Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Zoom. Show all posts
Zoom Security
Data Data Breach Data Consent Privacy Safety Secure Security Zoom Zoom Security

Zoom Refutes Claims of AI Training on Calls Without Consent

 

Zoom has revised its terms of service following concerns that its artificial intelligence (AI) models were being trained on customer calls without consent, leading to a backlash. 

In response, the company clarified in a blog post that audio, video, and chats would not be utilized for AI purposes without proper consent. This move came after users noticed modifications to Zoom's terms of service in March, which raised worries about potential AI training.

The video conferencing platform took action to enhance transparency, asserting that it had introduced changes to address the concerns. 

In June, Zoom introduced AI-powered features, including the ability to summarize meetings without recording the entire session. These features were initially offered as a free trial.

However, experts raised concerns that the initial phrasing of the terms of service could grant Zoom access to more user data than necessary, including content from customer calls. 

Data protection specialist Robert Bateman expressed apprehension about the broad contractual provisions that granted considerable data usage freedom to the service provider.

Zoom later amended its terms to explicitly state that customer consent is required for using audio, video, or chat content to train their AI models. This alteration was made to ensure clarity and user awareness.

AI applications are software tools designed to perform intelligent tasks, often mimicking human behavior by learning from vast datasets. Concerns have arisen over the potential inclusion of personal, sensitive, or copyrighted material in the data used to train AI models.

Zoom, like other tech companies, has intensified its focus on AI products to keep up with the growing interest in the technology. The Open Rights Group, a digital privacy advocacy organization, cautioned against Zoom's approach of launching AI features as a free trial and encouraging customer participation, deeming it more alarming due to potential opacity in its privacy policy.

A spokesperson for Zoom reiterated that customers retain the choice to enable generative AI features and decide whether to share content with Zoom for product improvement. 

The company's Chief Product Officer, Smita Hashim, emphasized that account owners and administrators can opt to activate the features and that those who do so will undergo a transparent consent process for AI model training using customer content. Screenshots displayed warning messages for users joining meetings with AI tools, offering the option to consent or exit the meeting.
Read more »
Zoom
Digital media Social Media Technology Zoom

Zoom Boss Greg Tomb Fired ‘Without Cause’

Zoom, the video conferencing platform that many people use to work from home, has terminated the contract of its President, Greg Tomb. Tomb was in charge of sales and had been involved in the company's financial calls. But, Zoom has confirmed that it will not hire anyone else for the position, and Tomb's exit was not because of anything he did wrong, the company said. 

Tomb reported directly to Zoom's CEO, Eric Yuan, who founded the company in 2011 and is credited with making Zoom so popular during the pandemic. Millions of people worldwide used Zoom to keep in touch while staying home. 

In April 2020, the company boasted 300 million daily participants on its video calls, including virtual weddings and funerals. However, Zoom has struggled to keep up its success, just like many other tech companies, and had to lay off over a thousand employees earlier this year. 

Despite tripling its workforce during the pandemic, the company cut 15% of its staff because of a decrease in demand. Yuan has admitted that the company did not have enough time to analyze its teams and decide if they were working towards its goals. 

As companies look to cut costs during the economic downturn, Zoom may lose out to other services such as Google Meet, Microsoft Teams, and Slack. In response, Zoom is trying to diversify its offerings. 

It announced plans to add email and calendar features last year and launched a chatbot to help users with issues. Zoom is also developing Zoom Spots, which are virtual co-working spaces that allow hybrid teams to work together. 

In an email to employees, the CEO wrote, "As the CEO and founder of Zoom, I am accountable for these mistakes and the actions we take today. To that end, I am reducing my salary for the coming fiscal year by 98 percent and foregoing my FY23 corporate bonus. Members of my executive leadership team will reduce their base salaries by 20 percent for the coming fiscal year while also forfeiting their FY23 corporate bonuses." 

Zoom became famous because it helped people stay connected while working from home during the pandemic. However, it's been tough for Zoom to keep up with its success, and they had to lay off staff. They're also facing tough competition from other video conferencing services like Google Meet, Microsoft Teams, and Slack.

Zoom is trying to offer new services like email and calendar features and virtual co-working spaces to attract customers. It's still unclear if Zoom can compete in the crowded video conferencing market. 

Read more »
Zoom
Ad Blocking Adobe Google Ads GPU malware Phishing Attacks Racoon Stealer Zoom

Cybercriminals Use Google Ads to Deploy Malware

 

Hackers are utilizing the Google Ads service more consistently than ever before to transmit malware. As soon as the victims click the download link on the threat actors' fake versions of the official websites, trojanized software is distributed. 

Grammarly, MSI Afterburner, Slack, Dashlane, Malwarebytes, Audacity, Torrent, OBS, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird, and Brave are some of the companies impersonated in these operations.

Raccoon Stealer, a modified variant of Vidar Stealer, and the IcedID loader are two examples of malware propagating to victims' systems. As a result, anyone looking for reliable software on a site with no active ad blocker will see commercials first and be more inclined to click on them because they closely resemble the search result.

Threat actors use a method in that phase to get beyond Google's automatic checks. If Google determines that the launch site is malicious, the operation is blocked and the advertisements are withdrawn. The trick, according to Guardio and Trend Micro, is to send users who click on the advertisement to a malicious site imitating the software project from a relevant but innocuous site made by the threat actor.

Vermux, a threat group, was discovered employing a significant number of masquerAds websites and domains, mainly operating out of Russia, to target GPUs and cryptocurrency wallets owned by Americans.

According to the researchers, in October they came across a malvertising operation where hackers, identified as DEV-0569, utilized Google Ads to send consumers to a malicious file download page. Microsoft claimed that it informed Google about the traffic distribution network abuse.

As per Microsoft, the techniques enable the group to reach more people and increase the number of victims. From August through October, Microsoft observed the threat actor distributing the BATLOADER malware using phishing emails that seemed to be genuine installers for various programs, including TeamViewer, Adobe Flash Player, Zoom, and AnyDesk. 

Use the necessary safety protocols such as an ad-blocker on your browser to block these campaigns by prohibiting Google Search sponsored results from appearing. Users should scroll down until they find the desired software project's official domain. Furthermore, a suspicious installer's unusually large file size is a red flag.  
Read more »
Zoom
Cloud based services Server Down Technology Zoom

Zoom Outage Rendered Services Unavailable

 

As per the latest updates, Zoom was down and unavailable for users worldwide and was preventing them from signing in or attending any meeting or webinar through it. 
 
People complained that they were unable to start or join any meetings and some also added that they were unable to manage their zoom services on websites. 

The users also mentioned that they were getting error pages displayed with text like “Sorry the page you are looking for is currently unavailable. Please try again later” “If you are the system administrator of this resource then you should check the error log for details, faithfully yours, Nginx.”

Zoom played a crucial role during the pandemic in recent years when the importance of cloud-based software, apps, and online activities was truly valued. During the global pandemic, people were stuck inside their homes and were forced to work, study, or communicate with family through screens. The application came as a savior, helping some people in being employed, and some in learning. 

During the investigation, the reports by Downdetector stated that the breakdown of Zoom was affecting numerous users worldwide. It was also noticed that early reports were majorly from the East coast of the US and the southern UK. 

The company itself verified and posted about the issue mentioned by the users on zoom’s service status page. The issue was figured out at 6:50 a.m., as per the reports. Zoom also kept updating throughout its investigation as it posted “we have identified the issue starting and joining meetings. We will continue to investigate and provide updates as we have them.” 

Zoom is a cloud-based platform allowing people to connect with each other worldwide through video conferencing or communication through collaboration. It provides virtual meetings by either audio or video or both modes. The app works on mobile, desktops, and laptops. 
 
The people facing the issue in zoom services let out a sigh of relief when the video conferencing company posted about the fixing of unavailable services on its status page on the 15th of September. “Everything should be working properly now! We are continuing to monitor the situation.” The CEO of Zoom tweeted, putting forth an apology for the disruption of the zoom services.
Read more »
Zoom Security
Mobile Security User Security Zero Click Exploit Zoom Zoom Security

Two Critical Zero-Day Bugs Identified in Zoom Users and MMR Servers

 

Two critical bugs in videoconferencing app 'Zoom' could have led to remote exploitation in users and MMR servers. Natalie Silvanovich of Google's Project Zero bug-hunting team on Tuesday released an analysis of the security bugs; the vulnerabilities were uncovered as part of an investigation after a zero-click attack was demonstrated at Pwn2Own.

The researcher spotted two different flaws, a buffer overflow issue that impacted both Zoom users and Zoom Multimedia Routers (MMRs), and the second one transmits audio and video content between clients in on-premise deployments. Additionally, the platform possessed a lack of Address Space Layout Randomization (ALSR), a security mechanism that helps to guard against memory corruption assaults.

"In the past, I hadn't prioritized reviewing Zoom because I believed that any attack against a Zoom client would require multiple clicks from a user," the researcher explained in a blog post. "That said, it's likely not that difficult for a dedicated attacker to convince a target to join a Zoom call even if it takes multiple clicks, and the way some organizations use Zoom presents interesting attack scenarios."

"ASLR is arguably the most important mitigation in preventing exploitation of memory corruption, and most other mitigations rely on it on some level to be effective," Silvanovich noted. "There is no good reason for it to be disabled in the vast majority of software." 

As MMR servers process call content including audio and video, the researcher says that the bugs are "especially concerning" – and with compromise, any virtual meeting without end-to-end encryption enabled would have been exposed to eavesdropping, 

As per recent reports, the vulnerabilities were reported to the vendor and patched on November 24, 2021, and Zoom has since enabled ASLR. While most video conferencing systems use open-source libraries such as WebRTC or PJSIP for implementing multimedia communications, Project Zero called out Zoom's use of proprietary formats and protocols as well as its high licensing fees (nearly $1,500) as barriers to security research.

"These barriers to security research likely mean that Zoom is not investigated as often as it could be, potentially leading to simple bugs going undiscovered," Silvanovich said. "Closed-source software presents unique security challenges, and Zoom could do more to make their platform accessible to security researchers and others who wish to evaluate it." 

Last year in November, Zoom rolled out automatic updates for the software's desktop customers on Windows and macOS, as well as on mobile. Previously, this feature was only accessible to business users.
Read more »
Zoom Security
patch fixes Pwn2Own 2021 Security patches Vulnerability and Exploits Zoom Zoom Security

Zoom Security Flaw: Now Hackers Can Take Control Of Your PC, Wait For Patch

 


Zoom security issues were lately troubling users worldwide, very often so. The Zoom video conferencing app was not in the limelight before the ongoing pandemic, however, since the inception of Covid-19, a lot has changed along with the ways of living, this was also the time when Zoom App underwent some regulatory security measures, owing to the suddenly enhanced reputation enjoyed by the app, as the work from home was necessitated by the pandemic. 

However, as of now, it is being observed that the security measures that had been taken a year ago are failing to secure users' data from threat actors.

Cybercriminals exploited a vulnerability and undertook a distant code execution (RCE) assault to take management of host PCs. The two Computest cyber safety intelligence observed the vulnerability on the Pwn2Own 2021 competition, organized by the Zero Day Initiative. The two Computest researchers Daan Keuter and Thijs Alkemade were awarded $200,000 for their findings. 

How does This work? 


Foremostly, the hacker has to be a part of the same organizational domain as the host PC’s user has to get permission from the host to join the meeting; When the attackers become part of a meeting, they will be able to execute a chain of three malware that will install an RCE backdoor on the victim’s PC. 

It can also be understood as — the threat actors can get access to your PC, and simultaneously will able to be able to implement remote commands that will then give access to your sensitive data.

Besides, what is even dangerous here is that the hackers can run their operations without the victim being required to do anything, therefore it is very essential to add more layers of security measures that can slow down the future operations of the attackers. 

The aforementioned operation runs on Mac, Windows, but on Zoom’s iOS and Android apps, it has not been checked yet. Notably, the browser version is safe. 

Currently, Zoom is yet to take measures, and the technical details of the attack have not been reported to the public, yet. Reportedly, the patch will arrive on Zoom for Mac and Windows within the next 90 days. 

Read more »
Zoom
Cyber Security Pwn2Own 2021 ZDI Zoom

Pwn2Own 2021 Will Also Cover Zoom, MS Teams Exploits

 

Trend Micro's Zero Day Initiative (ZDI) on Tuesday announced the targets, prizes, and rules for the Pwn2Own Vancouver 2021 hacking competition. Pwn2Own Vancouver ordinarily happens during the CanSecWest conference in Vancouver, Canada, but because of the Covid pandemic, the current year's occasion will be hybrid — members can present their exploits remotely and ZDI staff in Toronto (Canada) and Austin (Texas) will run the exploits. The attempts will be live-streamed on YouTube and Twitch.

The prize pool for Pwn2Own 2021 surpasses $1.5 million in cash and other prizes, including a Tesla Model 3. The vehicle is being offered to individuals who take an interest in the automotive category. In this category, in addition to the vehicle, hackers can procure up to $600,000 for hacking a Tesla. There are three difficulty levels in this category and the Model 3 is being offered in every one of them. 

ZDI has likewise declared another category for the forthcoming occasion. As a feature of the new enterprise communications category, participants can acquire up to $200,000 for demonstrating exploits against Zoom or Microsoft Teams. “As the workforce moves out of the office and goes remote, the tools needed to support that change become greater targets. That’s one reason we added this new category and teamed up with Zoom to have them in the contest. Microsoft Teams will also be a target. A successful demonstration of an exploit in either of these products will earn the contestant $200,000 – quite the payout for a new category,” reads the announcement published by ZDI. “A successful attempt in this category must compromise the target application by communicating with the contestant. Example communication requests could be audio call, video conference, or message,” ZDI said. 

Different categories incorporate virtualization, with a top prize of $250,000 for Microsoft Hyper-V client exploits, an internet browser category, with a top prize of $150,000 for Chrome and Edge exploits, an enterprise application category, with the greatest prize of $100,000 for Microsoft 365 exploits, a server category, with up to $200,000 offered for Microsoft Exchange and Windows RDP exploits, and a local privilege escalation category, with $40,000 being the top prize for Windows 10 exploits.
Read more »
Zoom
COVID-19. Online Classes Pinterest Technology Zoom

Pinterest soon to join the Online Classes Plethora

 

With 400 Million monthly active users (a 30% increase from last year), Pinterest is gaining foot among millennials and Gen Z. And their secret of success is their creative interface and their constant new features that attract Gen Z to the platform for future growth, learning, and inspiration. And thus, the photo-sharing social app is aired to be testing online events where users can sign up for Zoom classes by creators. 

The organization confirmed that the feature is undergoing tests with selected users but didn't comment further either on the confirmation or the launch. 

The creators can organize lessons through Pinterest’s class boards, manage class materials, notes, and other resources, and connect through a group chat option. The classes would work through communities- similar to pinboards, if a user wants to join a class, they'll have to click on a sign (a book) to join and they will be mailed with the class detail and zoom link. The communities will be a space to inform about notes, photos, class overview, description, group chat, and more. like lists of what to bring to class, notes, photos, and more. 

The feature was discovered by reverse engineer Jane Manchun Wong on Tuesday by looking into class details. Though, she adds that clicking on these links results in nothing as the feature is not yet active. There are some demo profiles that you can check out: “@pinsmeditation” or “@pinzoom123,” but their communities are empty.

 "We are experimenting with ways to help creators interact more closely with their audience," a Pinterest spokesperson said in a statement. 

 The social media company is constantly on the rise with 442 million global monthly users and a 50 percent increase in Gen Z loggers. Their Q3 revenue rose to 58 percent and a 60 percent increase is expected in Q4. With these numbers, it is no shock that the company will invest in new features and quirks for their users, and what could be more beneficial than online classes during a worldwide pandemic. As Pinterest commented, "We continue to navigate uncertainty given the ongoing COVID-19 pandemic and other factors".
Read more »
Subscribe to: Posts (Atom)