Defcon Researchers Demonstrate Zoom Vulnerabilities

Threat Watch

Threat Watch Defcon Researchers Demonstrate Zoom Vulnerabilities

Defcon Researchers Demonstrate Zoom Vulnerabilities

Mazin Ahmed, a researcher who presented at DEF CON 28, recently demonstrated some of the bugs/vulnerabilities that he found and reported to Zoom between April and July 2020. While several of these flaws require initial access to systems, the flaws themselves are still fairly significant.

With local access to a victim’s machine, Ahmed demonstrated that malware can use Zoom to launch untrusted applications, or the attacker can exfiltrate Zoom user data and even plaintext chat messages stored on the system. Additionally, malware can inject custom certificate fingerprints into the local Zoom database. Zoom issued a fix for these vulnerabilities and more on August 3^rd, 2020.

ANALYST NOTES

As a new version of Zoom was released on August 3rd, Binary Defense recommends updating Zoom to the latest version. Additionally, since many of these vulnerabilities required local access to a machine, Binary Defense recommends the use of an EDR or MDR solution, with 24-hour a day monitoring by an internal SOC or a security provider such as Binary Defense’s Security Operations Task Force, in order to detect attacks like these when the attacker gains the initial foothold in a system.

More information can be read at:
https://thehackernews.com/2020/08/zoom-software-vulnerabilities.html

The war in Ukraine and its impact on how China views Taiwan

Digging through Rust to find Gold: Extracting Secrets from Rust Malware

5 Critical Criteria for evaluating Managed Detection & Response (MDR)

How Ransomware Capabilities Are Evolving and What You Can Do to Keep Your Organization Secure

Threat Watch