Yusuf On SecuritySecurity news, opinion and advice

Zoom Has Active Vulnerability

Zoom has an actively exploited vulnerability.

Zoom is a “remote conferencing services company headquartered in San Jose, California. It provides a remote conferencing service that combines video conferencing, online meetings, chat, and mobile collaboration”

The problem starts when you chat with other meeting attendees and in particular when you sent them a link. If the link you shared happens to be a a UNC path such as \\servername\share\1.exe this gets converted to a hyper link whereby when you click on it this will open in your default browser. By doing so something strange ensues.

For more details see here and for an in-depth analysis and demonstration screen captures see are here.

Most importantly you need to follow the company’s recommendations.

Author
Yusuf
Join the discussion

Further reading

What will it take?

A great piece on what it will take to improve the safety of the connected world. Read it here.

Extended detection and response (XDR)

Extended detection and response (XDR) captures threat data from previously isolated security tools throughout the organizations tech stack to enable...

Log4j Vulnerabilities

Towards the end of November, a researcher from Alibaba discovered a fault (CVE-2021-44228) in a well known open-source logging library called...