Newsbytes
  • India
  • Business
  • World
  • Politics
  • Sports
  • Science
  • Entertainment
  • Auto
  • Lifestyle
  • Inspirational
  • Career
  • Bengaluru
  • Delhi
  • Mumbai
  • Videos
  • Phone Reviews
  • Find Cricket Statistics
Hindi
More
Newsbytes
Hindi
Newsbytes
User Placeholder

Hi,

Logout


India
Business
World
Politics
Sports
Science
Entertainment
Auto
Lifestyle
Inspirational
Career
Bengaluru
Delhi
Mumbai
Videos
Phone Reviews
Find Cricket Statistics

More Links
  • Videos

Download Android App

Follow us on
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
 
Home / News / Science News / Zoom bug allowed mimicking organizations; now fixed
  • Science

    Zoom bug allowed mimicking organizations; now fixed

    Shubham Sharma
    Written by
    Shubham Sharma
    Twitter
    Last updated on Jul 17, 2020, 12:50 am
    Zoom bug allowed mimicking organizations; now fixed
  • Zoom video conferencing service has had plenty of trouble in keeping its platform safe from uninvited hackers and so-called 'Zoom-bombers'.

    Now, in yet another security issue, researchers have flagged a bug in the service that opened a way for fraudsters to mimic legitimate organizations - something that could have led to major phishing attacks.

    Here's all you need to know about it.

  • In this article
    Issue with Vanity URL feature How it affected, led to mimicking of organizations Dedicated Zoom web interfaces could also be targeted Both could lead to phishing attacks Now, the glitch has been fixed
  • Issue

    Issue with Vanity URL feature

  • The flaw, first detected by Check Point's Threat Intelligence arm, ties to the Vanity URL feature that Zoom offers to let companies create their own custom URLs and a branded landing page for meetings.

    When this option is used, the URL to invite for a meeting includes the official domain and appears as https://organization_name.zoom.us/j/##########, instead of regular https://zoom.us/j/########## format.

  • Details

    How it affected, led to mimicking of organizations

    How it affected, led to mimicking of organizations
  • While looking into Zoom's security, Check Point's team found that the service didn't validate meeting IDs for vanity URLs.

    As a result, they noted, any regular meeting invite could be modified to look like an official one.

    All one had to do is simply create a meeting from a separate individual account and then manually add a registered domain into the invite URL.

  • Information

    Dedicated Zoom web interfaces could also be targeted

  • The researchers further noted that a hacker could also target an organization's own Zoom web interface and "attempt to redirect a user to enter a meeting ID into the malicious Vanity URL rather than the actual or genuine Zoom web interface."

  • Risk

    Both could lead to phishing attacks

  • Both tricks opened a way for attackers to mimic legitimate organizations and trick any individual, be it their employees or partners, into joining a phoney meeting. This could have then led to the theft of confidential business information.

    "A user receiving this invitation may not [even] recognize that the invitation was not genuine or issued from an actual or real organization," Check Point emphasized.

  • Fix

    Now, the glitch has been fixed

    Now, the glitch has been fixed
  • That said, it must be noted that Check Point informed Zoom about the issue soon after its discovery and the latter has issued a fix for it.

    "This was a joint-effort between Check Point and Zoom. Together, we've taken important steps to protect users of Zoom everywhere," said Adi Ikan, the Network Research & Protection Group Manager at Check Point.

  • Security
  • Phishing Attack
  • Zoom
  •  
Latest News
  • Amid COVID-19 spike, Delhi schools, colleges shut until further notice
    Amid COVID-19 spike, Delhi schools, colleges shut until further notice
    India
  • Catch Sony's 'Spider-Man,' 'Venom,' 'Jumanji' on Netflix, but conditions apply
    Catch Sony's 'Spider-Man,' 'Venom,' 'Jumanji' on Netflix, but conditions apply
    Entertainment
  • IPL 2021: Chris Lynn to play for MI against RCB
    IPL 2021: Chris Lynn to play for MI against RCB
    Sports
  • Massive LinkedIn data leak affects nearly 70 percent accounts
    Massive LinkedIn data leak affects nearly 70 percent accounts
    Science
  • IPL 2021, MI vs RCB: Virat Kohli elects to field
    IPL 2021, MI vs RCB: Virat Kohli elects to field
    Sports
Related Timelines
  • Instagram vulnerability could have led to account hijacks; now fixed
    Instagram vulnerability could have led to account hijacks; now fixed
    Science
  • #BugAlert: Gmail bug allowed sending fake emails from real accounts
    #BugAlert: Gmail bug allowed sending fake emails from real accounts
    Science
  • Zoom bug allowed breaking into private password-protected meetings
    Zoom bug allowed breaking into private password-protected meetings
    Science
  • Critical vulnerabilities risking private user data flagged in OkCupid
    Critical vulnerabilities risking private user data flagged in OkCupid
    Science
Trending Topics
Samsung Apple OnePlus Mobiles Android TV Smart TV Latest Gadget Launch MediaTek Dimensity 1000+ COVAXIN Latest Tech News Upcoming Mobile Phones
Next News Article
Share
Cancel

Want to share it with your friends too?

Facebook Whatsapp Twitter Linkedin
Copied

Love Science news?

Subscribe to stay updated.

Science Thumbnail
India News Business News World News Politics News Sports News Science News Entertainment News Auto News Lifestyle News Inspirational News
Career News Bengaluru News Delhi News Mumbai News Bharti Airtel Mukesh Ambani Indian Premier League Samsung Virat Kohli Rohit Sharma
Cricket News YouTube Hollywood News WhatsApp Bollywood News Real Madrid ISRO Yoga Honda Batman
Football News BMW Vaccine Reliance Jio OPPO Food News, Healthy Recipes Apple Royal Challengers Bangalore Toyota Fashion Tips
Mercedes Sidharth Malhotra Isha Ambani India Vs England Cricket OnePlus Mobiles Android TV Smart TV Marvel Comics Avengers Neha Kakkar
Big Bang Theory X-Men TATA Royal Enfield
About Us Privacy Policy Terms & Conditions Contact Us News Reviews News Archive Topics Archive Find Cricket Statistics
Follow us on
Facebook Twitter Linkedin Youtube
All rights reserved © NewsBytes 2021