Security Newsletter

06 April 2020

New Zoom Hack Lets Hackers Compromise Windows and Its Login Password, Contacts Feature Leaks Email Addresses and Photos

Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic overnight made it one of the most favorite communication tool for millions of people around the globe. No doubt, Zoom is an efficient online video meeting solution that's helping people stay socially connected during these unprecedented times, but it's still not the best choice for everyone—especially those who really care about their privacy and security.

The Zoom video conferencing software for Windows has shown vulnerable to a classic 'UNC path injection' vulnerability that could allow remote attackers to steal victims' Windows login credentials and even execute arbitrary commands on their systems.

Zoom has already been notified of this bug and released an updated version if it software to patch recently reported multiple security issues, including UNC path injection.

This is not the only issue to have been uncovered in Zoom video conferencing software over the past couple of days, raising privacy and security concerns among millions of users. The FBI is warning zoom users of the "Zoom-Bombing" attack after some people find a way to sneak their way into unsuspecting meetings and online gatherings and bombarded them with pornographic images or racist comments.

Earlier this year, Zoom also patched another privacy bug in its software that could have let uninvited people join private meetings and remotely eavesdrop on private audio, video, and documents shared throughout the session. Last week, Zoom updated its iOS app after it was caught sharing users' device information with Facebook, raising legitimate concerns over app users' privacy.

 

New Marriott Data Breach Affecting Up to 5.2 Million Guests

Marriott International today revealed that the personal information of roughly 5.2 million hotel guests was impacted in a data breach incident detected at the end of February 2020.

"At the end of February 2020, we noticed that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property," the company said in a statement. "We believe this activity started in mid-January 2020. Upon discovery, we immediately ensured the login credentials were disabled, began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests."

Although an investigation of this incident is ongoing, Marriott says that currently there is no "reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers." What it might include is contact details (name, email, mailing address, phone number), loyalty account information, additional PII (company, gender, birthday), partnerships and preferences.

This is the second data breach Marriott has reported in the last two years as the company also announced in November 2018 that its Starwood Hotels booking database was breached.

 

More #News

 

#Patch Time!

 

#Tech and #Tools

This content was created by Kindred Group Security. Please share if you enjoyed!

Kindred Group in brief

Kindred is one of the largest online gambling companies in the world with a diverse team of 1,600 people serving over 26 million customers across Europe, Australia and the US. We offer pre-game and live Sports betting, Poker, Casino and Games through 11 brands across our markets. We are committed to offer our customers the best deal and user experience possible, while ensuring a safe and fair gambling environment. Kindred is a pioneer in the online gambling industry and is an innovation driven company that builds on trust.