1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hackers could be eavesdropping on your Zoom calls thanks to this

    From TechnologyDaily@1337:1/100 to All on Mon Aug 14 17:00:03 2023
    Hackers could be eavesdropping on your Zoom calls thanks to this flaw

    Date:
    Mon, 14 Aug 2023 16:52:39 +0000

    Description:
    Zoom security flaws could have dire consequences.

    FULL STORY ======================================================================

    Researchers have discovered a flaw in Zoom and AudioCodes products which
    could allow threat actors to listen in on video conferencing calls, hijack vulnerable endpoints, and even deliver more devastating malware such as infostealers or ransomware .

    Security expert Moritz Abrell from SySS was the one who found flaws in AudioCodes desk phones and Zoom's Zero Touch Provisioning (ZTP) features, which allows admins to configure VoIP devices in a centralized manner.

    The provisioning process was flawed, though - so when the tool tries to grab configuration files from the ZTP service, it does so without any client-side authentication mechanism, which the attackers could abuse to drop malware
    from a rogue server. Taking over devices

    Furthermore, there was another improper authentication issue, this time in
    the cryptographic routines in AudioCodes VoIP desk phones, which crooks could use to decrypt sensitive information. Combine these two flaws, and you get an exploit chain that grants attackers full access to the vulnerable devices.

    "When combined, these vulnerabilities can be used to remotely take over arbitrary devices. As this attack is highly scalable, it poses a significant security risk," Abrell said. Read more

    Zoom apologises for major security vulnerabilities, promises fixes


    These security flaws could have let intruders snoop on your Zoom meetings


    Here are the best firewalls around

    Three years ago, at the early days of the Covid-19 pandemic, Zoom was one of the most-used applications out there, resulting in an enormous spike in popularity. As a result, hackers dug deep into the programs code, finding
    flaw after flaw. At one point it had gotten so bad that the company halted
    all production and focused solely on boosting the security of its services.

    Since then, Zoom plugged numerous holes, other communication and
    collaboration tools (such as Teams, for example) took some of the load off Zoom, and many firms had their employees return to the office. These are the best endpoint protection solutions around

    Via: The Hacker News



    ======================================================================
    Link to news story: https://www.techradar.com/pro/hackers-could-be-eavesdropping-on-your-zoom-call s-thanks-to-this-flaw


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)