Zoom RCE…Time to Patch
How does this work exactly? Thinking about attack vectors.
--
One of my stories on Data Breaches.
Free Content on Jobs in Cybersecurity | Sign up for the Email List
Google Project Zero, always the source of amazing security research, found a flaw in Zoom that lets attackers download malware to your machine using the chat window. Basically, attackers will insert attack strings into the chat window to try to get get the systems involved in running Zoom to do something unexpected that allows them to deliver malware to your machine.
I’m sending out this PSA because so many people use Zoom — including the people who call to ask me cybersecurity questions through IANS Research. It’s time to update your Zoom client…again. People that call me at IANS may wonder why I don’t use Zoom and only use the phone. This is just one of the reasons. :)
Others may wonder why I don’t like to use Slack and similar forms of communication, a constant network connection between my computer, a network and through that network linked to a bunch of other computers and people I may or may not trust.
Yes, these systems should be secure and they are definitely fine to use, as long as you continuously monitor and keep systems up to date. But they do introduce an additional risk into your environment. This attack demonstrates the concern nicely. So does the fact that I was able to create a C2 channel using Slack and a Wordpress attack. That’s just one of many variations on a theme of using existing network paths and communications to deliver malware or commands to a remote system.
These types of security-minded thoughts led to my research into installing Zoom on a locked down cloud VM (an AWS Workspace). When I used this method, I used a stand-alone account and credentials as well. If someone got into this account there wouldn’t be much to see. Move along… Of course, someone could install crypto-miners if things go terribly wrong, so I set budget. and other alerts to…
