Saturday, December 2, 2023

A New Zoom URL Flaw Let Hackers Mimic Organization’s Invitation Link

Zoom is a popular video conferencing software across the globe that are used by individuals across the globe to work from and to stay in touch with friends and family.

Checkpoint found a new vulnerability with Zoom that let attackers conduct successful phishing attempts. The vulnerability has been reported to Zoom and fixes issued.

Zoom Flaw With Vanity URL

The vulnerability resides with ‘Vanity URL,’ which is an option in Zoom, used to create a custom URL for your company. The custom URL should be like yourcompany.zoom.us instead of the regular one.

The vulnerability allows an attacker to impersonate an organization’s Vanity URL link and send invitations which appeared to be legitimate to trick a victim.

Also, the attacker can redirect the victim to enter the meeting ID into the malicious Vanity URL than the actual web interface to join the session.

“The security issue is focused on the sub-domain functionalities described above. There are several ways to enter a meeting containing a sub-domain, including using a direct sub-domain link containing the meeting ID, or using the organization’s customized sub-domain web UI,” Checkpoint said.

Two possible scenarios;

An attacker could change the invitation link URL to include any registered sub-domain of their choice, an original invitation link was https://zoom[.]us/j/7470812100 attacker can change to https://[.]zoom[.]us/j/7470812100.

They can also change from /j/(Join) to /s/(Sign in), upon receiving this victim has no clue of knowing the invitation did not come from the actual organization.

Another way is targeting the dedicated web UI, some organizations have dedicated sub-domain web UI for entering a meeting.

An attacker could also target this dedicated interface and redirect the user to enter the meeting into malicious Vancity URL, hereby the victim had no way of knowing the invitation did not come from the legitimate organization.

The attacks would result in a successful phishing attempt which would allow attackers to harvests sensitive information such as login credentials and other fraud actions.

“Our partnership with Zoom has provided Zoom users globally with a safer, simpler, and seamless communication experience,” said Adi Ikan, Network Research & Protection Group Manager in Check Point.

Earlier this month Zoom patched another “0day” flaw that let attackers execute arbitrary code on Windows computer.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles