Cybersecurity researcher Mazin Ahmed discovered Zoom vulnerabilities that allowed data theft and malware deployment. According to findings presented at DEF CON 2020, Zoom left a misconfigured development instance exposed that wasn’t updated since September 2019, indicating the server could be susceptible to flaws that were left unpatched.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The average Zoom user shouldn\’t worry too much about these proof-of-concept attacks demonstrated at Defcon. Two of the attacks were against Zoom\’s Linux client, which accounts for a small percentage of Zoom\’s total users. They also require the device to have been previously compromised by some other malware. Zoom has since patched these flaws so they never reached zero-day status. Users just need to update their Zoom app to get the latest security patches.
The Zoom security flaws are just the latest in an ongoing series of recently discovered flaws leaving users of many apps open to attacks by the bad guys. Luckily, there are white hat cybersecurity researchers like Mazin Ahmed that are working to identify and disclose such security flaws to companies to allow them to plug the holes.
I believe we will continue to see disclosures such as this in the near future. As these tools are put to the test by the at-home workforce, both the good guys and the bad guys will step up efforts to discover security issues in apps and services in heavy use by the at-home workforce.
Zoom is one of the most popular non-browser apps these days, and its vulnerabilities should be among enterprises’ primary concerns. Unfortunately, we\’ll see additional such vulnerabilities and subsequent attacks with collaboration tools such as Zoom, Teams, and Slack, as they all have a wide attack surface. To really protect against endpoint threats in a comprehensive way, enterprises should adopt OS isolation techniques that move sensitive enterprise apps, data, and credentials into a separate OS that is isolated from riskier external-facing apps.