Zoom Messenger found vulnerable with Security Flaw
By MYBRANDBOOK
According to security experts, Zero-day vulnerabilities within the Zoom Messenger desktop client could allow hackers to execute random code on a victim’s machine.
Ethical hackers Daan Keuper and Thijs Alkemade from CompuTest Security demonstrated their exploit at hacking contest Pwn2Own, and were awarded a bug bounty of $200,000 by the video conferencing service.
Commenting on the exploit, Keuper said that while earlier Zoom vulnerabilities allowed attackers to infiltrate the calls, their exploit was a lot more serious as it allows attackers to take over the entire system.
The ethical hackers chained three vulnerabilities in the Zoom messenger to create their exploit. Even more alarming is the fact that they were able to take over the remote system running the Zoom client without any involvement from the victim; the exploit didn’t require the victim to click any links or open any attachments. Once successful, the duo had an almost complete control over the remote computer. They demonstrated several actions such as toggling the webcam and the microphone, gawking at the desktop, reading emails, and downloading their victim’s browser history.
Pwn2Own is a popular security conference where ethical hackers demonstrate zero-day vulnerabilities in popular devices and apps. Given the rise of remote collaboration tools, the conference organizers added the new Enterprise Communications category this year. Elsewhere in the conference another ethical hacker hacked into Microsoft Teams, again by exploiting a combination of vulnerabilities to execute arbitrary code, and earned himself a $200,000 bug bounty from Microsoft.
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
INFOSYS TECHNOLOGIES PVT. LTD.
EXIDE INDUSTRIES LTD.
CP PLUS INDIA PVT. LTD.
AMARA RAJA POWER SYSTEMS LTD.
Technology Icons Of India 2023: Bhavish Aggarwal
Ola CEO Bhavish Aggarwal had formed Ola-India’s largest mobility pla...
Technology Icons Of India 2023: Sachin Bansal
Sachin Bansal’s fintech startup, Navi Technologies, simplifies loan ...
Technology Icons Of India 2023: Roshni Nadar Malhotra
Roshni Nadar Malhotra is an Indian billionaire businesswoman and the c...
CERT-IN protecting the cyber security space of India
CERT-In serves in the area of cyber security threats like hacking and ...
TCIL continues to strengthen India with its technology expertise
TCIL undertakes consultancy & turnkey projects in the field of Telecom...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
FORTUNE MARKETING PVT. LTD.
Delhi based Fortune Marketing, An ISO 9001:2008 company, distributes ...
TECHNOBIND SOLUTIONS PVT. LTD.
TechnoBind’s business model is focused on identifying and partnering...
SAVEX TECHNOLOGIES PVT. LTD.
Savex Technologies is the 3rd largest Information & Communication Tec...