Saturday, December 2, 2023

A New Zoom URL Flaw Let Hackers Mimic Organization’s Invitation Link

By Guru baran

Zoom URL Flaw

Zoom is a popular video conferencing software across the globe that are used by individuals across the globe to work from and to stay in touch with friends and family.

Checkpoint found a new vulnerability with Zoom that let attackers conduct successful phishing attempts. The vulnerability has been reported to Zoom and fixes issued.

Zoom Flaw With Vanity URL

The vulnerability resides with ‘Vanity URL,’ which is an option in Zoom, used to create a custom URL for your company. The custom URL should be like yourcompany.zoom.us instead of the regular one.

The vulnerability allows an attacker to impersonate an organization’s Vanity URL link and send invitations which appeared to be legitimate to trick a victim.

Also, the attacker can redirect the victim to enter the meeting ID into the malicious Vanity URL than the actual web interface to join the session.

“The security issue is focused on the sub-domain functionalities described above. There are several ways to enter a meeting containing a sub-domain, including using a direct sub-domain link containing the meeting ID, or using the organization’s customized sub-domain web UI,” Checkpoint said.

Two possible scenarios;

An attacker could change the invitation link URL to include any registered sub-domain of their choice, an original invitation link was https://zoom[.]us/j/7470812100 attacker can change to https://[.]zoom[.]us/j/7470812100.

They can also change from /j/(Join) to /s/(Sign in), upon receiving this victim has no clue of knowing the invitation did not come from the actual organization.

Another way is targeting the dedicated web UI, some organizations have dedicated sub-domain web UI for entering a meeting.

An attacker could also target this dedicated interface and redirect the user to enter the meeting into malicious Vancity URL, hereby the victim had no way of knowing the invitation did not come from the legitimate organization.

The attacks would result in a successful phishing attempt which would allow attackers to harvests sensitive information such as login credentials and other fraud actions.

“Our partnership with Zoom has provided Zoom users globally with a safer, simpler, and seamless communication experience,” said Adi Ikan, Network Research & Protection Group Manager in Check Point.

Earlier this month Zoom patched another “0day” flaw that let attackers execute arbitrary code on Windows computer.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Managed WAF Protection

Website

Latest articles

Chrome

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...
CVE/vulnerability

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...
Cyber Security News

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...
Cyber Security News

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...
CVE/vulnerability

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...
cyber security

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...
cryptocurrency

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...
Guru baran
Guru baranhttps://gbhackers.com

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Register Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

[email protected]