Another day, another Zoom security hole. The video conferencing service revealed it has patched a vulnerability that could’ve allowed attackers to impersonate legitimate business accounts in order to phish user credentials, steal data, and infect employees with malware. The kink, which was discovered by security firm Check Point and disclosed to Zoom, essentially resided in the company’s “Vanity URL” feature which lets business users generate custom links for meetings — like yourcompany.zoom.us. Unfortunately, a shortcoming in the implementation made it possible to fake such invitations without the knowledge of potential victims. An attacker could create a standard meeting link (like https://zoom.us/j/##########)…
This story continues at The Next Web
Thursday 16 July 2020
