Expert Comments

Comment: Zoom Client Leaks Windows Login Credentials To Attackers

Expert(s): Security Experts
Expert(s): Security Experts

The Zoom Windows client is vulnerable to UNC path injection in the client’s chat feature that could allow attackers to steal the Windows credentials of users who click on the link.

When using the Zoom client, meeting participants can communicate with each other by sending text messages through a chat interface.

When sending a chat message, any URLs that are sent are converted into hyperlinks so that other members can click on them to open a web page in their default browser, Bleeping Computer reported.

Experts Comments

Dot Your Expert Comments
Tal Zamir
April 02, 2020
Founder and CTO
Hysolate

Zoom is one of the most popular non-browser apps these days.
Especially in the current situation, enterprises must keep in mind that user devices use a variety of apps that go beyond just email and internet. Zoom is one of the most popular non-browser apps these days, and has new vulnerabilities enterprises should care about. This includes the recently discovered Zoom Client vulnerability that allows a remote attacker on a Zoom call to receive a user's Windows credentials. Unfortunately, we'll see an increase of such attacks on collaboration tools such.....Read More
Especially in the current situation, enterprises must keep in mind that user devices use a variety of apps that go beyond just email and internet. Zoom is one of the most popular non-browser apps these days, and has new vulnerabilities enterprises should care about. This includes the recently discovered Zoom Client vulnerability that allows a remote attacker on a Zoom call to receive a user's Windows credentials. Unfortunately, we'll see an increase of such attacks on collaboration tools such as Zoom, Teams, and Slack, as they all have a wide attack surface. To really protect against endpoint threats in a comprehensive way, enterprises should adopt OS isolation techniques that move sensitive enterprise apps, data, and credentials into a separate OS that is isolated from riskier external-facing apps.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

15 Schools Hit By Cyberattack In Nottinghamshire

Qualys Hit With Ransomware And Customer Invoices Leaked

Experts Reaction On PrismHR Hit By Ransomware Attack

Expert Insight On Ryuk’s Revenge: Infamous Ransomware Is Back And...

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords