Cybersecurity professionals are still finding some big problems with Zoom.
On Thursday, researchers at online security firm Check Point detailed their latest discovery: an exploit in Zoom which would have allowed any bad actor to use a company’s vanity URL for their own video meeting.
Here’s what this means. Basically, companies and organizations paying Zoom for video conferencing services can set up a unique vanity subdomain to brand their meetings right in the Zoom domain name. For example, a company can set up its video meetings to live on the URL https://YourCompany.zoom.us/meetingID.
This bug allowed anyone to setup their own Zoom meeting and add any subdomain registered with Zoom. Let’s say McDonald’s used a mcdonalds.zoom.us custom subdomain for its meetings. Anyone could have started their own meeting, add the “mcdonalds” subdomain to their own personal Zoom meeting link and the link would have worked. That URL would have led users who clicked it to the bad actor’s personal Zoom meeting. Read more…
More about Cybersecurity, Zoom, Exploit, Url, and Video Conferencing
Powered by WPeMatico
