Zoom Fixes a Vanity URL Issue to Prevent Potential Phishing Attacks


Zoom along with the cybersecurity company Check Point has fixed an issue with its vanity URLs that could have potentially allowed hackers to manipulate meeting ID links for phishing purposes. If users had accepted or clicked on the particular malicious vanity URL, attackers could’ve possibly injected malware into the device to carry out a phishing attack. A vanity URL is described as a custom URL used by brands for marketing purposes. It essentially allows users to remember or find a specific page within the website, such as “http://[yourcompany.zoom.com].zoom.com.” According to Check Point, this vulnerability could’ve been manipulated in two ways.

The details about Zoom’s Vanity URL vulnerability fix were shared by Check Point in blog post on Thursday.

“This was a joint effort between Check Point and Zoom. Together, we’ve taken important steps to protect users of Zoom everywhere,” Network Research & Protection Group Manager at Check Point, Adi Ikan stated in the blog post.

Vanity URL vulnerability

As mentioned, the vulnerability could have allowed hackers to manipulate a vanity URL in two ways. The first way of targeting was via direct links. Check Point states that this would have allowed a hacker to directly change the Zoom invitation link that might be difficult to recognise by a person without “particular cyber-security training.”

The second way of targeting Zoom users was through dedicated Zoom Web interfaces. Some organisations have their own Zoom Web interface for conferences.

“A hacker could target such an interface and attempt to redirect a user to enter a meeting ID into the malicious Vanity URL rather than the actual or genuine Zoom web interface,” Check Point noted.

These two methods of manipulating vanity URLs would have allowed hackers to steal Zoom users’ data. The issue has been fixed by Zoom, according to Check Point.

Notably, the cybersecurity firm had worked with Zoom earlier in January to fix another potential vulnerability that could have allowed hackers to join a meeting uninvited (also known as Zoombombing). After Check Point pointed out the issue, Zoom introduced passwords by default for all future scheduled meetings.


In 2020, will WhatsApp get the killer feature that every Indian is waiting for? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.



Source link

Latest articles

New Delhi: Prime Minister Narendra Modi chaired a meeting on Saturday to review arrangements for the delivery and distribution of a coronavirus vaccine...
Read more

iPhone 12 mini, iPhone 12 Battery Capacity Surfaces; iPhone 12 Pro Could Be Assembled in India, Brazil, China

iPhone 12 mini and iPhone 12 battery capacities have reportedly been revealed through certifications shared by Brazilian telecom regulator Anatel. The new revelation...
Read more

Yogi Adityanath Launches Campaign Aimed At Women Security

Yogi Adityanath launched "Mission Shakti" programme for women security in Uttar Pradesh (File)Balrampur: Uttar Pradesh Chief Minister Yogi Adityanath on Saturday asserted that...
Read more

Sonakshi on brother Luv Sinha contesting polls: We need youth and good people

Sonakshi Sinha on Saturday extended best wishes to her brother Luv Sinha on his budding political career. Luv will contest...
Read more
44.1k Followers
Follow
Previous articleYoga helps Esha Gupta beat ’emotional roller coaster’ of last five months
Next articleRajasthan Police Heads To Camp Sachin Pilot In Search Of MLA Caught On Tape

Related articles

Leave a reply

Please enter your comment!
Please enter your name here