The suddenly popular videoconferencing app Zoom has issued a patch for a vulnerability in its Windows client that allowed attackers to steal the user's Windows login credentials from malicious chat links.
“Zoom issued a fix for this and other bugs, promising better transparency going forward,” reports Mark Hachman at PCWorld:
An unpatched vulnerability within Zoom allows an attacker to drop a malicious link into a chat window and use it to steal a Windows password, according to reports.
A hacker could use an attack called a UNC path injection to expose credentials, according to an attack posted on Twitter and subsequently followed up with an additional video. According to The Hacker News, that's because Windows exposes a user's login name and password to a remote server when attempting to connect to it and download a file.
Update: After this story and others went live April 1, Zoom CEO Eric Yuan addressed Zoom security and other issues in a blog post. Part of the blog post detailed a bug fix to be released, which would fix the UNC vulnerability described in our original story, among other things. The fix appears to be pushing out automatically to users. PCWorld staff who've already received the fix report the version number as 4.6.9 (19253.0401).
READ MORE at pcworld.com:
Update: Zoom issues fix for UNC vulnerability that lets hackers steal Windows credentials via chat
“Twitter is completely stifling FREE SPEECH, and I, as President, will not allow it to happen!”
• “Our algorithms exploit the human brain’s attraction to divisiveness.” • “64% of all extremist group joins are due to our recommendation tools” • GOP operative turned Facebook policy VP Joel Kaplan, who threw a party for Brett Kavanaugh upon his Supreme Court confirmation, killed any action on Facebook’s internal findings, reports WSJ
Twitter said Tuesday it’s not taking any action on grotesquely abusive tweets by impeached U.S. President Donald Trump about the 2001 death of a woman who once worked as a congressional staff member for Joe Scarborough, after her husband asked the company to remove the false and personally harassing tweets.
Just as in almost any industry that seeks high-demand, well-trained workers, certification often becomes key. For project managers, that means anyone who’s serious about serving in that role with a respected company knows they’re going to need the seal of approval in one of the field’s most recognized methodologies before they stand much of a […]
Popping a new battery in a smoke detector or adding salt to your water softener are easy fixes. But if you run into trouble or a necessary repair in a cramped, tight place, sometimes with no obvious fix or easy access, it can be a pretty frustrating exercise. Since flying blind is the absolute worst, […]
Firing up the engines each morning and attacking the day with gusto and purpose can feel like a mighty tall order sometimes. We’ve all been there. But on those sluggish, why-don’t-I-just-stay-here-in-bed-all-day kinda days, it might just take a rational, calming, reassuring nudge to make it happen. No matter what it takes to keep you motivated […]