Smashing Security podcast #205: Zoom password pinching and Parler problems

Watch out for a whole different type of shoulder-surfing, researchers uncover the CostaRicto hackers-for-hire gang, and we take a peek at who is behind Parler.

All this and much more is discussed in the latest edition of the award-winning “Smashing … Continue reading Smashing Security podcast #205: Zoom password pinching and Parler problems

Will Zoom Apps be the next hot startup platform?

When Zoom announced Zapps last month — the name has since been wisely changed to Zoom Apps — VC Twitter immediately began speculating that Zoom could make the leap from successful video conferencing service to becoming a launching pad for startup innovation. It certainly caught the attention of former TechCrunch writer and current investor at […] Continue reading Will Zoom Apps be the next hot startup platform?

Ghost in the machine: Researchers find Webex vulnerabilities allow hidden visitors

Halloween may have been last month, but IBM researchers revealed Wednesday that they discovered a way ghosts could haunt Cisco Webex meetings. The vulnerabilities in the video conferencing platform — since the subject of a Cisco patch — would permit uninvited guests to join a meeting without showing up on the participant list, stay in a meeting even after the host expels them and gather information about other attendees without joining. Unwelcome guests are often more commonly associated with a Webex competitor, Zoom, which led to the coining of the term “Zoombombing” and Zoom wrestling with the problem. But the IBM research shows that with so many meetings happening online during the pandemic, Zoom isn’t alone. Webex registered a record 324 million users in March, and saw usage grow 451% from mid-February to mid-June. IBM Research found that invaders could exploit the “handshake” process whereby Webex connects meeting participants. “A malicious actor […]

The post Ghost in the machine: Researchers find Webex vulnerabilities allow hidden visitors appeared first on CyberScoop.

Continue reading Ghost in the machine: Researchers find Webex vulnerabilities allow hidden visitors

Zoom Takes on Zoom-Bombers Following FTC Settlement

The videoconferencing giant has upped the ante on cybersecurity with three fresh disruption controls. Continue reading Zoom Takes on Zoom-Bombers Following FTC Settlement

Zoom Releases New Security Features to Counter Zoombombing

Zoom released new security features to help its users counter disruptive meeting intrusions, otherwise known as “Zoombombing.” Matt Nagel, security & privacy PR lead at the American communications technology company, announced in a blog post on Nov… Continue reading Zoom Releases New Security Features to Counter Zoombombing

Zoom pushes new tools meant to counter ‘Zoombombing’

Zoom on Monday unveiled a trio of security tools the video conferencing company and its users can deploy to defend against unwelcome intruders who “Zoombomb” meetings. The announcement is the latest in a blitz that began this spring, when Zoom’s daily usage skyrocket at the onset of the coronavirus outbreak, and the company admitted it was caught off guard by the resulting security woes — among them, uninvited users posting offensive materials. Last week, Zoom reached a settlement with the Federal Trade Commission over its encryption claims. The company has since begun rolling out end-to-end encryption for all users. Multiple state attorneys general also had pressed Zoom to do more about Zoombombing. The company reached an agreement with New York in May to increase security. “Suspend Participant Activities,” one of the three tools Zoom detailed in a blog post, allows Zoom hosts to pause meeting functions to report disruptive attendees. Afterward, the host can resume video, audio, screen sharing and other […]

The post Zoom pushes new tools meant to counter ‘Zoombombing’ appeared first on CyberScoop.

Continue reading Zoom pushes new tools meant to counter ‘Zoombombing’

Zoom Control Box Helps Keep Meetings On Track

For many people, the biggest change of 2020 has been adjusting to a glut of online teleconferences as a part of daily working life. [p_leriche] has had to adjust the way church services are conducted, and found managing a complicated streaming meeting setup to be complicated at best. To ease …read more

Continue reading Zoom Control Box Helps Keep Meetings On Track

FTC orders Zoom to enhance security practices

Zoom Video Communications, the maker of the popular Zoom video conferencing solution, has agreed to settle allegations made by the US Federal Trade Commission (FTC) that it “engaged in a series of deceptive and unfair practices that undermined th… Continue reading FTC orders Zoom to enhance security practices

Zoom settles charges with FTC over deceptive security practices

Zoom reached a deal with the Federal Trade Commission to settle allegations it misrepresented its security and privacy protections for users, the FTC announced Monday. In its action against Zoom, the FTC alleged Zoom “engaged in a series of deceptive and unfair practices that undermined the security of its users.” The FTC alleged that Zoom misled users when it claimed it offered end-to-end encryption — intended to protect user communications from external, unintended eavesdroppers — when Zoom actually didn’t offer that level of security, according to the complaint. The FTC also alleged Zoom informed users it would store recordings of Zoom meetings in an encrypted format, when in reality they were kept unencrypted up to 60 days, and eventually were encrypted later. Zoom compromised users’ security when it secretly installed ZoomOpener, software intended to help users join meetings more seamlessly, but which actually made users vulnerable to malware, according to the FTC. The FTC alleges […]

The post Zoom settles charges with FTC over deceptive security practices appeared first on CyberScoop.

Continue reading Zoom settles charges with FTC over deceptive security practices