Tag Archive for: Zoom

Update Zoom to protect your computer against this dangerous flaw

/in


As people have been transitioning to working from home, so have the meetings. Video conferencing has become the norm across many industries.

And many employers are sticking with video calls for job interviews. If you’re not used to communicating through this medium, don’t worry! Tap or click here for tips on rocking your remote interviews.

Zoom is among the most popular video conferencing apps, with millions of people using it daily. So it’s especially dangerous when a security flaw is discovered. We’ll show you how hackers can exploit one recently discovered and what you can do about it.

Security warning

Patrick Wardle, a security researcher and founder of the Objective-See Foundation, reported a flaw in Zoom last week at the Def Con hacker convention.

Wardle discovered a flaw in Zoom for macOS that a cybercriminal can use to take control of your entire operating system. The vulnerability can be found in the Zoom installer through the auto-update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. Attackers can then modify, delete, or add files at their whim.

He tweeted about the issue:

RELATED: Best digital life hacks, credit score danger, new Zoom tricks

Zoom acknowledged the flaw in its security bulletin and confirmed Wardle’s findings. Zoom labeled the flaw CVE-2022-28756 and considers it High in severity. It has released an update for macOS to fix the problem. You need to update to Zoom v5.11.5 to patch it.

To update Zoom, go to zoom.us/download and select the latest patch.

You can also install the update from the app:

  • Open the Zoom app on your Mac and select zoom.us from the menu bar at the top of your screen.
  • Select Check for updates.
  • If one is available, select Update to begin the download.

Keep hackers out with antivirus software

Cyberattacks are on the rise, and the more we rely on our devices for work, school and personal lives, the more we have to lose. Whether it’s bank accounts, personal data, photos or conversations, there’s just so…

Source…

Update Zoom right now, major security flaw patched

/in


Zoom has rushed out an important update for its macOS app, which patches a big security hole. The fix is for the auto-update process, which could let an attacker take over your system.

The issue was first found by a security researcher, Patrick Wardle. A combination of issues adds up to anyone being able to get root (superuser privileges) without a password on a Mac computer.

The attack was interesting enough for Wardle to present at Def Con, one of the premier hacking conferences, in Las Vegas last week. Zoom had already fixed some of the issues before his talk, with the remainder fixed shortly afterward.

Again, if you’re a macOS user who has Zoom installed, go look for an update. The fix is included in version 5.11.5 of the Zoom client.

According to Wardle, who spoke to The Verge last week, he disclosed the bugs to Zoom almost eight months ago. He even told them what needed to be done to fix the issues.

If attackers had wanted, they could have used the privilege escalation in Zoom to do almost anything they wanted on the target Mac. That includes installing more programs, modifying, deleting, or sending data to a remote device.

How to update Zoom

zoom check for updates screen
Image: KnowTechie

You can check to see if any updates are available for Zoom by clicking your profile icon on the app and finding “Check for Updates” in the dropdown list. For additional help, you can watch Zoom’s own video tutorial here.

If you are on any version lower than 5.11.5, it’s time to update. You’ve already been at risk for the best part of a year, don’t let that continue any longer.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Source…

General Motors Announces Data Breach; Zoom Releases Security Patch

/in


Data breaches are not a new occurrence, but if you feel as though they have become much larger in scale over the past couple of years, those feelings are not misguided. According to research conducted by AtlasVPN, around 5.9 billion records were affected by a data breach in 2021, a new record high.

In this week’s BlackCloak Thursday Threat Update, we’ll take a look at a data breach disclosed by General Motors and a security patch recently released by Zoom.

General Motors discloses data breach

What we know: General Motors announced it was the victim of a data breach, as the automotive manufacturer discovered malicious login activity between April 11 and April 29. While details are still unfolding, cybercriminals may have had access to the personal information of GM online and mobile application accounts, including users’ names, home and email addresses, phone numbers, and usernames. General Motors said in its data breach notification letter that cybercriminals were able to login through credentials they gathered from other data breaches not tied to the company.

Recommendation: In order to access an account, GM is requiring all users to reset their passwords. When you do, create a password that is long, complex and is completely unique from all of your other passwords. Since the incident occurred because of compromised credentials from other data breaches, now is a good time to reset the passwords for all of the services you use to ensure they are all completely unique. Be on the lookout for phishing scams as well. While they are commonly conducted via email, cybercriminals can also perform these scams through text messages and phone calls, practices known as “smishing” and “vishing,” respectively.

Zoom releases security patch for ‘zero click’ vulnerability

What we know: Zoom has released a security patch to address a vulnerability affecting Windows, macOS, iOS and Android users. A Google Project Zero security researcher discovered the vulnerability, which can give cybercriminals the ability to compromise a victim’s account through Zoom’s chat functionality without any user interaction. Should a cybercriminal exploit this flaw, they could force the targeted…

Source…

Hackers using Zoom to install malware on your computer and phone

/in



A security flaw in Zoom security allowed hackers to install malware on your computer, Android and iOS devices.

Source…