Tuesday, May 28, 2024

A New Zoom URL Flaw Let Hackers Mimic Organization’s Invitation Link

Zoom is a popular video conferencing software across the globe that are used by individuals across the globe to work from and to stay in touch with friends and family.

Checkpoint found a new vulnerability with Zoom that let attackers conduct successful phishing attempts. The vulnerability has been reported to Zoom and fixes issued.

Zoom Flaw With Vanity URL

The vulnerability resides with ‘Vanity URL,’ which is an option in Zoom, used to create a custom URL for your company. The custom URL should be like yourcompany.zoom.us instead of the regular one.

The vulnerability allows an attacker to impersonate an organization’s Vanity URL link and send invitations which appeared to be legitimate to trick a victim.

Also, the attacker can redirect the victim to enter the meeting ID into the malicious Vanity URL than the actual web interface to join the session.

“The security issue is focused on the sub-domain functionalities described above. There are several ways to enter a meeting containing a sub-domain, including using a direct sub-domain link containing the meeting ID, or using the organization’s customized sub-domain web UI,” Checkpoint said.

Two possible scenarios;

An attacker could change the invitation link URL to include any registered sub-domain of their choice, an original invitation link was https://zoom[.]us/j/7470812100 attacker can change to https://[.]zoom[.]us/j/7470812100.

They can also change from /j/(Join) to /s/(Sign in), upon receiving this victim has no clue of knowing the invitation did not come from the actual organization.

Another way is targeting the dedicated web UI, some organizations have dedicated sub-domain web UI for entering a meeting.

An attacker could also target this dedicated interface and redirect the user to enter the meeting into malicious Vancity URL, hereby the victim had no way of knowing the invitation did not come from the legitimate organization.

The attacks would result in a successful phishing attempt which would allow attackers to harvests sensitive information such as login credentials and other fraud actions.

“Our partnership with Zoom has provided Zoom users globally with a safer, simpler, and seamless communication experience,” said Adi Ikan, Network Research & Protection Group Manager in Check Point.

Earlier this month Zoom patched another “0day” flaw that let attackers execute arbitrary code on Windows computer.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily

Malicious traffic floods targeted systems, servers, or networks in Distributed Denial of Service (DDoS)...

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME desktop manager was equipped with a new feature which allowed remote users to...

Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

Today marks a significant milestone for Malcat users with the release of version 0.9.6,...

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software's web-based...

Hackers Exploit WordPress Plugin to Steal Credit Card Data

Hackers have exploited an obscure WordPress plugin to inject malware into websites, specifically targeting...

Google Patches Chrome Zero-Day: Type Confusion in V8 JavaScript

Google has released a patch for a zero-day exploit in its Chrome browser.The...

Hackers Created Rogue VMs in Recent MITRE’s Cyber Attack

State-sponsored hackers recently exploited vulnerabilities in MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE).They...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles