Tag Archive for: Zoom

Iranian Cyberspy Caught on Zoom Trying to Hack U.S. Target

/in


iran hacker video phishing attempt iran-hacker-video.jpg - Credit: Adobe Stock

iran hacker video phishing attempt iran-hacker-video.jpg – Credit: Adobe Stock

Last month, a U.S. academic logged into a Zoom meeting with “Samuel Valable.” The academic had heard from “Valable” via a LinkedIn account, suggesting the two meet. When the academic logged on, the figure on the other end came through in grainy stills, blaming a bad internet connection for his lack of live footage. Midway through the conversation, he dropped what appeared to be a Google Books link into the Zoom chat. “This is the book that I use as my main material. It’s down here. I sent it in the little chat box,” says “Valable” in the video as a web link with the name “googlebook” appears in the Zoom chat window.

The academic became suspicious, and thanks to some quick thinking — and with the help of a group of cybersecurity researchers — they’ve captured the first-known public live action-recording of an Iranian cyber-spy at work.

More from Rolling Stone

The real Samuel Valable, a French biologist, was nowhere near the Zoom call. Instead, the academic was Zooming with a member of “Charming Kitten,” a cybersecurity industry nickname for a group of hackers affiliated with Iran’s Islamic Revolutionary Guard Corps intelligence organization. And the “Google Book” link was actually a phishing link designed to trick users into “signing in” to a real-looking Google Accounts page and steal their password.

The U.S. academic — who shared the story on the condition of anonymity — wasn’t fooled. Instead, they recorded the call and sent it to the Computer Emergency Response Team in Farsi (CERTFA), a cybersecurity research group that tracks Iranian hackers. The fake links used by the hackers pointed to infrastructure previously used by and attributed to Charming Kitten.   

Live action role playing by a trained, english-speaking impersonator over Zoom represents the next phase of an evolving Iranian hacking campaign. The “Distinguished Impersonator” tactic —  first identified by CERTFA  — moves past traditional tricks like phishing emails and instead present targets with a more reassuring lure—a talking, seemingly authentic representation of a trusted public…

Source…

Mac users urged to update Zoom, after security patch released for previously-flawed security patch

/in


Zoom users on macOS are being told once again to update their copy of the video-conferencing software after a security hole was found that could be exploited by hackers.

At Defcon earlier this month, Mac security expert Patrick Wardle demonstrated a vulnerability in Zoom for macOS’s auto-update feature  that could allow an attacker to “trivially escalate their privileges to root.”

Wardle found a method by which malicious hackers could trick Zoom’s auto-update feature into downgrading the software to an earlier (and hence less-secure) version of Zoom, or even install an entirely different program in its place – with root access to the entire Mac computer.

To its credit, Zoom issued a security update in response to Wardle’s findings – and told Mac users to update their systems to Zoom version 5.11.5.

Wardle posted on Twitter that he was impressed with Zoom’s “(incredibly) quick fix.”

However, it has since turned out that Zoom’s initial fix to the security vulnerability was not good enough.

Another Mac security researcher, Csaba Fitzl, looked at Zoom’s patch and found it was incomplete, allowing him to bypass the fix and still exploit the vulnerability. And if a security researcher like Fitzl can find a way to exploit a weakness in Zoom’s security patch, so could a malicious hacker.

This, of course, has meant that Zoom has had to release a security patch for its previous (flawed) security patch.

As you can see on Zoom’s list of security bulletins, the fixes came in quick succession.

Zoom users on macOS would be wise to update their client to version 5.11.6 or later immediately.  I wouldn’t recommend waiting for the auto-update feature to decide to look for an update.  Instead, initiate a manual update by choosing the “Check for Updates…” menu option within Zoom.

The latest version of Zoom (containing all the current security updates) is also available from Zoom’s website at https://zoom.us/download

Source…

Mac users, update your Zoom app to avoid hackers

/in


If you are a Mac user and use Zoom for work meetings or calls, or to log in to watch lectures or seminars with your friends and family, you need to update your software right away.  While at the DEF CON hacking conference last week,  Mac security specialist Patrick Wardle, presented a bug in the Zoom app that makes its people susceptible to hacking.

How this Zoom bug can hurt you if left uncorrected

This app weakness could allow hackers to take control of your entire operating system through the app’s installer program.  Once you enter your password to update the program, it gives an attacker the ability to insert any malware program through the update and gain high-level access to your operating system.  Once Zoom developers were alerted, they acted swiftly to resolve the issue.

How To Update Zoom

Developers have released a new version of Zoom to resolve the problem. Update to version 5.11.5 of the Zoom app for MacOS to avoid hacking.

  1. Open the ‘Zoom’ app
  2. Select the ‘Settings’ tool
  3. Click ‘Check for Updates’
  4. Select ‘Update’ when the prompted window opens and the update will begin.

If you are on Windows, in case you haven’t updated your app in a while, let this be a gentle reminder to make sure your app is also updated by also following the steps above.

How to always protect your devices

If you rarely update your software, make sure your devices are always protected against malware that can come in any form, whether it’s via Zoom chat, email, or any other way a hacker might attack.  We’ve broken down the top antivirus programs for 2022 and our top antivirus pick is TotalAV, which offers a Total Security package that has real-time monitoring and will keep your devices virus-free.

Exclusive CyberGuy Back to School deal: $14.95 your first year (85% off)

 

Related:

Print Friendly, PDF & Email

Source…

Hackers Could Take Over Your Mac via Zoom

/in


Zoom has just patched a macOS bug that allowed hackers to take control of a given device’s operating system through the platform, according to a security researcher.

However, users who have not updated their software could still be at risk of having their macs infiltrated.

Since the pandemic, companies across the globe have turned to Zoom to facilitate collaboration in remote working environments, with its 300 million-strong active user base an appealing target for hackers.

macOS users with the Zoom client installed have been advised by the company to update their systems as soon as possible.

Security Issues Escalate Quickly

The flaw in Zoom’s system, tracked as CVE-2022-28756, theoretically allows a hacker to gain control of a computer’s entire operating system, post-exploit.

The issue was discovered by Patrick Wardle of the Objective-See Foundation, a non-profit that creates security tools for devices running macOS. He revealed the existence of the bug to the public at the Def Con hacking conference in Las Vegas last Friday.

The vulnerability stems from the installer for Zoom, which requires users to grant the application an all-access pass for updates, in order to run on a Mac.

The installer asks a user to input their password, when the application is added to a given system. However, after this, it sets the app up to run auto-updates in the background and grants Zoom “superuser” privileges. A superuser is a “root account” on a mac that has access to do whatever it wants to the system.

When an update is rolled out by Zoom, the program checks if the new software has been “signed” cryptographically by the company – but an issue with the updater function’s checking rules has meant that any file with Zoom’s signing certificate as its name will be green-lighted for installation.

According to Wardle, a hacker could easily deceive the Zoom application via the use of that signing certificate and orchestrate a “privilege escalation attack”, whereby a hacker uses a lower-level account to subsequently gain access to an account with system-level privileges.

Zoom’s Sluggish Response

On the surface, you may think a hacking conference is an odd place to first disclose such…

Source…