The suddenly popular videoconferencing app Zoom has issued a patch for a vulnerability in its Windows client that allowed attackers to steal the user's Windows login credentials from malicious chat links.
“Zoom issued a fix for this and other bugs, promising better transparency going forward,” reports Mark Hachman at PCWorld:
An unpatched vulnerability within Zoom allows an attacker to drop a malicious link into a chat window and use it to steal a Windows password, according to reports.
A hacker could use an attack called a UNC path injection to expose credentials, according to an attack posted on Twitter and subsequently followed up with an additional video. According to The Hacker News, that's because Windows exposes a user's login name and password to a remote server when attempting to connect to it and download a file.
Update: After this story and others went live April 1, Zoom CEO Eric Yuan addressed Zoom security and other issues in a blog post. Part of the blog post detailed a bug fix to be released, which would fix the UNC vulnerability described in our original story, among other things. The fix appears to be pushing out automatically to users. PCWorld staff who've already received the fix report the version number as 4.6.9 (19253.0401).
READ MORE at pcworld.com:
Update: Zoom issues fix for UNC vulnerability that lets hackers steal Windows credentials via chat
Twitter and Tiktok had preliminary negotiations about a potential merger/acquisition, reported the Wall Street Journal on Saturday.
TikTok, the social media app from China-based Bytedance, plans to sue the Trump administration in a challenge to the president’s executive order that bans the service in the United States.
“The Senate on Thursday unanimously passed legislation to ban the use of the social media app TikTok on federal devices, weeks after the House approved a similar measure,” reports The Hill:
If the last 50 years of education have taught us nothing else, it’s that it often requires different tactics to best reach different learners. To pick up a foreign language, some students take best to the old-school high school language lab method, using heavy repetition, verb conjugation and grammar emphasis to embed a new language. […]
For those who want a career in video games, there’s no reason to sit around and wait. EA and Rockstar Games probably aren’t going to seek you out and knock on your door with a job opportunity. But if you’re an indie developer with a good idea and some passion, you can create a really […]
Nobody is happy about the current state of our COVID-ravaged education system. With a new school year fast approaching, plans for teaching students still in flux, and political in-fighting driving more fear and confusion about whether or not to re-open campuses, teachers and parents are concerned. Meanwhile, most kids are just fine with spending less […]