Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Zoom. Show all posts
Zoom Security
Data Data Breach Data Consent Privacy Safety Secure Security Zoom Zoom Security

Zoom Refutes Claims of AI Training on Calls Without Consent

 

Zoom has revised its terms of service following concerns that its artificial intelligence (AI) models were being trained on customer calls without consent, leading to a backlash. 

In response, the company clarified in a blog post that audio, video, and chats would not be utilized for AI purposes without proper consent. This move came after users noticed modifications to Zoom's terms of service in March, which raised worries about potential AI training.

The video conferencing platform took action to enhance transparency, asserting that it had introduced changes to address the concerns. 

In June, Zoom introduced AI-powered features, including the ability to summarize meetings without recording the entire session. These features were initially offered as a free trial.

However, experts raised concerns that the initial phrasing of the terms of service could grant Zoom access to more user data than necessary, including content from customer calls. 

Data protection specialist Robert Bateman expressed apprehension about the broad contractual provisions that granted considerable data usage freedom to the service provider.

Zoom later amended its terms to explicitly state that customer consent is required for using audio, video, or chat content to train their AI models. This alteration was made to ensure clarity and user awareness.

AI applications are software tools designed to perform intelligent tasks, often mimicking human behavior by learning from vast datasets. Concerns have arisen over the potential inclusion of personal, sensitive, or copyrighted material in the data used to train AI models.

Zoom, like other tech companies, has intensified its focus on AI products to keep up with the growing interest in the technology. The Open Rights Group, a digital privacy advocacy organization, cautioned against Zoom's approach of launching AI features as a free trial and encouraging customer participation, deeming it more alarming due to potential opacity in its privacy policy.

A spokesperson for Zoom reiterated that customers retain the choice to enable generative AI features and decide whether to share content with Zoom for product improvement. 

The company's Chief Product Officer, Smita Hashim, emphasized that account owners and administrators can opt to activate the features and that those who do so will undergo a transparent consent process for AI model training using customer content. Screenshots displayed warning messages for users joining meetings with AI tools, offering the option to consent or exit the meeting.
Read more »
Zoom
Digital media Social Media Technology Zoom

Zoom Boss Greg Tomb Fired ‘Without Cause’

Zoom, the video conferencing platform that many people use to work from home, has terminated the contract of its President, Greg Tomb. Tomb was in charge of sales and had been involved in the company's financial calls. But, Zoom has confirmed that it will not hire anyone else for the position, and Tomb's exit was not because of anything he did wrong, the company said. 

Tomb reported directly to Zoom's CEO, Eric Yuan, who founded the company in 2011 and is credited with making Zoom so popular during the pandemic. Millions of people worldwide used Zoom to keep in touch while staying home. 

In April 2020, the company boasted 300 million daily participants on its video calls, including virtual weddings and funerals. However, Zoom has struggled to keep up its success, just like many other tech companies, and had to lay off over a thousand employees earlier this year. 

Despite tripling its workforce during the pandemic, the company cut 15% of its staff because of a decrease in demand. Yuan has admitted that the company did not have enough time to analyze its teams and decide if they were working towards its goals. 

As companies look to cut costs during the economic downturn, Zoom may lose out to other services such as Google Meet, Microsoft Teams, and Slack. In response, Zoom is trying to diversify its offerings. 

It announced plans to add email and calendar features last year and launched a chatbot to help users with issues. Zoom is also developing Zoom Spots, which are virtual co-working spaces that allow hybrid teams to work together. 

In an email to employees, the CEO wrote, "As the CEO and founder of Zoom, I am accountable for these mistakes and the actions we take today. To that end, I am reducing my salary for the coming fiscal year by 98 percent and foregoing my FY23 corporate bonus. Members of my executive leadership team will reduce their base salaries by 20 percent for the coming fiscal year while also forfeiting their FY23 corporate bonuses." 

Zoom became famous because it helped people stay connected while working from home during the pandemic. However, it's been tough for Zoom to keep up with its success, and they had to lay off staff. They're also facing tough competition from other video conferencing services like Google Meet, Microsoft Teams, and Slack.

Zoom is trying to offer new services like email and calendar features and virtual co-working spaces to attract customers. It's still unclear if Zoom can compete in the crowded video conferencing market. 

Read more »
Zoom
Ad Blocking Adobe Google Ads GPU malware Phishing Attacks Racoon Stealer Zoom

Cybercriminals Use Google Ads to Deploy Malware

 

Hackers are utilizing the Google Ads service more consistently than ever before to transmit malware. As soon as the victims click the download link on the threat actors' fake versions of the official websites, trojanized software is distributed. 

Grammarly, MSI Afterburner, Slack, Dashlane, Malwarebytes, Audacity, Torrent, OBS, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird, and Brave are some of the companies impersonated in these operations.

Raccoon Stealer, a modified variant of Vidar Stealer, and the IcedID loader are two examples of malware propagating to victims' systems. As a result, anyone looking for reliable software on a site with no active ad blocker will see commercials first and be more inclined to click on them because they closely resemble the search result.

Threat actors use a method in that phase to get beyond Google's automatic checks. If Google determines that the launch site is malicious, the operation is blocked and the advertisements are withdrawn. The trick, according to Guardio and Trend Micro, is to send users who click on the advertisement to a malicious site imitating the software project from a relevant but innocuous site made by the threat actor.

Vermux, a threat group, was discovered employing a significant number of masquerAds websites and domains, mainly operating out of Russia, to target GPUs and cryptocurrency wallets owned by Americans.

According to the researchers, in October they came across a malvertising operation where hackers, identified as DEV-0569, utilized Google Ads to send consumers to a malicious file download page. Microsoft claimed that it informed Google about the traffic distribution network abuse.

As per Microsoft, the techniques enable the group to reach more people and increase the number of victims. From August through October, Microsoft observed the threat actor distributing the BATLOADER malware using phishing emails that seemed to be genuine installers for various programs, including TeamViewer, Adobe Flash Player, Zoom, and AnyDesk. 

Use the necessary safety protocols such as an ad-blocker on your browser to block these campaigns by prohibiting Google Search sponsored results from appearing. Users should scroll down until they find the desired software project's official domain. Furthermore, a suspicious installer's unusually large file size is a red flag.  
Read more »
Zoom
Cloud based services Server Down Technology Zoom

Zoom Outage Rendered Services Unavailable

 

As per the latest updates, Zoom was down and unavailable for users worldwide and was preventing them from signing in or attending any meeting or webinar through it. 
 
People complained that they were unable to start or join any meetings and some also added that they were unable to manage their zoom services on websites. 

The users also mentioned that they were getting error pages displayed with text like “Sorry the page you are looking for is currently unavailable. Please try again later” “If you are the system administrator of this resource then you should check the error log for details, faithfully yours, Nginx.”

Zoom played a crucial role during the pandemic in recent years when the importance of cloud-based software, apps, and online activities was truly valued. During the global pandemic, people were stuck inside their homes and were forced to work, study, or communicate with family through screens. The application came as a savior, helping some people in being employed, and some in learning. 

During the investigation, the reports by Downdetector stated that the breakdown of Zoom was affecting numerous users worldwide. It was also noticed that early reports were majorly from the East coast of the US and the southern UK. 

The company itself verified and posted about the issue mentioned by the users on zoom’s service status page. The issue was figured out at 6:50 a.m., as per the reports. Zoom also kept updating throughout its investigation as it posted “we have identified the issue starting and joining meetings. We will continue to investigate and provide updates as we have them.” 

Zoom is a cloud-based platform allowing people to connect with each other worldwide through video conferencing or communication through collaboration. It provides virtual meetings by either audio or video or both modes. The app works on mobile, desktops, and laptops. 
 
The people facing the issue in zoom services let out a sigh of relief when the video conferencing company posted about the fixing of unavailable services on its status page on the 15th of September. “Everything should be working properly now! We are continuing to monitor the situation.” The CEO of Zoom tweeted, putting forth an apology for the disruption of the zoom services.
Read more »
Zoom Security
Mobile Security User Security Zero Click Exploit Zoom Zoom Security

Two Critical Zero-Day Bugs Identified in Zoom Users and MMR Servers

 

Two critical bugs in videoconferencing app 'Zoom' could have led to remote exploitation in users and MMR servers. Natalie Silvanovich of Google's Project Zero bug-hunting team on Tuesday released an analysis of the security bugs; the vulnerabilities were uncovered as part of an investigation after a zero-click attack was demonstrated at Pwn2Own.

The researcher spotted two different flaws, a buffer overflow issue that impacted both Zoom users and Zoom Multimedia Routers (MMRs), and the second one transmits audio and video content between clients in on-premise deployments. Additionally, the platform possessed a lack of Address Space Layout Randomization (ALSR), a security mechanism that helps to guard against memory corruption assaults.

"In the past, I hadn't prioritized reviewing Zoom because I believed that any attack against a Zoom client would require multiple clicks from a user," the researcher explained in a blog post. "That said, it's likely not that difficult for a dedicated attacker to convince a target to join a Zoom call even if it takes multiple clicks, and the way some organizations use Zoom presents interesting attack scenarios."

"ASLR is arguably the most important mitigation in preventing exploitation of memory corruption, and most other mitigations rely on it on some level to be effective," Silvanovich noted. "There is no good reason for it to be disabled in the vast majority of software." 

As MMR servers process call content including audio and video, the researcher says that the bugs are "especially concerning" – and with compromise, any virtual meeting without end-to-end encryption enabled would have been exposed to eavesdropping, 

As per recent reports, the vulnerabilities were reported to the vendor and patched on November 24, 2021, and Zoom has since enabled ASLR. While most video conferencing systems use open-source libraries such as WebRTC or PJSIP for implementing multimedia communications, Project Zero called out Zoom's use of proprietary formats and protocols as well as its high licensing fees (nearly $1,500) as barriers to security research.

"These barriers to security research likely mean that Zoom is not investigated as often as it could be, potentially leading to simple bugs going undiscovered," Silvanovich said. "Closed-source software presents unique security challenges, and Zoom could do more to make their platform accessible to security researchers and others who wish to evaluate it." 

Last year in November, Zoom rolled out automatic updates for the software's desktop customers on Windows and macOS, as well as on mobile. Previously, this feature was only accessible to business users.
Read more »
Zoom Security
patch fixes Pwn2Own 2021 Security patches Vulnerability and Exploits Zoom Zoom Security

Zoom Security Flaw: Now Hackers Can Take Control Of Your PC, Wait For Patch

 


Zoom security issues were lately troubling users worldwide, very often so. The Zoom video conferencing app was not in the limelight before the ongoing pandemic, however, since the inception of Covid-19, a lot has changed along with the ways of living, this was also the time when Zoom App underwent some regulatory security measures, owing to the suddenly enhanced reputation enjoyed by the app, as the work from home was necessitated by the pandemic. 

However, as of now, it is being observed that the security measures that had been taken a year ago are failing to secure users' data from threat actors.

Cybercriminals exploited a vulnerability and undertook a distant code execution (RCE) assault to take management of host PCs. The two Computest cyber safety intelligence observed the vulnerability on the Pwn2Own 2021 competition, organized by the Zero Day Initiative. The two Computest researchers Daan Keuter and Thijs Alkemade were awarded $200,000 for their findings. 

How does This work? 


Foremostly, the hacker has to be a part of the same organizational domain as the host PC’s user has to get permission from the host to join the meeting; When the attackers become part of a meeting, they will be able to execute a chain of three malware that will install an RCE backdoor on the victim’s PC. 

It can also be understood as — the threat actors can get access to your PC, and simultaneously will able to be able to implement remote commands that will then give access to your sensitive data.

Besides, what is even dangerous here is that the hackers can run their operations without the victim being required to do anything, therefore it is very essential to add more layers of security measures that can slow down the future operations of the attackers. 

The aforementioned operation runs on Mac, Windows, but on Zoom’s iOS and Android apps, it has not been checked yet. Notably, the browser version is safe. 

Currently, Zoom is yet to take measures, and the technical details of the attack have not been reported to the public, yet. Reportedly, the patch will arrive on Zoom for Mac and Windows within the next 90 days. 

Read more »
Zoom
Cyber Security Pwn2Own 2021 ZDI Zoom

Pwn2Own 2021 Will Also Cover Zoom, MS Teams Exploits

 

Trend Micro's Zero Day Initiative (ZDI) on Tuesday announced the targets, prizes, and rules for the Pwn2Own Vancouver 2021 hacking competition. Pwn2Own Vancouver ordinarily happens during the CanSecWest conference in Vancouver, Canada, but because of the Covid pandemic, the current year's occasion will be hybrid — members can present their exploits remotely and ZDI staff in Toronto (Canada) and Austin (Texas) will run the exploits. The attempts will be live-streamed on YouTube and Twitch.

The prize pool for Pwn2Own 2021 surpasses $1.5 million in cash and other prizes, including a Tesla Model 3. The vehicle is being offered to individuals who take an interest in the automotive category. In this category, in addition to the vehicle, hackers can procure up to $600,000 for hacking a Tesla. There are three difficulty levels in this category and the Model 3 is being offered in every one of them. 

ZDI has likewise declared another category for the forthcoming occasion. As a feature of the new enterprise communications category, participants can acquire up to $200,000 for demonstrating exploits against Zoom or Microsoft Teams. “As the workforce moves out of the office and goes remote, the tools needed to support that change become greater targets. That’s one reason we added this new category and teamed up with Zoom to have them in the contest. Microsoft Teams will also be a target. A successful demonstration of an exploit in either of these products will earn the contestant $200,000 – quite the payout for a new category,” reads the announcement published by ZDI. “A successful attempt in this category must compromise the target application by communicating with the contestant. Example communication requests could be audio call, video conference, or message,” ZDI said. 

Different categories incorporate virtualization, with a top prize of $250,000 for Microsoft Hyper-V client exploits, an internet browser category, with a top prize of $150,000 for Chrome and Edge exploits, an enterprise application category, with the greatest prize of $100,000 for Microsoft 365 exploits, a server category, with up to $200,000 offered for Microsoft Exchange and Windows RDP exploits, and a local privilege escalation category, with $40,000 being the top prize for Windows 10 exploits.
Read more »
Zoom
COVID-19. Online Classes Pinterest Technology Zoom

Pinterest soon to join the Online Classes Plethora

 

With 400 Million monthly active users (a 30% increase from last year), Pinterest is gaining foot among millennials and Gen Z. And their secret of success is their creative interface and their constant new features that attract Gen Z to the platform for future growth, learning, and inspiration. And thus, the photo-sharing social app is aired to be testing online events where users can sign up for Zoom classes by creators. 

The organization confirmed that the feature is undergoing tests with selected users but didn't comment further either on the confirmation or the launch. 

The creators can organize lessons through Pinterest’s class boards, manage class materials, notes, and other resources, and connect through a group chat option. The classes would work through communities- similar to pinboards, if a user wants to join a class, they'll have to click on a sign (a book) to join and they will be mailed with the class detail and zoom link. The communities will be a space to inform about notes, photos, class overview, description, group chat, and more. like lists of what to bring to class, notes, photos, and more. 

The feature was discovered by reverse engineer Jane Manchun Wong on Tuesday by looking into class details. Though, she adds that clicking on these links results in nothing as the feature is not yet active. There are some demo profiles that you can check out: “@pinsmeditation” or “@pinzoom123,” but their communities are empty.

 "We are experimenting with ways to help creators interact more closely with their audience," a Pinterest spokesperson said in a statement. 

 The social media company is constantly on the rise with 442 million global monthly users and a 50 percent increase in Gen Z loggers. Their Q3 revenue rose to 58 percent and a 60 percent increase is expected in Q4. With these numbers, it is no shock that the company will invest in new features and quirks for their users, and what could be more beneficial than online classes during a worldwide pandemic. As Pinterest commented, "We continue to navigate uncertainty given the ongoing COVID-19 pandemic and other factors".
Read more »
Zoom
Remote Code Execution Vulnerabilities and Exploits Zero Day Zero-day vulnerability Zoom

Zoom Zero-Day Allowed Remote Code Execution, Patch Issued


Video and audio conferencing software, Zoom patched a zero-day vulnerability that was affecting users running old versions of Windows: Windows 7, Windows Server 2008 R2 and earlier. The flaw was detected on Thursday and later published in a blog post by security research organization ACROS Security.

 The vulnerability that was previously unknown, allowed a remote attacker to execute arbitrary code on targeted user’s system on which one of the supported versions of Zoom Client for Windows is installed; in order to set the attack into motion, the attacker manipulates the victim into carrying out some typical action (Opening a received doc. file) and reportedly, there is no security warning displayed to the user as the attack takes place.

 After disclosing the zero-day vulnerability to Zoom, ACROS released a micropatch for its 0patch client in order to safeguard its own clients against attack till the time Zoom came out with an official patch. In the wake of various security flaws, the company halted the production of new features for a while so that the major privacy-related concerns that are threatening user security can be treated with much-needed attention. However, this ‘feature freeze’ period ended very recently i.e., on July 1, last week itself, and the zero-day was detected a few days later.

 In conversation with Threatpost, 0patch’s co-founder, Mitja Kolsek said, “Exploitation requires some social engineering – which is practically always the case with user-side remote code execution vulnerabilities,”

 “While a massive attack is extremely unlikely, a targeted one is conceivable." “Zoom Client features a fairly persistent auto-update functionality that is likely to keep home users updated unless they really don’t want to be,” he wrote.

 “However, enterprise admins often like to keep control of updates and may stay a couple of versions behind, especially if no security bugs were fixed in the latest versions.”

“Zoom takes all reports of potential security vulnerabilities seriously. This morning we received a report of an issue impacting users running Windows 7 and older. We have confirmed this issue and are currently working on a patch to quickly resolve it,” said Zoom, while addressing the issue initially.

A few days later, on July 10, a fix was released by the company and the officials said, "Zoom addressed this issue, which impacts users running Windows 7 and older, in the 5.1.3 client release on July 10. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.”
Read more »
Zoom
Coronavirus Microsoft 365 Phishing emails Technology Zoom

Microsoft Office 365 Users Targeted By a New Phishing Campaign Using Fake Zoom Notifications



As people across the world struggle to survive the onslaught of the corona pandemic by switching to the work-from-home criteria, the usage and demand of cloud-based communication platform providing users with audio and videoconferencing services have seen a sudden upsurge.

Zoom is one such platform that has from the beginning of 2020 has seen an extremely high increase of new monthly active users after a huge number of employees have adopted remote working.

However recently Microsoft Office 365 users are being targeted by a brand new phishing campaign that utilizes fake Zoom notifications to caution the users who work in corporate environments that their Zoom accounts have been suspended, with the ultimate goal of stealing Office 365 logins.

Reports are as such that those targeted by this campaign are all the more ready to believe in such emails during this time since the number of remote workers participating in daily online meetings through video conferencing platforms, as Zoom has definitely increased because of stay-at-home orders or lockdowns brought about by the pandemic.

 As of now the phishing campaign mimicking automated Zoom account suspension alerts has received by more than 50,000 mailboxes based on details given by researchers as email security company Abnormal Security who recognized these continuous attacks.

The phishing messages spoof an official Zoom email address and are intended to imitate a real automated Zoom notification.

Utilizing a spoofed email address and an email body practically free from any grammar blunders or typos (other than a self-evident 'zoom' rather than 'Zoom account') makes these phishing messages all the more persuading and conceivably more viable.

The utilization of a lively "Happy Zooming!" toward the end of the email could raise a few cautions however, as it doesn't exactly fit with the rest of the message's tone.




As soon as the users click the "Activate Account" button, they are redirected to a fake Microsoft login page through 'an intermediary hijacked site'.

On the phishing landing page, they are asked to include their Outlook credentials in a form intended to exfiltrate their account subtleties to attacked controlled servers.

On the off chance that they succumb to the attackers' tricks, the victims' Microsoft credentials will be utilized to assume full control for their accounts and all their data will be ready for the picking, later to be utilized as a part of identity theft and fraud schemes like the Business Email Compromise (BEC) attacks.

Despite the fact that the US Federal Bureau of Investigation (FBI) had warned of BEC abusing popular cloud email services, like Microsoft Office 365 and Google G Suite through Private Industry Notifications issued in March and in April.

Even after this, Office 365 users are continuously targeted by phishing campaigns with the ultimate objective of reaping their credentials.

Regardless Microsoft has warned of phishers' ongoing movement to new types of phishing strategies, like consent phishing, other than conventional email phishing and credential theft attacks.

Microsoft Partner Group PM Manager Agnieszka Girling says, "While application use has accelerated and enabled employees to be productive remotely, attackers are looking at leveraging application-based attacks to gain unwarranted access to valuable data in cloud services,"

The company additionally has made a legal move to destroy some portion of the attack infrastructure used to host malignant 365 OAuth apps utilized in consent phishing to seize victims' Office 365 accounts.

Read more »
Zoom
Coronavirus E-learning Education Online courses Online learning Online lectures Technology Universities Video Conferencing Zoom

Universities Switch to Online Learning but Is it Enough?


With there being no apparent end in view of the pandemic, everyone has been forced to live within a confined space and spend their days not doing anything that needs going out.

Especially students all over the world are having a hard time managing things without the actual physical classes to dote on. Not that online lectures and a virtual education aren’t lucrative but most students find a lack of motivation a common problem.

With the dearth of options, available students are managing to adjust to the online learning life given most institutions have switched to various online mediums like Zoom, which is a great step, globally.

Universities are trying their best to make do with all the possible resources they have at their disposal. But is it okay to consider that online classes shall suffice?

What the students need at such a gloomy time is a way to make education and learning which could provide them technologically rich experience and not just a mere imitation of what otherwise happens in their classes.

The tech-world is overflowing with contemporary ideas of learning. There are hundreds of ways to create and design interactive sessions via podcasts, and virtual reality. Students, from the comfort of their homes, could be better learners if they encourage the right way and could induce better responses.

Online learning or online lectures shouldn’t just be a professor, going on and on for hours like in a physical class. There is such a variety of avenues to follow when it comes to technology-based learning that too, online.


During the past months, the number of students enrolled in online courses has increased substantially. There has also been a rise in the number of students joining full-time online courses.

People who weren’t as tech-savvy as all that lost their jobs and had to get back to studying for any possible chances of a career change.

Per sources, FutureLearn and UofPeople(University of People) have experienced a hike in demand for online courses because of people wanting to be productive in the days of quarantine by acquiring new skills.

According to reports, there has been seen a significant rise in the demand for online courses for the English language, health-related subjects, and mental health topics.

This culture of interactive online learning if does not limit itself to the pandemic times could lead to a better learning mechanism that would prove to be extremely efficacious for students all across the globe.

The availability of online platforms for students to begin or continue their education is massively contributing to lessening the number of chances of students deferring.

Even though the initial online courses that went and probably still do, by the name Moocs (Massive open online courses) weren’t so much of a big hit, but given the times of the “pandemic induced confinement”, people are warming up to them.

The current predicament has everyone bursting with uncertainty. There is no telling if universities would even begin their next sessions any time soon.

Everything can’t certainly be taught online, especially practical-learning which prompts a huge question mark to which no one has the right answer.

Realizing that there is no way to know when the universities would open and commence their normal operations with the added factor of social distancing, ‘the internet is all we have.'

Read more »
Zoom
Cybersecurity Darkweb Phishing Attack Zoom

Users May Risk Losing their Passwords on Dark Web For Sale


In April, Zoom became one of the many victims of the companies that lost their user data to the hackers. Zoom, which is one of the top online video conference platforms, lost more than half a million of account logins on the dark web. The leaked passwords could be bought either for free or for a minimal amount of money. Understandably, the users are blaming the Zoom company for losing its accounts, and they have every right to do so. It is, however, a part of much bigger trouble that includes hackers, some criminal niches on the Internet, and the fault of our own to set very weak user passwords.


How passwords end up on the dark web? 

 Every year, more than hundreds of millions of user accounts end up getting exposed to the dark web, either through malware or phishing attacks. According to a report by Privacy Rights Clearinghouse, a non for profit organization in California, around 11.6 Billion user accounts have been hacked since the year 2005. The hacked accounts are then either uploaded on hacker websites or posted on the dark web for sale.

These websites and dark web can be accessed only through a specific browser called Tor. "Then there's Tor, the darkest corner of the Internet. It's a collection of secret websites (ending in .onion) that require special software to access them. People use Tor so that their Web activity can't be traced -- it runs on a relay system that bounces signals among different Tor-enabled computers around the world," says Jose Pagliery from CNN Business.] The hackers use these purchased passwords and try logging in with them to several other websites until they are successful, a technique known as credential stuffing.

The hackers used credential stuffing to steal more than 500,000 Zoom user accounts and uploaded them later on the dark web. In response to this, Zoom spokesperson has confirmed that they suspect the hackers used credential stuffing to breach the accounts. "You can help prevent some of these attacks by banning the use of bad passwords, blocking legacy authentication, and training employees on phishing," says Microsoft's security website on "how to prevent your company from web attacks."
Read more »
Zoom
Coronavirus Facebook Group Video Call Houseparty Mark Zuckerberg Messenger Technology Video Chat Room WhatsApp Zoom

Facebook's Messenger''s Latest Update Supports 50 Participants In a Video Chat Room!


During these ungodly hours of the pandemic with everyone stuck at home and yearning for some one-on-one time with friends and family stuck elsewhere, Facebook has come through like a Knight in shining armor.

It has booted up Messenger and WhatsApp with fresh and much-needed video-calling features in light of the obvious hike in the “need” for video-calls via social media.

In the areas that are affected to the greatest degrees by Coronavirus, researchers have seen an acute escalation in the usage of Messenger and its video calling feature, as much as double the earlier rate.

With the latest WhatsApp update increasing the number of participants in its video/audio calls, Messenger has made available an update that could let users add up to 50 people in the Messenger Rooms.

Turns out that these fresh features were always on the list of updates but they were rolled out to the users a little earlier than planned because of the pandemic and lock-downs.

This update is scheduled to start reaching people soon and would eventually reach all the users but it is bound to take time.

Per sources, Facebook had been working towards preventing ‘unrequired’ and ‘unneeded’ guests from popping in the chats, as well.

There is no dearth of applications willing to help users get through these tough times by connecting virtually with their loved ones. Zoom, another app that has seen crazy growth in the number of its active users to an astonishing 300 Million.

Houseparty is another one that hit the download charts hard when the news of the lock-down first surfaced everywhere in March.

Much like in the formerly mentioned app, until the Messenger Room is ‘open’, guests can drop in and out per their wishes in the group video chats.


With a very thoughtful idea, Facebook had reportedly wanted to create a realistic atmosphere for the video chat users where people could “bump into each other”.

In fact, rumor has it that Facebook is planning to add the group video chat room feature to WhatsApp and Instagram as well but there is no evidence as to when.

The chat rooms that are open to the public shall be listed at the top of the feed. The person creating the chat room would have control over the privacy of the room, about sending the invitations to people who aren’t on Facebook, who gets added and blocking unwanted participants. Participants could also change their backgrounds in real time, mention sources.

Per reports, the feature was first tested in Argentina and Poland where Messenger is supposed to be used the most. The results showed that up to 20 participants could be added at once, but the number is would increase to 50 according to Facebook.

Having uninvited participants show up in their chat rooms has only caused inconvenience to the users especially in the case of Zoom. Facebook has definitely learned from that.

The chats wouldn’t be encrypted end-to-end at least at the beginning of the launching but it’s surely on the to-do list. Monitoring and listening in on the video calls, says Facebook, is absolutely out of question.

The tech giant has also promised that it will keep working towards making Facebook better in every way possible by collecting data from the users about the overall experience, mention sources.

Premium features are being made available for free by the Microsoft teams for some of their apps owing to the Coronavirus outbreak, per sources.

Per reports, usually, the most whopping product launches of Facebook are done via the blog post by Mark Zuckerberg which in this case was used to announce the Messenger Room’s latest update.

To know about the latest feature update of WhatsApp check out the following link:
WhatsApp's Latest Feature Lets You Add More People To Video Calls!
Read more »
Zoom
Russia Technology Technology News Zoom

Russia to develop a video platform similar to Zoom


The Ministry of Digital Development, Communications and Mass Media of the Russian Federation will develop a similar Zoom platform for video communication by the beginning of the new school year. This was announced on Saturday by Minister of Education Sergey Kravtsov.

"Together with the Ministry of Digital Development, Communications and Mass Media, we are developing a new domestic product Digital educational environment, which will use only domestic developments, only domestic software, including a video platform similar to Zoom and Skype," said the Minister.

The Minister stressed that such a platform is necessary in order to exclude problems related to the instability of foreign systems from the educational process. Kravtsov noted that, for example, the use of Zoom was abandoned in Singapore, because there was "unauthorized access to the education process".

Recall that on March 14, in order to prevent coronavirus, it was recommended to transfer students to distance learning.

Note that the daily audience of the Zoom app in the world in March 2020 compared to December 2019 increased by 20 times.

In addition, Moscow senator Vladimir Kozhin drew the attention of the state to threats posed by Russians in self-isolation. He was talking about a huge array of personal data that now has to be transmitted online for various purposes. The senator believes that this information can become the goal of cybercriminals and lead to serious damage to citizens and businesses.

He proposed "to develop and adopt a number of amendments to the Criminal Code of the Russian Federation in the shortest possible time, seriously toughening the responsibility for such crimes."

Earlier, E Hacking News reported that users of the Zoom video conferencing service have become targets of hackers. Scammers create Zoom-disguised websites and malware to steal their personal data.

Moreover, hackers appeared in Networks that offer to issue digital passes for moving around the city on social networks.
Read more »
Zoom
Cyber Crime Video Conferencing Zoom

Zoombombing: what is it and how you can prevent your conference calls from being zoombombed


Amid this Covid-19 lockdown, the use of video conferencing software has seen a rapid rise- be it work-related, teaching or just socializing. Our use of video chats has increased and with it, the security concerns have risen diligently.


One such software "Zoom", which is quite popular for video conferencing has been drawing attention from security researchers and journalists recently over privacy and security issues. Even United States investigative agency FBI issued a warning to the citizens to be cautious while using zoom app citing cases of zoombombing where calls were interrupted by "pornographic and/or hate images and threatening language," and the agency also asked the software companies to practice "due diligence and caution" in their security measures.

 Zoombombing is an incident when your video conference calls are interrupted by unwanted/uninvited attendee and disrupts the meet. 

Measures by Zoom to prevent Zoombombing

On Wednesday, Zoom CEO Eric Yuan published a blog post addressing these security concerns. He mentioned that Zoom will freeze feature updates and focus on coming up with security solutions for the next 90 days. Quoting to dedicate these ninety days to "the resources needed to better identify, address and fix issues proactively." He wrote that these initiatives will focus on "conducting a comprehensive review with third-party experts and representative users to understand and ensure the security of all of our new consumer use cases," according to the post.

Steps you can take to prevent "Zoombombing" 

There are some simple settings you can change on your Zoom app for your calls from being interrupted by unwanted individuals.

  1. Don't use your personal meeting ID, instead use a pre-meeting ID exclusive for that meeting. There are Zoom tutorials to help you understand how to generate a random meeting ID for a meeting. 
  2.  Enable the "waiting room" feature in Account Management. It will allow you to see who is attempting to join the meeting and give them access. 
  3. Once the meeting begins and everyone is in it, lock the meeting to outsiders. 
  4.  Make sure you don't publish or post the meeting ID on public platforms. 
  5.  If any outsider does barge in- 
You can lock them out by going to Participants List in the navigation sidebar, scroll to more and click to Lock Meeting. You can also shut them up, by clicking on Mute all control in the Participants List.
Read more »
Zoom
malware Malware Report Zoom

Hackers use fake Zoom domains to spread malware


The coronavirus pandemic is forcing many people around the world to work remotely. This has significantly increased the popularity of video conferencing services such as Zoom. Attackers took advantage of this and began to use fake Zoom domains to spread malware and gain access to other people's video conferencing. This was reported by the security company Check Point.

Researchers note that since the beginning of the virus pandemic, 1,700 domains with the word Zoom have been registered. At the same time, 25% of new domains were registered in the last seven days, and 70 of them are considered suspicious by the company.

Check Point specialists found malicious files like "zoom-us-zoom_##########.exe", where # is a set of digits. After running such a file, the InstallCore batch application is installed on the user's computer, which is used for further downloading malware.

Fraudulent sites that simulate the work of Google Classroom or Google Hangouts have also appeared on the Internet. Disguised sites are created for the purpose of phishing: stealing passwords, credit card data, and other personal information from users. Check Point Cyber Research Manager Omer Dembinsky advised all users to make sure that links to video conferences are secure before using them.

In January of this year, Check Point published a report indicating that Zoom has security flaws. According to the company, hackers could connect to video conferences by generating random numbers that became conference URLs. Zoom then fixed the security breach and made some changes to the service, for example, introducing mandatory password protection for conferences.
Read more »
Zoom
Apple Jonathan Leitschuh Mac Malware Security researcher Web Server security Zoom

Apple pushes out silent update for Mac users to remove Zoom web server

Earlier this week, a US-based security researcher named Jonathan Leitschuh had publicly disclosed a major vulnerability in the Zoom video conferencing software for Apple’s Mac computers which could make any website start a video-enabled call by hacking the webcam of the system. Now, according to a report by TechCrunch, Apple has pushed out an update silently to the macOS which removes the Zoom web server.

As per the report, the US-based technology giant has confirmed the said update has been released and it is installed automatically and does not require any interaction with the user. The purpose of the update is only to remove the local web server installed by the Zoom app. The company said that it pushed the update to protect its users from the risks posed by the exposed web server.

According to Leitschuh’s claims earlier this week, even if Mac users uninstall the Zoom app from their system, the web server continues to persist and it can reinstall Zoom without the user’s permission.

In a statement to The Verge and ZDNet, Zoom had said that it developed the local web server to save Mac users from too many clicks, after Apple changed their Safari browser in a way that requires Zoom users to confirm that they want to launch Zoom every single time. Zoom also said that it will tweak the app such that it will save the user’s and administrator’s preferences for whether the video will be turned on, or not, when they first join a call.

However, it seems Apple took it upon itself to rescue its users from the security vulnerability posed by Zoom app. The silent update was all the more needed because Zoom had installed a local web server that could reinstall the app even if the user had previously uninstalled it.
Read more »
Zoom
App App vulnerability macOS Security flaw Webcams Zoom

Flaw in Zoom app could allow Mac webcams to be hacked

Jonathan Leitschuh, a US-based security researcher on Monday had publicly disclosed a major zero-day vulnerability in the Zoom video conferencing software. Leitschuh had demonstrated that any website can start a video-enabled call through the Zoom software on a Mac with the help of a web server which gets installed by the Zoom app.

According to a report by The Verge, the server accepts the requests which the regular would not. The report further says that even if you uninstall the Zoom software, the server will still remain and it can reinstall Zoom without the user’s choice. As per the findings by Leitschuh, the Zoom software can get hijacked by any website which can then force a Mac user to join a call along with an activated webcam even without their permission unless a specific setting is enabled.

On a Medium post published on Monday, Leitschuh gave a demonstration through a form of a link which after being clicked takes Mac users (currently using/or have used Zoom app before) to a conference room activating their webcams. He notes that this particular code can get embedded to any website and also on malicious ads or a phishing campaign.

Leitschuh further writes that even if Mac users uninstall the Zoom app, the local web server still remains and it will “happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage.”

The Verge in its report said that they tried the flaw themselves by using Leitschuh’s demo and were able to confirm that the issue does persist on clicking the link if Mac users have used the Zoom app and have not checked a particular checkbox in settings. The link auto joins the users to a conference call with the web camera on.

As per Leitschuh, he had contacted Zoom back on March 26 earlier this year and had said that he would disclose the exploit publicly in 90 days. According to him, Zoom does not seem to have done enough to resolve the problem. The particular vulnerability was also disclosed to both Chromium and Mozilla teams, however, because it is not an issue with their browsers, there is not much those developers can do about this.
Read more »
Subscribe to: Posts (Atom)