Expert Comments

Experts Insight On Researchers Discovered Multiple Security Vulnerabilities In Zoom

Expert(s): Security Experts
Expert(s): Security Experts

Cybersecurity researcher Mazin Ahmed discovered Zoom vulnerabilities that allowed data theft and malware deployment. According to findings presented at DEF CON 2020, Zoom left a misconfigured development instance exposed that wasn’t updated since September 2019, indicating the server could be susceptible to flaws that were left unpatched.

Experts Comments

Dot Your Expert Comments
Paul Bischoff
August 12, 2020
Privacy Advocate
Comparitech

Users just need to update their Zoom app to get the latest security patches.
The average Zoom user shouldn't worry too much about these proof-of-concept attacks demonstrated at Defcon. Two of the attacks were against Zoom's Linux client, which accounts for a small percentage of Zoom's total users. They also require the device to have been previously compromised by some other malware. Zoom has since patched these flaws so they never reached zero-day status. Users just need to update their Zoom app to get the latest security patches.
Chris Hauk
August 12, 2020
Consumer Privacy Champion
Pixel Privacy

I believe we will continue to see disclosures such as this in the near future.
The Zoom security flaws are just the latest in an ongoing series of recently discovered flaws leaving users of many apps open to attacks by the bad guys. Luckily, there are white hat cybersecurity researchers like Mazin Ahmed that are working to identify and disclose such security flaws to companies to allow them to plug the holes. I believe we will continue to see disclosures such as this in the near future. As these tools are put to the test by the at-home workforce, both the good guys and.....Read More
The Zoom security flaws are just the latest in an ongoing series of recently discovered flaws leaving users of many apps open to attacks by the bad guys. Luckily, there are white hat cybersecurity researchers like Mazin Ahmed that are working to identify and disclose such security flaws to companies to allow them to plug the holes. I believe we will continue to see disclosures such as this in the near future. As these tools are put to the test by the at-home workforce, both the good guys and the bad guys will step up efforts to discover security issues in apps and services in heavy use by the at-home workforce.  Read Less
Tal Zamir
August 12, 2020
Founder and CTO
Hysolate

Zoom is one of the most popular non-browser apps these days, and its vulnerabilities should be among enterprises’ primary concerns.
Zoom is one of the most popular non-browser apps these days, and its vulnerabilities should be among enterprises’ primary concerns. Unfortunately, we'll see additional such vulnerabilities and subsequent attacks with collaboration tools such as Zoom, Teams, and Slack, as they all have a wide attack surface. To really protect against endpoint threats in a comprehensive way, enterprises should adopt OS isolation techniques that move sensitive enterprise apps, data, and credentials into a.....Read More
Zoom is one of the most popular non-browser apps these days, and its vulnerabilities should be among enterprises’ primary concerns. Unfortunately, we'll see additional such vulnerabilities and subsequent attacks with collaboration tools such as Zoom, Teams, and Slack, as they all have a wide attack surface. To really protect against endpoint threats in a comprehensive way, enterprises should adopt OS isolation techniques that move sensitive enterprise apps, data, and credentials into a separate OS that is isolated from riskier external-facing apps.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Fake Netflix App Allows Hackers to Hijack WhatsApp

Hackers Pretend To Be Your Friend In The Latest WhatsApp...

Millions Of Brits Still Using Pet’s Names As Passwords Despite...

Advertised Sites May Appear Genuine On First Glance

Facebook Ran Ads For Malware-ridden ‘Clubhouse for PC’

Linkedin Data Of 500 Million Users Being Sold Online

Experts Comments On Identity Management Day – Tuesday 13th April

Experts Perspectives On Verizon Mobile Sec Index: WFH The New...

What The Govt Is Missing From Its Recent Cybersecurity Improvement...

Experts Insight On CISA Advisory Regarding Attackers Targeting SAP