bug Vulnerability found in zoom app covid-19

Bug Vulnerability found in zoom app 

Due to 'COVID-19 pandemic' world wide Zoom usage increased for working professional and business meetings

zoom has become most useful app that helps to meet their work from home professional commitments.  

Zoom, Video conferencing application is easy to use for online meeting zoom has recently found major

vulnerability which may help hackers to steal users login and password if you are using this app in windows PC / laptop devices. 

Basically it converts windows networking 'UNC (Universal Naming Convention) path injection' this

kind of bug may allow hackers to steal login credential.

As per latest cyber security finding its has been confirm that the attack involves the 'SMBRelay technique' where windows automatically expose a user's login and password to a remote server. 

Recently some major security flaws were discovered in the app, hacker discovered some bug that can take control

over zoom user.

When user try to click on link windows operating system will share the user's login and password although password is 'NTLM hashed' but it can be seen using any password recovery tool such as 'Hashcat' or 'John the Ripper' etc. 

One of the vulnerability may be able to run malware and spyware on the user's computer but the users will 

not be able to know anything about this. 

Another bug allow hackers to handle the microphone and webcam by injecting malicious code into the app this way hacker may inherit all of Zoom access right. 

Zoom users, 3 ‘dangerous’ emails you may get:

Now that "Zoom" has become an integral part of most of the people working
from home, it has also become quite a favourite with cybercriminals. As
per a report by enterprise security company Proofpoint, hackers are trying
to target more than 200 million daily user base of the video conferencing
tool through emails.

The report details that there are primarily three types of emails that Zoom users should look out for.

The first one comes with the subject line “Zoom Account”,

the second one comes with the subject line “Missed Zoom Meeting”,

and the third one “[Company] Meeting cancelled - Could we do a Zoom call?”

If you act on anyone of the above types of email, you will land up into some problem.

Solution:

As zoom has already been informed about this issue to fix it but until it has not been patched, zoom users are advised to either use any other video conferencing software or one can simply switch to web browser based zoom video conferencing interface on your PC laptop.  

Advisory on using Zoom from the Cyber Coordination Centre, Ministry of Home Affairs, Govt. of India.

• 
  

we would like to share with you some additional practices for safe usage of any audio/video calling applications.

1.  While signing up for any audio/video calling applications, we are required to provide our email-id as username and give a password:

Please ensure that the email-id and password that we give on signing up for one account should not be same across any other online account.

For example, the email-id and password given on signing up Free Conference Call /Zoom etc should not be same as in one’s Facebook account etc.

2. Wherever possible, use a different device for running audio/video calling applications, than the one we use for our personal/financial transactions.

3. While closing a meeting, the Hosts to always “End Meeting” rather than selecting the option of “Leave Meeting”.