Tuesday, November 12, 2024
HomeVulnerabilityA New Zoom URL Flaw Let Hackers Mimic Organization’s Invitation Link

A New Zoom URL Flaw Let Hackers Mimic Organization’s Invitation Link

Published on

Malware protection

Zoom is a popular video conferencing software across the globe that are used by individuals across the globe to work from and to stay in touch with friends and family.

Checkpoint found a new vulnerability with Zoom that let attackers conduct successful phishing attempts. The vulnerability has been reported to Zoom and fixes issued.

Zoom Flaw With Vanity URL

The vulnerability resides with ‘Vanity URL,’ which is an option in Zoom, used to create a custom URL for your company. The custom URL should be like yourcompany.zoom.us instead of the regular one.

- Advertisement - SIEM as a Service

The vulnerability allows an attacker to impersonate an organization’s Vanity URL link and send invitations which appeared to be legitimate to trick a victim.

Also, the attacker can redirect the victim to enter the meeting ID into the malicious Vanity URL than the actual web interface to join the session.

“The security issue is focused on the sub-domain functionalities described above. There are several ways to enter a meeting containing a sub-domain, including using a direct sub-domain link containing the meeting ID, or using the organization’s customized sub-domain web UI,” Checkpoint said.

Two possible scenarios;

An attacker could change the invitation link URL to include any registered sub-domain of their choice, an original invitation link was https://zoom[.]us/j/7470812100 attacker can change to https://[.]zoom[.]us/j/7470812100.

They can also change from /j/(Join) to /s/(Sign in), upon receiving this victim has no clue of knowing the invitation did not come from the actual organization.

Another way is targeting the dedicated web UI, some organizations have dedicated sub-domain web UI for entering a meeting.

An attacker could also target this dedicated interface and redirect the user to enter the meeting into malicious Vancity URL, hereby the victim had no way of knowing the invitation did not come from the legitimate organization.

The attacks would result in a successful phishing attempt which would allow attackers to harvests sensitive information such as login credentials and other fraud actions.

“Our partnership with Zoom has provided Zoom users globally with a safer, simpler, and seamless communication experience,” said Adi Ikan, Network Research & Protection Group Manager in Check Point.

Earlier this month Zoom patched another “0day” flaw that let attackers execute arbitrary code on Windows computer.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

VMware Workstation & Fusion Now Available for Free to All Users

VMware has announced that its popular desktop hypervisor products, VMware Workstation and VMware Fusion,...

Dell Enterprise SONiC Flaw Let Attackers Hijack the System

Dell Technologies has disclosed multiple critical security vulnerabilities in its Enterprise SONiC OS, which...

Amazon Confirms Employee Data Breach Via Third-party Vendor

Amazon has confirmed that sensitive employee data was exposed due to a breach at...

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Dell Enterprise SONiC Flaw Let Attackers Hijack the System

Dell Technologies has disclosed multiple critical security vulnerabilities in its Enterprise SONiC OS, which...

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability...

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...