Zoom security flaw update, in a haste, Zoom has released a critical update to its macOS software that fixes a significant vulnerability. This update addresses a flaw in the automatic updating mechanism that might give an attacker complete control of your system. A security researcher by the name of Patrick Wardle was the one who initially uncovered the flaw. Due to many vulnerabilities, any user can gain access to root (superuser) on a Mac without entering a password.
Zoom security flaw update
Zoom users can check for available updates by clicking their profile symbol, then selecting “Check for Updates” from the menu that appears. Zoom’s own video instruction is available here for more information. To put it simply, you need upgrade to the latest version (5.11.5) if you are not already there. Don’t wait any longer; you’ve been vulnerable for almost a year now.
Zoom’s recent problems summarised. We’ve ordered the issues by date, with the most current ones on top, and divided the older ones into those that are still open, those that have been fixed, and those that don’t fit into either category.
Zoom fixes a vulnerability in macOS on August 15, 2022.
Patrick Wardle, a security researcher, found a major flaw in Zoom that might allow a hacker to gain control of macOS and freely alter, add to, or delete data.
Thanks to their prompt response, Zoom has fixed the vulnerability, but customers on Macs still need to update to the latest version to ensure they are safe.
Tens of thousands of Zoom customers experience a service outage on July 28, 2022.
According to data gathered by Downdetector, a Zoom outage affected thousands of customers. Zoom Phone’s telephony component reportedly had decreased performance, which prevented users from making calls. It now seems as though the problem has been resolved and normal service has been restored at Zoom.
Using deceptive tactics to get people to use an outdated version of the Zoom client; 25 May, 2022
When updating, the Zoom Client for Meetings and Zoom Rooms for Conference Rooms software do not correctly validate the installation version, a security weakness uncovered by a Google Project Zero researcher. Due to the fact that the Zoom server and client server utilise different XML parsing libraries, a hacker may send a targeted message to cause the target client to download an insecure version of Zoom.
Zoom 5.10.0, which addresses this and other vulnerabilities, was just released as a patch. To prevent attacks that take advantage of this hole, make sure you’re using the most recent version of your videoconferencing software.
Inability to silence Mac microphones as of February 10, 2022
Zoom released a patch meant to address complaints from Mac users that their microphones remained active after a meeting had concluded. Not exactly, unfortunately.
After another patch was installed a month later, the microphones were disabled. Update to version 5.9.3 of the Zoom desktop client on your Mac. The upgrade might require a “manual” installation via download from the Zoom homepage.
Automatic upgrades for Zoom will begin on December 7th, 2021.1
You may now enable automatic updates in the latest versions of Zoom’s client software for Windows and Mac, ensuring that you always have the most up-to-date and secure version.
More notably, the new function gives you the option of taking the “fast” or “slow” lane for less pressing upgrades, so you can decide whether to obtain the most recent features and run the risk of some instability, or to do things at a steady pace with maximum reliability.
Soon, automatic updates for both new and existing customers will likely be enabled by default. To disable or enable this feature, navigate to Zoom > Settings > General and locate “Zoom Updates.”
A resolution to the Zoom class action lawsuit is scheduled for December 7, 2021
Anyone who utilised Zoom between March 30, 2016 and July 30, 2021 is eligible to receive a monetary reimbursement as part of a class-action lawsuit settlement over privacy and security concerns discussed above. Maybe it’s not a lot of money when broken down by individual. Subscribers who “paid any amount to Zoom” during the eligibility period “are entitled to earn either 15% of the total you paid to Zoom” or “$25,” whichever is larger. The sum of $15 is available to those who utilise Zoom for free. In the event that more people file claims than Zoom can afford to settle with the $85 million allotted, the sums may be decreased. See the specifics at ZoomMeetingClassAction.com, where you can also submit a claim after reading the terms and conditions. Tom’s Guide makes no promises about what you may obtain.
On November 18 of 2021, Zoom addressed three major issues plaguing its conferencing platform.
Three critical vulnerabilities in some versions of Zoom’s enterprise video-conferencing software have been patched. The most severe of these vulnerabilities might have allowed an attacker to get access to a company’s internal server system.
According to a research by Positive Technologies, the following Zoom corporate applications are exploitable and should be updated immediately: Supported software releases include: Meeting Connector Controller 4.6.348.20231217; Meeting Connector MMR 4.6.348.20231217; Recording Connector 3.8.42.20230905; Virtual Room Connector 4.4.6620.20231110; Virtual Room Connector Load Balancer 2.5.5495.20210326; and Virtual Room Connector.
Consumers should update to version 5.5.4 of the Zoom Client for Meetings for Windows because it addresses a security issue that was discovered in earlier versions. So says the Zoom Security Bulletin page.
Oct. 19, 2021: In order to use Zoom, your computer must be up to date within the last 9 months.
On November 1, 2021, Zoom announced, “users will be obliged to update their Zoom software to ensure it is never more than nine months behind the current version at any given time.” You won’t be able to participate in Zoom meetings till you upgrade your software.
Software versions older than that will be urged to update. Except for the Zoom Room Controller, all other versions of Zoom software on all platforms affected.
Security holes in Zoom will be fixed on September 30, 2021.
Zoom revealed a number of vulnerabilities in earlier versions of its desktop clients and Microsoft Outlook plug-ins, all of which have since been addressed in updated releases available for Windows and macOS.
Some of the vulnerabilities were severe enough to allow remote code execution (i.e., hacking over the internet) on user machines, while others were less serious. At the very least, everyone was updated to version 5.4.0 of the Zoom Client for Meetings and version 5.0.25611.0521 of the Zoom Plug-In for Microsoft Outlook for Mac.
Telephonic Zoom calls will be encrypted as of September 13, 2021.
Zoom Phone, Zoom’s paid cloud calling service for Pro, Business, and Enterprise users, will soon provide end-to-end encryption, the company said. Zoom Phone calls between two people will have the option of using end-to-end encryption.
On August 13, 2021, Zoom patched a security hole that allowed hackers to steal user data.
After the remote hacking issue that was demonstrated during the Pwn2Own competition in April was patched, Zoom announced it in a Zoom Security Bulletin.
Everyone using version 5.6.2 or earlier of the Zoom Client for Meetings software on any platform (Windows, Mac OS X, or Linux) should upgrade immediately.
Zoom resolves class action case on July 31, 2021
A federal class-action lawsuit against Zoom alleging it compromised user security, misled customers, and disclosed private information to third parties without permission has achieved a preliminary settlement.
If the judge approves the settlement, Zoom will pay $85 million to compensate customers who signed up for a consumer account between March 2016 and the present. (Zoom users with enterprise or government accounts are excluded from the litigation.)
Zoom users who pay for a subscription can get $15 off their next payment, or 15% of their monthly fee up to $25. If you are a member of the class and have not yet received notice that you can submit a claim, you can do so by visiting the website at www.zoommeetingsclassaction.com once it goes online.
In reaching the settlement, Zoom did not admit any wrongdoing.
Updated Zoom privacy statement as of June 4, 2021
Zoom, an online conference service, has “changed from a mostly enterprise-focused platform to one that is being utilised broadly by individuals,” therefore the company saw the need to issue a “simpler, clearer” privacy policy in the wake of the COVID-19 outbreak.
Zoom’s amended privacy policy provides more information about the types of data it collects from users’ devices, as well as who can “view, save, and share” meeting content.
Zoom has changed their privacy “statement,” which you can read in its entirety here.
The Zoom will begin rolling out its new privacy notifications on May 1, 2021.1
Zoom revealed in a blog post that it has updated its desktop client software to include privacy notifications.
“Users will get new in-product notifications meant to make it easier to understand who can see, save, and share their material and information when they attend meetings and experiences hosted on Zoom,” the post explains.
The alerts are accessible via a link titled “Who can read your messages?” located in the meeting chat window. If you point and click on it, a little bubble will appear with the solution.
The blog post explains that “users will find similar information when using other meeting tools, such as transcription, polling, and Q&A.”
It was also mentioned that in the future upgrades, participants and meeting hosts would receive alerts whenever a Zoom transcription or scheduling app was used.
On April 8th, 2021, hackers exploited a vulnerability in Zoom that allowed them to take control of users’ computers.
During the Pwn2Own competition, two researchers exploited at least one previously undiscovered vulnerability in the Zoom desktop programme to remotely take control of Windows and Mac computers.
As luck would have it, only the two researchers and Zoom itself fully understand how this vulnerability works, and the company is already hard at work developing a solution. It’s unlikely that this attack will be utilised “in the wild,” but until it’s rectified, it’s best to use the Zoom browser interface while holding meetings.
As of Monday, March 19, 2021, a security flaw allows users of Zoom to inappropriately observe one another.
During a Zoom meeting, attendees can share their entire screens, a portion of their screens, or even just a window from an application with other attendees.
Two German researchers found that even if the Zoom user sharing the screen just wants a portion of the screen to be seen, it is possible that the full screen will be visible for a split second. If anyone in the meeting records it, they will be able to pause it at any time and see critical material.
As of this writing, the vulnerability was still present in the most recent version of the Zoom desktop client software for at least Windows and Linux, despite Zoom’s assurances that it was working to address the problem.
Zoom’s Keybase encrypted chat resolves a critical security issue as of February 23, 2021.
In May 2023, Zoom acquired Keybase, an encrypted social media verification system and chat app with a severe issue that prevented photographs from being removed from web directories after the user had deleted them.
Zoom was made aware of the vulnerability in early January 2021, and an upgrade to Keybase was rolled out later that month to address it.
A study published on February 8, 2021, found that efforts to curb Zoom-bombing typically failed.
Attempts to prevent “Zoom bombing,” such as restricting passwords or forcing attendees to wait in “waiting rooms,” are generally ineffective, according to a new study undertaken by researchers at Boston University and Binghamton University.
This is due to the fact that many attacks are carried out by “insiders,” or people who have been granted permission to attend the meetings.
According to the report, “A First Look at Zoombombing,” “our findings indicate that the vast majority of demands for Zoom bombing are made by insiders who have lawful access to these sessions, mainly students in high school and college classrooms.”
The study suggests that the “sole effective defence” against such insider attacks is to develop “unique join links for each participant.”
January 29, 2021: The City Council debates banning Zoom-bombing.
The city of Juneau, Alaska is looking for ways to ban the use of Zoom-bombing during municipal assembly meetings because to the widespread problem it has become.
In an interview with a local radio station, city attorney Rob Palmer was quoted as saying, “We’ve had a few at the assembly level, we’ve had a few at the school-board level, and we’ve had a few in certain committee board time sessions.” Alaskan capital police have struggled to identify and apprehend the Zoom bombs, according to KTOO. By declaring it a crime, the city seeks to coerce Zoom into giving up information that might help identify the digital offenders.
Dec. 21, 2023: CEO of Zoom allegedly a Chinese spy
In a surprise revelation, the U.S. Department of Justice claimed it had obtained an arrest warrant for former Zoom official Jin Xinjiang, aka Julien Jin, who until recently had functioned as the link between Zoom and the Chinese government.
The United States claimed that Jin had used his position to tell the Chinese government about Zoom users and Zoom meetings, as well as to disrupt and terminate Zoom meetings held by Zoom users in the United States to commemorate the anniversary of the 1989 Tiananmen Square massacre. Jin is thought to be residing in China.
To “fabricate evidence that the hosts and participants in the meetings to commemorate the Tiananmen Square massacre were supporting terrorist organisations, inciting violence, or distributing child pornography,” Jin allegedly had help from unnamed co-conspirators who created fake email accounts and Zoom accounts in the names of known Chinese dissidents.
The Justice Department claims that the Chinese government retaliated against Zoom users in China or the Chinese-resident families of Zoom users based on information given by Jin.
In a blog post, Zoom confirmed that it was the company and that it had been conducting its own investigation after receiving a subpoena from the U.S. government in June 2023; the DoJ notice and the arrest warrant both refer to an unknown “Company-1” as Jin’s employer.
According to the post’s explanation, Zoom hired Jin in October 2023 as part of a deal with the Chinese government, which “shut off our service in China without warning” in September 2023.
To get Zoom up and running again in China, the company had to hire “an in-house contact for law enforcement inquiries” (Jin) and relocate user data related to Chinese users to servers in China. The Department of Justice issued an arrest order for Jin in 2023, a year after Zoom service was restored in China in November 2023.
While investigating the matter, Zoom found that the former employee “attempted to overcome various internal access safeguards,” which is a clear violation of company policy. We are no longer employing this person.
It was confirmed by Zoom that CEO Jin “shared or directed the sharing of a small amount of individual user data with Chinese authorities,” and that “less than ten… non-China-based individuals” had also had their data transferred to China.
Phishing scams via Zoom on December 7th, 2023
According to Threatpost, the Better Business Bureau has issued a warning to Zoom users about phishing emails and text messages intended to obtain login credentials.
Whether you’ve “missed a meeting” or “your Zoom account has been suspended,” you’ll receive an email with a link to get back in. Don’t get tricked into logging in; it’s a phishing attempt designed to steal your Zoom credentials.
As of the 16th of November, 2023, Zoom will finally be busting up Zoom-bombing.
Zoom bombing, in which unwanted users join a meeting without permission, is one of the platform’s most pressing issues. The problem has been addressed by two new additions to Zoom’s arsenal that came out over the weekend.
With “Suspend Participant Activities,” the meeting host can temporarily halt the gathering to remove any disruptive attendees. The other, “Report by Participants,” allows meeting attendees to report disruptive attendees instead of only the meeting hosts.
The FTC accuses Zoom of making false claims about the safety of their platform on November 10, 2023.
Zoom “misled users” and “engaged in a series of misleading and unfair activities,” the FTC said of the company’s security. The FTC pointed to Zoom’s unauthorised software installations on Macs in 2023 and 2023, as well as the phoney end-to-end encryption found in March.
Zoom is required to create a vulnerability-management programme and submit to internal and external security reviews on an annual and biannual basis, respectively. In addition, it was required that Zoom provide multi-factor authentication for its users, which it does.
In-depth monitoring of each every keystroke will be possible as of November 6, 2023.
During a Zoom call, researchers from the states of Texas and Oklahoma found that it was feasible to deduce the content of the call by observing the caller’s shoulders and arms.
Depending on camera resolution and whether or not the subject was wearing a sleeved shirt or had long hair, the research team was able to crack people’s passwords using a computer up to 75% of the time.
According to the study authors, this may be accomplished through the use of any video conferencing software, as well as through the viewing of online videos or the use of streaming software like Twitch.
In 2023, end-to-end encryption will be implemented on October 27.
After some delays, Zoom’s end-to-end encryption feature became available, however it still lacks iOS support until Apple gives the app the go light. We’ve included detailed instructions on how to activate end-to-end encryption in your Zoom sessions.
On October 15, 2023, full encryption will be implemented.
After months of radio silence, Zoom finally revealed that its long-awaited end-to-end encryption would soon be ready for beta testing.
An update to the Zoom client application is planned for the third week of October. Hosts can choose to use end-to-end encryption for their Zoom meetings. Users attempting to join those meetings via the web browser interface or the phone will be unable to do so (at least for the time being).
Until July 31, 2023, anyone might have joined a public meeting thanks to a security weakness.
If you remember that in April of 2023, the Zoom web interface was down for a few days, we now know why: Company officials were working to patch a critical security hole that allowed unauthorised users to join otherwise secure Zoom conferences.
This week, British security researcher Tom Anthony wrote on his blog about his discovery that the 6-digit PINs Zoom assigns to private meetings are easily guessable through random trial and error. A human would find it daunting, but a reasonably powerful computer with numerous threads will breeze through the million options in no time.
In roughly half an hour, Anthony learned how to join in on Zoom conferences. That is much before the end of most sessions.
No longer do you have to be concerned about this particular vector of Zoom bombing as the issue has been patched.
ISSUE RESOLVED.
Remote control vulnerability, July 10, 2023
A security researcher who asked to remain anonymous discovered a major hole in the Windows client software for Zoom meetings that might allow an attacker to gain complete control of a computer running Windows 7 or earlier. As soon as word of the bug spread, Zoom issued a patch.
ISSUE RESOLVED.
Zoom has given in to the pressure, and as of June 17th, 2023
All users will have access to end-to-end encryption. Zoom reversed course on June 17 and said that its forthcoming end-to-end encryption (E2E) would be available to all customers, not only paying ones, in response to persistent criticism from privacy groups. End-to-end encryption would also be made available to the millions of people who use Zoom for free for academic, social, and professional purposes.
“We have discovered a road ahead that balances the legitimate right of all users to privacy and the safety of users on our platform,” CEO Eric S. Yuan wrote in an open letter to the company’s users. While still able to prevent and combat misuse on the platform, “this will allow us to provide E2EE as an advanced add-on option for all of our users throughout the globe, free and paid.”
On the other hand, if you’re a free user who needs E2E, you’ll have to use a one-time password or other identity verification service before you can utilize Zoom. With this change, “zoom bombing” meetings will be more challenging.
Yuan pointed out that when the E2E encryption is turned on, no one can join a conference via phone or with certain types of workplace teleconferencing equipment, thus it will remain an optional feature. Whether or not E2E is used in a meeting will be at the discretion of the hosts.
Control of the Press on June 12, 2023
After caving to Chinese government pressure, Zoom temporarily suspended the accounts of three Chinese dissidents who were hosting open meetings commemorating the June 4 anniversary of the Tiananmen Square massacre. This has gotten Zoom into hot water in the United States over free speech and censorship.
In a blog post published on June 11th
The firm expressed regret for its actions and promised to find a solution to prevent users in specific countries (such as China) from joining meetings without cancelling them outright.
But it didn’t satisfy the more than a dozen Democratic and Republican lawmakers who wrote to Zoom CEO Eric S. Yuan, who was born in China, to inquire about the company’s relationship with the Chinese government.
June 4, 2023: Cisco It turns out that Talos found two major issues with Zoom.
Talos, a Cisco-owned cybersecurity outfit, disclosed on June 3 that it has discovered and patched two critical vulnerabilities in Zoom client applications.
The first vulnerability would have allowed an attacker to install malware on other people’s computers via the Zoom client software by using a specially crafted animated GIF in a Zoom meeting chat, or, as Talos puts it, “achieving arbitrary code execution.”
The second vulnerability is also related to the chat feature of Zoom meeting client software, and it might have just as catastrophic of an effect. There was an issue because Zoom did not check the integrity of zip files before they were shared.
An adversary may have transferred malware to a victim by zipping up a file and sending it to them in a Zoom meeting’s chat. The victim’s Zoom client would then save and open the file within the Zoom application’s directory.
What’s more, if the user saves the Zoom zipped file somewhere else on the computer, such the desktop, the attacker can send a modified version of the original file with the same name.
The malware could “plant binaries at almost arbitrary paths and… potentially overwrite important files and lead to arbitrary code execution” because Zoom would automatically launch the updated version (but not the original) on Monday, June 1, 2023. This would limit access to end-to-end encryption to paying customers.
According to a May 7 announcement by Zoom, the forthcoming end-to-end encryption feature would only be available to paying customers. The end-to-end encryption is currently only available to businesses, but well-known information-security expert Alex Stamos, who is consulting Zoom on security matters, told Reuters last week that educational institutions and other non-profit organisations may also be eligible to receive the feature.
Stamos told Reuters, “The CEO is looking at several arguments.” “At this time, we are focusing on our existing base of paying clients and on enterprise accounts where we have a good handle on the client.”
There will be a security update on May 27, 2023.
In a blog post on May 26th, Zoom stated that all Zoom Rooms administrators would be required to install a software upgrade by May 30th.
To “meet the minimal requirements of version 5.0 or greater for GCM encryption, which will be enabled and required for all meetings on May 30,” Zoom said, “updating to Zoom 5.0 will provide more security and privacy host controls.”
Zoom client software version 5.0 upgrades were released at the end of April for Windows, Mac, Android, iOS, Chrome OS, Amazon Fire, and Linux.
Untrustworthy Zoom installers on May 21, 2023
Researchers from Trend Micro discovered two further instances of compromised Zoom installation packages.
The first one allows access to the infected computer, while the second one spies on the user by taking screenshots, logging keystrokes, and taking over the webcam. Both of these programmes then add the infected computer to the Devil Shadow botnet.
They both install the Zoom client without the user’s knowledge. In the same way as before, you can download the Zoom client directly from Zoom.us, or use your browser to attend a Zoom conference.
Outages following a server-side update, scheduled for May 18th, 2023
Thousands of users in the United States and United Kingdom were unable to access Zoom on Sunday, May 17 due to a mysterious outage. Online worship services in both countries were disrupted by the outage, which began early on Sunday morning U.K. time and continued for several hours. Reporters were unable to ask questions during the daily British government coronavirus briefing because of the outage.
According to a number of Twitter posts, users who logged out of their Zoom accounts and back in again were able to access the service without incident.
The outage started a few hours after a backend update was recorded on Zoom’s status page on Sunday morning, but there appeared to be no connection between the two.
According to the Zoom status page, the company was “trying to identify the root cause and scope of this issue” at the time, adding that the outages “appear to be limited to a subset of users.” A few hours later, the issue was mysteriously proclaimed “fixed.”
Impersonating a domain on May 12th, 2023
Researchers at the Israeli security firm Check Point have found evidence that hundreds of new Zoom-related internet addresses have been established in the past few weeks.
Many of these domains are being used in phishing attacks to steal users’ login information for the video conferencing service Zoom, and similar frauds are using Google Meet and Microsoft Teams.
The weekend before last, cyber vandals took over the Zoom video feed of Oklahoma City University’s commencement ceremony, replacing it with racist rhetoric and imagery. It was unclear whether this was the result of a typical Zoom-bombing or whether the attackers had resorted to some other, less common tactic to interrupt the video broadcast.
Zoom will stop allowing free accounts to make tech support calls as of May 8, 2023.
Zoom declared on May 7 that, due to a high volume of calls, only “owners and administrators” of paying accounts will receive priority for technical help.
That is to say, neither end users of paid accounts nor the owners or administrators of free accounts will be eligible for human assistance from Zoom. A selection of frequently asked questions and tutorials can be found on Zoom’s help page instead.
This provision will take effect during the months of May and June of 2023.
Zoom would need to add to its tech support team if the coronavirus shutdown lasts much longer than expected.
As of the 7th of May, 2023, Zoom has committed to improving security in accordance with An inquiry of Zoom’s security and privacy practises resulted in an agreement between the office of New York State Attorney General Letitia James and Zoom on May 7.
The agreement does not have a great deal of novel terms. The New York Attorney General’s primary concerns about Zoom are detailed here. Zoom already enforces passwords and is upgrading its encryption, two of the conditions it agreed to.
In the long run, Zoom has to perform annual penetration-testing operations in which paid hackers try to breach the company’s defences and undertake regular code reviews.
Only two of the new features will have an immediate impact on shoppers. Automatically resetting compromised passwords and limiting automated password-stuffing attempts are two ways Zoom may improve password security.
In addition, it must revise its Acceptable Use policies to prohibit “abusive conduct,” defined as “hate toward others based on race, religion, ethnicity, national origin, gender, or sexual orientation.”
Considering how commonplace these guidelines are at other internet businesses, we were astonished to see that Zoom did not previously adhere to them.
On May 7th, 2023, Zoom will have acquired an encryption company.
In order to achieve full end-to-end encryption for Zoom meetings as soon as possible, Zoom CEO Eric S. Yuan announced that the company would be acquiring the small New York City startup Keybase. There was no mention of the price or any other parameters of the deal.
Keybase is a company that develops user-friendly software to encrypt messages and social media posts.
Zoom admitted in March that its “end-to-end” encryption was a sham because Zoom’s own servers could always view meeting content. With Keybase’s technology, though, that won’t always be the case.
Waiting areas and meeting passwords will be activated by default on May 6, 2023.
As of May 9, all Zoom meetings, free and paid, will necessitate meeting passwords and waiting rooms. By default, only hosts will be allowed to share their screens with guests, however this can be adjusted along with the other options.
On May 5th, Zoom CEO Yuan talks about safety and citizenship.
The significant surge in Zoom usage since the start of the coronavirus lockdown has been “difficult,” according to Zoom CEO Eric S. Yuan, but it has also created “opportunity for us to drive meaningful change and progress,” as he wrote in a company blog post.
When asked about the lack of pre-configured security features for new customers, Yuan stated, “we failed to set pre-configured security features for our new clients, especially for schools.” This was in reference to meeting passwords and waiting rooms.
Consequently, “uninvited, offensive, and sometimes downright terrible people disrupt meetings,” Yuan wrote. (Last week, someone like this disrupted a Zoom conference in the Bay Area about sexual abuse.) Concerning speculation that he and Zoom have Chinese ties, Yuan cleared the air. He claimed to have been a resident of the United States since 1997 and to have become a citizen in 2007; furthermore, he claimed that Zoom was an entirely American enterprise.
Zoom, like many other global technology firms, “has operations and workers in China…. operated by subsidiaries of the U.S. parent business,” Yuan explained. Similar to our U.S. competitors, we have a physical presence and staff in China.
In addition, Yuan stated, “We have 1 (one) co-located data centre in China [that is] run by a leading Australian company and is geofenced.” “Its primary purpose is to accommodate the needs of our Fortune 500 clients who have operations or customers in China and who seek to make use of our platform to make contact with said clients and consumers.”
Conferencing eavesdropping on Zoom calls on May 4, 2023
After being detected infiltrating the Zoom meetings of competing London publications, a reporter for the Financial Times resigned.
Mark Di Stefano resigned through Twitter after The Independent reported that Di Stefano had attended a discussion about layoffs and pay cuts for Independent employees last week, first under his own identity and then anonymously.
Soon later, Di Stefano’s piece on layoffs at The Independent ran in the Financial Times. According to The Independent, Di Stefano indicated that his information came from “people on the call.”
The Independent discovered that Di Stefano’s mobile device had been used to join a Zoom meeting at rival London publication Evening Standard. After the discussion, an article appeared in the Financial Times discussing layoffs and wage reduction at the Evening Standard.
May 1, 2023: There are vulnerabilities in competing videoconferencing software.
Consumer Reports claimed in a blog post that Zoom isn’t the only video-conferencing service with problematic privacy standards. Google’s Duo, Meet, and Hangouts, as well as Cisco Webex and Microsoft’s Teams and Skype, provide this feature.
The films might be used for things like training facial recognition systems, and all three companies “can collect data while you’re in a videoconference,” according to Consumer Reports.
According to Consumer Reports, it’s important to be aware that the host or another attendee could be secretly recording your video conference.
Video conferences were also advised to be joined by telephone, account creation avoided if at all feasible, and “burner” email addresses employed instead.
April 30, 2023: On April 30—the same day that its stock began trading on the NASDAQ 100—Zoom was found lying again.
Zoom clarified in a blog post last week that it did not recently peak at 300 million daily users after being pressed by writers at The Verge.
Instead, 300 million users were using Zoom at its daily peak “participants.
One “participant” is defined as someone who attends at least one Zoom meeting every day “often; always; each time.
Zoom claimed in a statement to The Verge, “We unintentionally referred to these participants as ‘users’ and ‘people. To quote the company’s CEO: “This was an honest mistake.”
How many people use Zoom on a daily basis now? The firm is remaining silent.
Another round of infected Zoom installers is expected on April 30, 2023.
Another Zoom installer file was discovered by Trend Micro to be infected with malware.
In this example, the spyware in question can collect diagnostic data about the machine it’s running on, activate the webcam, take screenshots, record keystrokes, and more. In addition, a fully functional version of the Zoom desktop client is installed.
The Trend Micro team wrote in a blog post that consumers wouldn’t be suspicious because the system downloaded a valid version of the Zoom programme (4.6). “However, it is too late; the system has been breached.”
Zoom may be used without installing any additional software on your computer. You should only download this programme from the official website, which may be found at https://zoom.us/download.
On April 29, 2023, international hackers will focus on the Zoom platform.
The Department of Homeland Security has reportedly informed U.S. government entities and law enforcement agencies that Zoom is a prime target for foreign spies, particularly Chinese intelligence operations, as reported by ABC News. “Zoom’s unexpected tremendous growth and utilisation across both public and private sector sectors combined with its publicly publicised cybersecurity concerns provides a weak, target-rich environment,” the DHS intelligence analysis purportedly claims. Zoom’s use comes with potential risks that should be assessed by any company using it or thinking about doing so.
Any kind of internet-based communication that experienced such a dramatic surge in usage would be of interest to foreign spies. Despite this, the DHS study singled out China as a possible security threat to Zoom due to the company’s large number of local employees there.
According to the DHS investigation, as reported by ABC News, “Beijing’s unique positioned to target U.S. public and private sector users due to China’s access to Zoom servers.”
However, as of this past week, Zoom has allowed paying meeting hosts the option to bypass Zoom servers in specified locations, such as China and North America. To keep costs low, Zoom only allows unpaid hosts to connect to servers in their own countries.
According to a Zoom representative who talked with ABC News, the DHS assessment was “heavily incorrect” and full of “blatant errors.”
Is Zoom more secure than Apple FaceTime as of April 28, 2023?
Zoom’s privacy and security standards and practises are superior to Apple FaceTime, according to a recent analysis from Mozilla, the non-profit manufacturer of the Firefox web browser.
According to the survey, Zoom is on par with Skype, Signal, Bluejeans, and Google’s Duo, Hangouts, and Meet when it comes to security and privacy (each receiving a perfect 5/5).
Since Apple’s video calling service doesn’t need a separate login, FaceTime only received 4.5 stars.
The April 28, 2023, Zoom phishing scam targets those who are hesitant to work from home.
During the coronavirus lockdown, a new Zoom phishing scam is guaranteed to catch the eye of anyone working from home.
The message appears to have come from the human resources department at your company and invites you to a Zoom meeting that will begin in a few minutes to discuss the possibility of your termination.
When you click the meeting invitation link in the email, you’ll be directed to a login page that looks almost like to the real Zoom login page. In other words, it’s not real. If you provide your login information, the bad guys will be able to use your Zoom account for their own purposes.
It’s official: Zoom 5.0 was published on April 27, 2023.
The long-awaited release of Zoom’s meeting-client software, version 5.0, was announced last week. Check out our handy tutorial below to learn all about the new Zoom 5.0 release.
For iOS, the update has not been released yet because Apple must first approve the software before it can be installed. There was no sign of it in the Google Play app store as of Monday afternoon (April 27) Eastern time, but we expect to see it there soon.
April 24, 2023: Zoom has declared its inclusion in the NASDAQ 100 Index.
Shares of Zoom Inc. continued their upward trend. Zoom was added to the NASDAQ 100 index (opens in new tab) on Thursday, April 30 after the NASDAQ stock exchange announced the addition on Friday.
When the coronavirus outbreak hit, many people stayed home, which was great for one company. If Zoom’s daily traffic hadn’t increased from 10 million users in December 2023 to 300 million users in mid-April, the company’s inclusion in the NASDAQ 100 seems unlikely.
Also Read:
Samsung Galaxy S23 Ultra Zoom Camera Likely to be Upgraded
iPhone 15 Pro With USB-C and Periscope Zoom Camera
Detailed Study About How to Record Zoom Meeting
Samsung announces one UI5 beta challenge program for select users
Date of Zoom 5.0’s Announcement: April 22, 2023
Zoom announced the release of version 5.0 of their desktop software for Windows, Mac, and Linux in a somewhat deceptive press release/blog post.
Many of the latest web interface security updates for Zoom will be implemented in the new version, Zoom security flaw update, such as the option to ban Zoom bombers from meetings, the ability to prevent meeting data from passing through China, and a “waiting room” for attendees. It improves Zoom meetings’ encryption and includes a security icon for the host screen.
We looked into the Zoom revision histories, and the update won’t be released until Sunday, April 26.
April 22, 2023: Using bogus versions of the Zoom client software to steal data
Researchers at Cisco Talos found that the meeting chat feature of Zoom made it too simple for outsiders to identify all Zoom users at a given firm.
In a blog post, Cisco Talos detailed how an attacker with a Zoom account could impersonate an employee of any company and obtain the full names and chat IDs of all Zoom users whose email addresses originated from that company’s domain.
You wouldn’t need to prove your employment status, and you wouldn’t even have to be in a Zoom meeting to access the data.
Based on such data, an attacker “might be exploited to divulge further contact information like the user’s email address, phone number, and any other information that is contained in their vCard,” as Cisco Talos put it.
“This vulnerability might be used by a spear-phishing attack against known personnel within an organisation in order to leak the email addresses of all the Zoom users within the organisation,” the Cisco Talos article said. Them who have lately had to install new software to set up remote working may be especially vulnerable to socially-engineered emails that appear to encourage users to install a new or updated trojan horse “Zoom client.”
In any case, Zoom has resolved the problem, which originated on their server.
ISSUE RESOLVED.
To be updated on or around April 21, 2023
Zoom announced in a blog post on April 20 that the feature to prevent calls from being routed to particular countries is now available. This will allow Zoom conference organisers to bypass Zoom servers in China, the United States, and seven other regions and nations when transmitting meeting data.
Meeting attendees’ email addresses and phone numbers will no longer be visible to other attendees thanks to an update to the Zoom web interface released on April 19. The ability to conduct a name search for people Zoom security flaw update who use the same email domain as you has also been removed.
Dropbox launched its own bug bounty programme for Zoom on April 20, 2023
According to The New York Times, in 2023, Dropbox developed its own covert bug-bounty programme for vulnerabilities in Zoom due to executive concerns over the platform’s security.
In other words, Dropbox offered rewards to hackers who discovered flaws in Zoom’s security. (Employees at Dropbox made heavy use of Zoom, and the company even invested in the company.) According to the Times, Dropbox would verify the issues and then relay that information to Zoom so that Zoom could address them.
April 17, 2023: Locating past Zoom meetings already recorded online is a breeze (part 2)
A security researcher informed Cnet that online recordings of Zoom meetings have a predictable URL structure, making them easy to identify. This is because the recordings are stored on Zoom’s cloud servers, where they are easily identified and frequently watched. Zoom security flaw update, (The Washington Post discussed a similar problem involving user-uploaded Zoom footage to external cloud servers last week. Those recorded meetings typically had consistent naming conventions for their audio files.
There was no need to encrypt Zoom meeting recordings with a password before the company released a batch of changes this past Tuesday.
Guimond created a straightforward programme that actively seeks out and attempts to play back recorded Zoom meetings.
If a meeting requires a password, his programme will try millions of combinations to break in. If an attacker has access to a meeting recording, they may also have access to the Zoom meeting ID and any subsequent scheduled meetings.
Zoom implemented a Captcha challenge to thwart Guimond’s bot, requiring the would-be meeting recording viewer to verify they are human. But, as Guimond pointed out, Zoom security flaw update, the URL pattern is still the same, so attackers might try to access each generated result by hand.
We’ve put up certain safeguards to make it harder for attackers to succeed, but the problem isn’t entirely solved.
Zoom updates their bug bounty programme on April 16, 2023
Zoom has hired Luta Security, a consulting business led by Katie Moussouris, to update its “bug bounty” programme, in which hackers are compensated for discovering security holes in the company’s software.
Moussouris established the first known bug-bounty programmes at Microsoft and the Department of Defense. Taking to her own blog, she said that Zoom has hired more top-tier information security organisations and researchers to bolster its defences.
According to ZDNet, Zoom announced in its weekly webinar that it will allow meeting hosts to report abusive users and that, after hiring security consultant Alex Stamos to address concerns about Zoom’s encryption, the company would move to a more secure encryption standard.
A congressional briefing was scheduled for April 3 via Zoom, and one lawmaker claims it was “zoom-bombed” at least three times.
A bank official has issued a warning about the perils of holding meetings over the internet on April 15 of that year.
The CEO of London-based multinational bank Standard Chartered reportedly cautioned staff against using Zoom or Google Hangouts for remote meetings due to security concerns.
Two anonymous bank employees said that Standard Chartered predominantly used the competing Blue Jeans video-conferencing programme. Zoom security flaw update
Standard Chartered settled with British and American authorities for $1.1 billion last year after admitting it had broken trade prohibitions against Iran.
Zoom zero-day exploits will be available for purchase on April 15, 2023, for a price of $500,000.
According to Vice, hackers are reportedly selling two “zero-day” bugs in Zoom.
Zero-day exploits are security holes in software that neither the developer nor the end users are aware of.
Vice was informed by sources that one of the zero-days is a Windows exploit that gives an attacker complete control of a victim’s computer from a distance. The only catch is that both parties must be participating in the same Zoom call at the same time. Priced at $500,000, it is currently on the market.
“I assume it’s just kids who hope to create a bang,” one anonymous insider told Vice.
The other 0day is supposedly less severe and only affects macOS.
Presently, it does not appear to be fixed.
April 14, 2023: Users who pay for the service are given the option of selecting their data region.
Paid Zoom customers have the option of routing their data through servers located in Australia, Canada, China, Europe, India, Japan/Hong Kong, Latin America, or the United States, as revealed on April 13.
This is in response to news that, in early April, Zoom security flaw update, Zoom revealed that traffic from many U.S.-based meetings had been routed through servers in China, which has the legal power to monitor any activity on a U.S.-based server without a warrant.
Zoom’s free service users’ information will only be stored and processed on servers located in their respective areas.
Zoom’s paying web-based users (as opposed to those who utilise the desktop app) now have access to this feature. On April 26, you’ll be able to download the desktop version of Zoom for Windows, Mac, and Linux.