833-847-3280
Schedule a Call

Security Vulnerabilities in Zoom – Why Testing and Scanning are Important

Video conference

Recently, a lot of news outlets published articles on the security vulnerabilities in Zoom.  With the coronavirus forcing nearly everyone to stay home, many companies and people started using Zoom to help maintain communication.  This resulted in 200 million daily meeting participants in March, up from the 10 million users it reported in December.  They didn’t foresee that happening.

Security Vulnerabilities in Zoom

The issue is that many security researchers and cybercriminals found vulnerabilities they could exploit. One Windows vulnerability could allow someone to exploit the chat feature to steal login details. Exclusions don’t include Mac devices. One such vulnerability would allow someone to hijack a user’s device to give control of the webcam and microphone.

Eric Yaun, the CEO, stated that they will need to focus on identifying security vulnerabilities in Zoom, and addressing them quickly.

“Our platform was built primarily for enterprise customers,” Yuan said. “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. Therefore, we now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.”

The Fix

Exponential growth can happen to any company, with the right circumstances.  In conclusion, it’s better to conduct penetration testing and vulnerability scanning before the growth happens.  It’s better for users and better for PR.

Latest Posts

A transparent image used for creating empty spaces in columns
As cyber threats grow more complex and persistent, regulatory frameworks like PCI DSS 4.0 have evolved to demand more rigorous and transparent security practices. One of the key updates in PCI DSS 4.0 is the enhanced requirement for penetration testing reports, pushing organizations to go…
A transparent image used for creating empty spaces in columns
A penetration test, also known as a pen test, is a crucial cybersecurity measure that enables organizations to identify vulnerabilities in their networks, applications, and security controls. However, the real value of a penetration test lies in how well an organization can interpret the findings…
A transparent image used for creating empty spaces in columns
The release of PCI DSS 4.0 introduces significant enhancements to the security landscape, particularly in the area of security controls and penetration testing. While penetration testing has always been a critical component in identifying vulnerabilities within a network or system, the updated PCI DSS standards…
A transparent image used for creating empty spaces in columns
Social engineering attacks remain one of the most effective ways cybercriminals gain access to sensitive information, systems, and financial assets. Phishing, pretexting, baiting, and other manipulative tactics exploit human psychology, making it difficult to defend against using technical measures alone. Organizations often use social engineering…
A transparent image used for creating empty spaces in columns
 With the release of PCI DSS 4.0, penetration testing requirements have evolved to enforce a layered approach to security. This update ensures that organizations assess vulnerabilities at both the network and application layers, creating a more comprehensive security posture to protect payment card data.…
A transparent image used for creating empty spaces in columns
Web applications are at the core of digital business operations, making them a prime target for cybercriminals. A successful attack on a vulnerable web application can lead to data breaches, financial losses, reputational damage, and compliance violations. To safeguard against these risks, organizations must conduct…
contact

Our Team

Name(Required)
This field is for validation purposes and should be left unchanged.
On Load
Where? .serviceMM
What? Mega Menu: Services