Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic made it overnight a favorite tool for millions of people. Though Zoom is an efficient online video meeting solution, it's still not the best choice in terms of privacy and security. According to the latest finding by cybersecurity expert @_g0dmode , which was also confirmed by researcher Matthew Hickey and Mohamed A. Baset , the Zoom client for Windows is vulnerable to the ' UNC path injection ' vulnerability that could let remote attackers steal login credentials for victims' Windows systems The attack involves the SMBRelay technique wherein Windows automatically exposes a user's login username and NTLM password hashes to a remote SMB server when attempting to connect and download a file hosted on it. The attack is possible only because Zoom for Windows supports remote UNC paths, which converts such potentially insec...
The Hacks001 blog is the most popular, independent and trusted source for the latest news headlines on cybersecurity, hacking, computer security, cybercrime, privacy, vulnerabilities and technology for all businesses, information security professionals and hackers worldwide.