Video conferencing services, including Zoom, have become increasingly popular since many more employees are working remotely. Security researcher @_g0dmode is credited for discovering a potential attack vector against Zoom users that was later verified by UK security researcher Matthew Hickey. Attackers must be participating in a Zoom call and must convince other participants to clink a link sent through a chat message in order to make use of the attack method, which limits the potential impact of this technique. This issue lies in the fact that the Zoom client converts Windows networking Universal Naming Convention (UNC) paths into clickable links. If the links are clicked, Windows will try to connect to the remote site using the Server Message Block (SMB) network file-sharing protocol, and by default, Windows will send the user’s login name and NT Lan Manager (NTLM) password hash. If the attacker controls the remote server, they can capture the password hash when it is sent. Although the password is hashed, it can still be cracked, especially if the password uses common dictionary words. Bleeping Computer has reached out to Zoom, but no response has been given yet.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security