to write all of your assignments?  👉 If yes? than i have a solution for you.  👉  TEXT TO HANDWRITTEN  ðŸ‘ˆ                                            Use this website to write down all  content of your assignment in handwritten form in your computer.  It look so real handwritten when you take a color print of the page after writing content on it.  What you have to do is to follow all these steps : 1. Open this website  Click Here   2. Take a soft copy of your assignment and copy the written content and paste it on the website.  3. Choose the int color of the font ( Black, Blue, Red)  4. Set the alignment of text, line spacing and word spacing.  5. Download the sof...
Post a Comment
Read more