Zoom,??????? ???????? ?? ????? the videoconferencing software that's skyrocketed in popularity as much of the globe sits at home due to the coronavirus outbreak, is quickly turning into a privacy and security nightmare.
BleepingComputer reports about a newly found vulnerability in Zoom that allows an attacker to steal Windows login credentials from other users. The problem lies with the way Zoom's chat handles links, as it converts Windows networking UNC (Universal Naming Convention) paths into clickable links. If a user clicks on such a link, Windows will leak the user's Windows login name and password.
The good thing is that the password is hashed; but the bad thing is that it is in many cases simple to reveal it using password recovery tools such as Hashcat.
The vulnerability was first found by security researcher @_g0dmode and verified by security researcher Matthew Hickey. Additionally, Hickey told the news outlet that this vulnerability can be used to launch programs on a victim's computer when they click on a link, though Windows will (by default) at least give a security warning before launching the program.
As far as security vulnerabilities go, this one is pretty bad, as it doesn't require a lot of knowledge to exploit. It does require the victim to actually click on a link, and it can be mitigated by tinkering with Windows' security settings, but it's definitely something Zoom should fix by changing the way the platform's chat handles UNC links.
In the meantime, for a quick fix, go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers and set to "Deny all".
Mashable has contacted Zoom for comment on this story, and we'll update it when we hear back.
SEE ALSO: Zoom's iOS app no longer sends data to FacebookThis is not the only privacy/security-related issue that has been unearthed at Zoom in the past couple of weeks. Just yesterday, The Intercept reported that Zoom doesn't actually use an end-to-end encrypted connection for its calls, despite claiming to do so. There's also the issue of leaking users' emails and photos to unrelated parties, and the fact that the company's iOS app, until recently, sent data to Facebook for no good reason.
Zoom software also has a couple of worrying privacy features, and although this isn't Zoom's fault, it's worth noting that hackers are using the app's newfound popularity to trick users into downloading malware.
Topics Cybersecurity
Hirono Urges DOJ to Do More to Protect Right to Travel for Reproductive Health Care
'Quordle' today: See each 'Quordle' answer and hints for August 10
14 podcasts to teach kids about history, identity, and current events
Google Chrome to summarize articles using generative AI
OCBC Obon Festival Returns to Full Strength
Snapchat's My AI story was just a creepy glitch
Virgin Galactic will blast a high
Bumble launches new features for free and premium users
Beyond Playing the Sport
Microsoft might be saving your conversations with Bing Chat
Elemental Funk Concert Fundraiser and Halloween Party
'Quordle' today: See each 'Quordle' answer and hints for August 16, 2023
Disney Plus, Hulu increase their prices again
'Blue Beetle' review: Superhero movies just got fun again
Official: chelo returns to Imperial
Best tech deal: Cricut Joy Machine & Digital Content Library Bundle on sale for 22% off
What caused Maui’s wildfire, and what made it ‘apocalyptic’?
Best air purifier deal: Get a Shark air purifier for $150 off
Stripchain: Breaking Down Crypto UX with Chain Abstraction
No more TikTok on city
Boston Dynamics' Spot is now a beerEverything to know about Netflix's 'Shadow and Bone'A Super Mario game sold for $660,000, and no, it wasn't an NFTHow to invest your retirement away gunAmazon's Echo Buds have real active noise cancellation this timeTrippy nebula captured in brilliant new Hubble imageTech retailer Newegg finally scraps 15LeVar Burton pitched himself as 'Jeopardy' host and wow, great ideaLebron James reveals GMC's Hummer EV SUV during NCAA Final Four gameWhy LG is saying goodbye to its smartphone business Reddit's WallStreetBets is crowdfunding a Super Bowl ad to 'sh*t' on Robinhood Facebook claims it won't recommend political groups globally 'Passing' is a riveting exploration of identity: Movie review 12 best TV and movie recipes from 'Binging with Babish' Apple's next iOS update will make apps ask permission to track you Zoom council meeting takes an incredibly chaotic turn, sparks memes Huawei to launch new foldable phone in February Congresswoman Marjorie Taylor Greene blames Facebook for her QAnon beliefs $100 off the iRobot Roomba? i3+ at Best Buy through 1/30 Reddit’s r/WallStreetBets breaks all
0.1691s , 9966.96875 kb
Copyright © 2025 Powered by 【??????? ???????? ?? ?????】Zoom security bug lets attackers steal Windows passwords,Feature Flash
