System & Network Scanning
Find vulnerabilities in your entire infrastructure.
Web Application Scanning
Find vulnerabilities in your web apps and APIs.
Phishing & Awareness Training
Increase resilience against social engineering.
Efficient and secure in the cloud.
Installed in your infra with local storage.
System & Network Scanning
Systems, IoT, OT, SCADA etc.
Web App Scanning
All web apps and APIs.
Build your human firewall.
April 16, 2020
As we strive for social distancing and our governments recommend quarantine measures, many of us are looking for effective ways to communicate. Teachers stand in front of a digital class; birthdays are celebrated via video and business lunches are taken in front of the camera. Thanks to its ease of use and an attractive licensing model, Zoom has quickly grown in popularity. Due to the enormous increase in the number of users, it is now unfortunately visible that the developers have left some stitches around the security of the application and the privacy of the users.
So far it can be said that the Zoom team has reacted very quickly to the criticism and discoveries. As with other services, such updates will not resolve every complaint immediately, but several challenges are well worth reviewing and implementing where possible. In this blog, I come with a number of tips to apply improvements yourself.
A Zoom account works just like any other account you use. So here too the basic principles of account protection apply. Use a strong and unique password and protect your account with two-factor authentication, making the account more difficult to hack.
Another notable Zoom setting: after you register, in addition to a personal login and password, you get a Personal Meeting ID. Do not make it public. It is made very easy for us to leak these personal Meeting IDs via social media, for example. So be careful with the use of public meetings and the combination with your Personal Meeting ID.
A strange bug with Zoom (which was not resolved at the time of writing) is causing the service to link email addresses from the same domain. A type of service can be compared to LinkedIn ("People you may know"). Very useful when it comes to well-known organizations, but inconvenient when it comes to public email providers. This has happened, for example, to users who have registered a Zoom account with the domain name "yandex.kz", a public email service in Kazakhstan. It is not excluded that this can also happen with domain names belonging to smaller public e-mail providers.
Therefore, use your work e-mail to register with Zoom. If you don't have a corporate email, use an account with a known public domain to keep your personal contact information private.
Kaspersky security researchers have discovered an explosive increase in the number of malicious files shared with names of popular video conference services (Webex, GoToMeeting, Zoom, and others) in March. That most likely means that hackers are ramping up their activities based on the popularity of Zoom and other apps, trying to cloak malware as video conference messages or files.
So don't fall for it! Use Zooms's official website - zoom.us - to safely download Zoom.
Setting a meeting password remains the best way to ensure that only people who are invited are present. Zoom recently turned on its password protection by default - a great move. Please note, do not confuse the meeting password with the password of your Zoom account. Never share the Zoom password via social media.
Another setting that gives more control over the meeting is the Waiting Room feature - recently turned on by default. Have participants wait in a "waiting room" for the host to approve them all. This gives the opportunity to determine who will participate in the meeting. This keeps uninvited participants outside the meeting.
It applies to any video conference service. Take the time to think about what people will see or hear when you join a conversation. Even if you work from home, always have clean pajamas and take out personal items.
The same goes for the screen if you plan to share it. Close any windows you don't want others to see and make sure that unnecessary documents and applications are turned off. This includes pop-ups of new e-mails and Slack messages.
Holm Security delivers unparalleled 360-degree coverage and comprehensive insight to enable you to detect vulnerabilities, assess risk, and prioritize remediation for every asset in your entire infrastructure. We provide an all-in-one platform, covering three layers, with all the tools you need - regardless if you’re consolidating or implementing Vulnerability Management for the first time.