Vulnerability in Zoom app let hackers steal your Windows password: Report


Slammed for the lack of users privacy and security by the US Federal Bureau of Investigation (FBI) and cybersecurity experts, video meeting app Zoom is also prone to hacking, a new report has claimed, saying an unpatched bug can let hackers steal users Windows password.

The 'Zoom client for Windows' is vulnerable to the 'UNC path injection' vulnerability that could let remote attackers steal login credentials for victims' Windows systems, reports TheHacckeNews.
The latest finding by cybersecurity expert @_g0dmode, has also been "confirmed by researcher Matthew Hickey and Mohamed A. Baset,' the report said late Wednesday.

The attack involves the "SMBRelay technique" wherein Windows automatically exposes a user's login username and NTLM password hashes to a remote server, when attempting to connect and download a file hosted on it.

"The attack is possible only because Zoom for Windows supports remote UNC paths, which converts such potentially insecure URLs into hyperlinks for recipients in a personal or group chat," the report claimed.

Comments

Post a Comment

Popular posts from this blog

Before Bahubali 2, makers to release Bahubali 1 again

Image
Rana Daggubati and Prabhas are overwhelmed with the response to the trailer of Bahubali 2 Director S S Rajamouli wants the audiences to revisit the world of "Bahubali" before the release of " Bahubali 2: The Conclusion" . Rajamouli today said they are planning to show the first part a week before the second edition hits theatres on April 28. "We are planning to release part one maybe one or two weeks before the release of part two in southern states so people can get back into the narrative," Rajamouli said at the trailer launch of the Hindi version here. Both Rana Daggubati and Prabhas are overwhelmed with the response to the trailer. "The fans are happy with it. It's overwhelming to be a part of the film," Rana said. The Tamil version of the trailer had leaked online hours before its official release and the makers called it "technical glitch". "This particular thing is neither due to leakage or pirac
Read more

Samsung rolls out 'Made in India' privacy app for Galaxy A71, Galaxy A51

Image
  Smartphone maker  Samsung  on Monday said it has rolled out privacy app AltZLife developed at its India R&D centre on select handsets in the country. The app allows users of the Galaxy A71 and Galaxy A51  smartphones  to quickly switch to privacy mode from normal mode by double-clicking the power button and also automatically save images and videos in private folders based on the usage pattern. "The AltZLife feature will be available to the existing as well as new users of Galaxy A71 and Galaxy A51 through a software update on August 10, 2020,"  Samsung  said in a statement. According to a research conducted by Samsung, 79 per cent of generation-Z (those born between mid-90s and early 2000s) users admit to having content such as images, applications and private chats on their  smartphones  that they do not want family or others to see. Samsung  India Senior Director (Mobile Business) Manu Sharma said the app helps eliminate the anxiety that consumers usuall
Read more

Truecaller version 12 with new features for Android users launched

Image
  Swedish caller identification app  Truecaller  on Thursday rolled out its latest version 12 with a new Video Caller ID feature addition, call recording for free users, and a redesigned user interface (UI). A total of five features have been announced as part of the  Truecaller  Version 12 update. " Truecaller  is a vital part of communication for over 22 crore Indians, for both their professional and personal needs. We are humbled by the level of trust people have shown in us but we are also driven by the goal of transforming communication," Rishit Jhunjhunwala, Chief Product Officer and Managing Director, Truecaller India said in a statement. Video Caller ID feature allows users to set a short video that plays automatically when they call friends and family. Users can choose from one of the built-in video templates or record their own video. Another feature is Call Announce. Once enabled, the new optional feature will speak the caller ID for incoming phone calls ou
Read more