“A Quick Look at the Confidentiality of Zoom Meetings”
The article scrutinizing security and privacy issues of Zoom company is very interesting and insightful. The teleconference app, Zoom, has become very popular due to being under mandatory work/study-from-home orders due to the spread of COVID-19. Companies prefer to use Zoom because of its user-friendly design, while they ignore doing careful assessment of privacy policies and security protocols.
This article gives detailed information about following security issues of Zoom:
• Zoom app uses weak cryptographic techniques to encrypt and decrypt audio and video in zoom meeting. They use AES-128, which is not recommended because plaintext are preserved during encryption, and it is proven that AES-128 is not strong enough anymore. However, company still claims that they use TLS or AES-256.
• Second issue is that keys for encrypting and decrypting meetings are transmitted to servers in Beijing, China, while it may be legally obligated to disclose these keys to authorities in China.
A hacker has wiped, defaced more than 15,000 Elasticsearch servers
For the past two weeks, a hacker has been breaking into Elasticsearch servers that have been left open on the internet without a password and attempting to wipe their content, while also leaving the name of a cyber-security firm behind, trying to divert blame.
According to security researcher John Wethington, one of the people who saw this campaign unfolding and who aided ZDNet in this report, the first intrusions began around March 24.
The attacks appear to be carried with the help of an automated script that scans the internet for ElasticSearch systems left unprotected, connects to the databases, attempts to wipe their content, and then creates a new empty index called nightlionsecurity.com.
The attacking script doesn’t appear to work in all instances, though, as the nightlionsecurity.com index is also present in databases where the content has been left intact.
The DoD provides warning signs of using TikTop App
TikTok, was the most downloaded app of 2019. Developed by ByteDance, a company based in China, TikTok can prove to be major source of national risk.
Currently, the Transportation Security Administration and the U.S. Army have also banned the app on employee phones.
Some of the security risks related to TikTok:
Risk 1: TikTok Collecting Data on U.S. Government Employees
Risk 2: TikTok Collecting Data on U.S. Persons Not Employed by the Government
Risk 3: TikTok Censoring Information in China at Beijing’s Behest
Risk 4: TikTok Censoring Information Beyond China at Beijing’s Behest
Risk 5: Disinformation on TikTok
According to covid 19 pandemic, most of organizations force employees to work at home and they apply VPN to securely access to the internal network. Hackers gain this advantages by exploit systems using the REvil (Sodinokibi) ransomware to unauthirzed access to network systems. “ they perform thorough reconnaissance and adapt privilege escalation and lateral movement activities based on security weaknesses and vulnerable services they discover in the network”. This is challenging because it is hard to identify where hackers established the ransomware. Microsoft recommends to immediately patch and regularly monitor remote access control and turn on attack surface reduction rules in Windows , and switch on AMSI for Office VBA in Office 365 environments.
The Internal Revenue Service (IRS) is warning taxpayers of a new wave of phishing calls and messages designed to trick victims into handing over financial details by capitalizing on the COVID-19 pandemic.
A large number of these scams attempt to use as a lure the government’s recent announcement of an economic impact payment of $1200 to every US citizen.
This article mentioned that Zoom do not use encryption! It makes sens to me ,as the dynamic of IPv4 multicast and the nature of its groups should make it difficult to implement encryption and authentication. Multicast security models rely heavily the use of PKI require high level of computational overhead.
Since the emergence of the COVID-19 virus, a lo of people have been forced to work from home. Therefore, shedding light on the vulnerabilities of companies who depend on work being done within the local network
COVID -19: HACKERS BEGIN EXPLOITING ZOOM’s OVERNIGHT SUCCESS TO SPREAD MALWARE
According to a report published by check Point ( Cyber Research Team), cybercriminals are taking advantage of massive usage of zoom by registering new fake “Zoom” domains and malicious “Zoom” executable files in an attempt to trick people into downloading malware on their devices. Over 1700 new “Zoom” have been registered since the onset of the pandemic, 25 percent of the domains registered in the past 7 days alone.
Title: Zoom Blow as Thousands of User Videos Are Found Online
This article published on the Info Info Security Magazine’s website discusses a serious
security concern discovered by a former National Security Agency (NSA) researcher regarding the method Zoom uses to store video recordings in the cloud. It turns out that for those who opt to store their meeting’s recordings in the cloud without setting a password for ease of access to those who wish to revisit the meetings, those same meetings are easily accessible by strangers thanks to there being no method preventing strangers from simply browsing the Amazon Web Services buckets in which these recordings are stored and watching the unsecured recordings.
Hi Imran, Thanks for posting this publication.
Looking at the behavior of tech startups, one will find out that this is not just Zoom issue. It is common among security or tech startups. Most security or tech startups have a leadership group that is over-confident in the funtionalities or capabilities of their product and has little connection to the reality of what their product is actually capable to doing. This is the first time Zoom is experiencing such a large scale demand and use of its platform by corparate organizations around the globe. They have a lot to learn from this and it will enable them to improve on their services.
With companies across the globe implementing work from home practices now more than ever, new weak links in cybersecurity defenses are starting to unfold. While the security risks of working remotely aren’t new, the attack surface has now increased with the rapid switch to work from home environments. Security needs to remain a top priority for businesses during this time, as putting it on hold while trying to continue running a business may lead to negative consequences down the line.
Five critical cybersecurity issues that teams must address include:
– Securing spotty WiFi with spotty antivirus protection
– Combining Windows 10 built-in antivirus with advanced protection
– Bracing for browser-based attacks
– Addressing distributed SecOps with remote support and moving target defense
– Virtually patching problem areas
NASA sees an “exponential” jump in malware attacks as personnel work from home
NASA has reported that its experiencing a higher rate of attack attempts as its workers move to working from home. Officials said that the phishing email attempts have doubled, there’s been an exponential increase in malware attacks, and double the number of mitigation-blocking of NASA systems trying to access malicious sites (often unknowingly) due to users accessing the Internet. Whats worrying about the data is that it means more employees are falling for clicking on malicious links than before. The article also discusses how 5,000 new domains have certificates referencing corona or covid-19. Now is the time security awareness training needs to be reinforced.
The current event article focuses on apps that were released to populations in Iran, Colombia, and Italy that had faulty security features. The apps provided cyber attackers with more attack vectors and possibilities. The countries had good intentions but tried to roll out the apps too soon without testing their security stress points.
Zoom hired facebook’s security consultant to provide security. In the case of covid-19 emergencies, Zoom conferencing usage increased significantly. Zoom is busy perfecting policies, encryption systems, and bug fixes every day. But it still faces many lawsuits. Zoom has two holes in the MAC OS that allow unauthorized users to access local users’ cameras. This is obviously an invasion of privacy. Zoom recently had to remove the ability to share analytics data with Facebook from its iOS web conferencing app. https://threatpost.com/zoom-facebook-ciso-security-lawsuit/154614/
“A Quick Look at the Confidentiality of Zoom Meetings”
The article scrutinizing security and privacy issues of Zoom company is very interesting and insightful. The teleconference app, Zoom, has become very popular due to being under mandatory work/study-from-home orders due to the spread of COVID-19. Companies prefer to use Zoom because of its user-friendly design, while they ignore doing careful assessment of privacy policies and security protocols.
This article gives detailed information about following security issues of Zoom:
• Zoom app uses weak cryptographic techniques to encrypt and decrypt audio and video in zoom meeting. They use AES-128, which is not recommended because plaintext are preserved during encryption, and it is proven that AES-128 is not strong enough anymore. However, company still claims that they use TLS or AES-256.
• Second issue is that keys for encrypting and decrypting meetings are transmitted to servers in Beijing, China, while it may be legally obligated to disclose these keys to authorities in China.
Here is the article: https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
A hacker has wiped, defaced more than 15,000 Elasticsearch servers
For the past two weeks, a hacker has been breaking into Elasticsearch servers that have been left open on the internet without a password and attempting to wipe their content, while also leaving the name of a cyber-security firm behind, trying to divert blame.
According to security researcher John Wethington, one of the people who saw this campaign unfolding and who aided ZDNet in this report, the first intrusions began around March 24.
The attacks appear to be carried with the help of an automated script that scans the internet for ElasticSearch systems left unprotected, connects to the databases, attempts to wipe their content, and then creates a new empty index called nightlionsecurity.com.
The attacking script doesn’t appear to work in all instances, though, as the nightlionsecurity.com index is also present in databases where the content has been left intact.
The DoD provides warning signs of using TikTop App
TikTok, was the most downloaded app of 2019. Developed by ByteDance, a company based in China, TikTok can prove to be major source of national risk.
Currently, the Transportation Security Administration and the U.S. Army have also banned the app on employee phones.
Some of the security risks related to TikTok:
Risk 1: TikTok Collecting Data on U.S. Government Employees
Risk 2: TikTok Collecting Data on U.S. Persons Not Employed by the Government
Risk 3: TikTok Censoring Information in China at Beijing’s Behest
Risk 4: TikTok Censoring Information Beyond China at Beijing’s Behest
Risk 5: Disinformation on TikTok
https://www.lawfareblog.com/unpacking-tiktok-mobile-apps-and-national-security-risks
https://www.inc.com/jason-aten/the-department-of-defense-is-warning-people-not-to-use-tiktok-over-national-security-concerns.html
According to covid 19 pandemic, most of organizations force employees to work at home and they apply VPN to securely access to the internal network. Hackers gain this advantages by exploit systems using the REvil (Sodinokibi) ransomware to unauthirzed access to network systems. “ they perform thorough reconnaissance and adapt privilege escalation and lateral movement activities based on security weaknesses and vulnerable services they discover in the network”. This is challenging because it is hard to identify where hackers established the ransomware. Microsoft recommends to immediately patch and regularly monitor remote access control and turn on attack surface reduction rules in Windows , and switch on AMSI for Office VBA in Office 365 environments.
https://www.infosecurity-magazine.com/news/hospitals-vpns-ransomware-covid19/
The Internal Revenue Service (IRS) is warning taxpayers of a new wave of phishing calls and messages designed to trick victims into handing over financial details by capitalizing on the COVID-19 pandemic.
A large number of these scams attempt to use as a lure the government’s recent announcement of an economic impact payment of $1200 to every US citizen.
https://www.infosecurity-magazine.com/news/irs-phishers-covid19-stimulus/
This article mentioned that Zoom do not use encryption! It makes sens to me ,as the dynamic of IPv4 multicast and the nature of its groups should make it difficult to implement encryption and authentication. Multicast security models rely heavily the use of PKI require high level of computational overhead.
https://9to5mac.com/2020/04/02/zoom-penetration-tests/
https://www.scmagazine.com/home/security-news/covid-19-exposes-gaps-in-cybersecurity-safety-net-as-millions-work-from-home/
Since the emergence of the COVID-19 virus, a lo of people have been forced to work from home. Therefore, shedding light on the vulnerabilities of companies who depend on work being done within the local network
COVID -19: HACKERS BEGIN EXPLOITING ZOOM’s OVERNIGHT SUCCESS TO SPREAD MALWARE
According to a report published by check Point ( Cyber Research Team), cybercriminals are taking advantage of massive usage of zoom by registering new fake “Zoom” domains and malicious “Zoom” executable files in an attempt to trick people into downloading malware on their devices. Over 1700 new “Zoom” have been registered since the onset of the pandemic, 25 percent of the domains registered in the past 7 days alone.
https://thehackernews.com/2020/03/zoom-video-coronavirus.html
Title: Zoom Blow as Thousands of User Videos Are Found Online
This article published on the Info Info Security Magazine’s website discusses a serious
security concern discovered by a former National Security Agency (NSA) researcher regarding the method Zoom uses to store video recordings in the cloud. It turns out that for those who opt to store their meeting’s recordings in the cloud without setting a password for ease of access to those who wish to revisit the meetings, those same meetings are easily accessible by strangers thanks to there being no method preventing strangers from simply browsing the Amazon Web Services buckets in which these recordings are stored and watching the unsecured recordings.
Source: https://www.infosecurity-magazine.com/news/zoom-blow-thousands-user-videos/
Hi Imran, Thanks for posting this publication.
Looking at the behavior of tech startups, one will find out that this is not just Zoom issue. It is common among security or tech startups. Most security or tech startups have a leadership group that is over-confident in the funtionalities or capabilities of their product and has little connection to the reality of what their product is actually capable to doing. This is the first time Zoom is experiencing such a large scale demand and use of its platform by corparate organizations around the globe. They have a lot to learn from this and it will enable them to improve on their services.
With companies across the globe implementing work from home practices now more than ever, new weak links in cybersecurity defenses are starting to unfold. While the security risks of working remotely aren’t new, the attack surface has now increased with the rapid switch to work from home environments. Security needs to remain a top priority for businesses during this time, as putting it on hold while trying to continue running a business may lead to negative consequences down the line.
Five critical cybersecurity issues that teams must address include:
– Securing spotty WiFi with spotty antivirus protection
– Combining Windows 10 built-in antivirus with advanced protection
– Bracing for browser-based attacks
– Addressing distributed SecOps with remote support and moving target defense
– Virtually patching problem areas
https://www.securityinfowatch.com/covid-19/article/21132855/5-critical-issues-cybersecurity-teams-face-with-covid19
NASA sees an “exponential” jump in malware attacks as personnel work from home
NASA has reported that its experiencing a higher rate of attack attempts as its workers move to working from home. Officials said that the phishing email attempts have doubled, there’s been an exponential increase in malware attacks, and double the number of mitigation-blocking of NASA systems trying to access malicious sites (often unknowingly) due to users accessing the Internet. Whats worrying about the data is that it means more employees are falling for clicking on malicious links than before. The article also discusses how 5,000 new domains have certificates referencing corona or covid-19. Now is the time security awareness training needs to be reinforced.
https://arstechnica.com/information-technology/2020/04/nasa-sees-an-exponential-jump-in-malware-attacks-as-personnel-work-from-home/
The current event article focuses on apps that were released to populations in Iran, Colombia, and Italy that had faulty security features. The apps provided cyber attackers with more attack vectors and possibilities. The countries had good intentions but tried to roll out the apps too soon without testing their security stress points.
https://threatpost.com/official-government-covid-19-apps-threats/154512/
Zoom hired facebook’s security consultant to provide security. In the case of covid-19 emergencies, Zoom conferencing usage increased significantly. Zoom is busy perfecting policies, encryption systems, and bug fixes every day. But it still faces many lawsuits. Zoom has two holes in the MAC OS that allow unauthorized users to access local users’ cameras. This is obviously an invasion of privacy. Zoom recently had to remove the ability to share analytics data with Facebook from its iOS web conferencing app.
https://threatpost.com/zoom-facebook-ciso-security-lawsuit/154614/