Skip to main content

Hackers Are Selling Windows Zoom Zero-Day Exploit for $500,000


Earlier this month multiple vulnerabilities discovered with Zoom’s Windows and macOS clients, those vulnerabilities allow attackers to escalate privileges with macOS and to steal login credentials with windows.
Following that various sources confirmed that attackers selling Zoom login credentials, meeting IDs, names and host keys in the hacking forums.





Zoom Zero-Day Exploit for $500,000

  • Motherboard reported that now hackers started selling zero-day exploits on the dark web forums, by exploiting the vulnerability attackers can hack and spy users.
  • Adriel Desautels, founder of Netragard said that “From what I’ve heard, there are two zero-day exploits in circulation for Zoom One affects OS X and the other Windows”.
  • Multiple anonymous sources confirmed the existence of the exploits on the hacker’s forums, the exploit code was not yet analyzed, but the brokers offering sales has been contacted.
  • The zero-day for the Zoom Windows app is advertised for $500,000, for the exploit to work the attacker needs to be in a call with the target client.
  • By exploiting the RCE bug with windows attacker can gain complete control of the target machine, not only the app.
  • The bug with a macOS client allows attackers to inject the Zoom installer with malicious code to obtain the highest root privileges.
  • The bugs were not yet fixed, Zoom said in a statement that “security extremely seriously. Since learning of these rumors, we have been working around the clock with a reputable, industry-leading security firm to investigate them.”
  • Users are recommended not to make the meetings public or don’t share the meeting links in social media and make sure that your meetings have a password enabled.
  • Zoom also recently makes a change that it will not display meeting ID on the title toolbar, instead title will be marked as Zoom.
  • Zoom is an online video communication platform that has features such as video conferencing, online meetings, chat, and mobile collaboration.

Comments

Post a Comment

Popular posts from this blog

Alert for Weaponized TeamViewer Installer that delivers njRAT

Alert for Weaponized TeamViewer Installer that  delivers  njRAT   Hazard actors relying on legitimate, 9aaf3f374c58e8c9dcdd1ebf10256fa5 software Team Viewer for exploitation has been a totally commonplace situation. There have been numerous cases in which risk actors used 9aaf3f374c58e8c9dcdd1ebf10256fa5 software to deliver malware to the sufferers. In addition, a latest file from Cyble research & Intelligence Labs stated that the maximum popularly used remote computing device support software program, “Team Viewer” has been exploited by threat actors to deliver njRAT malware. Other software that become turning in njRAT malware include Wireshark, system Hacker, and so on., NJ RAT is a far flung get admission to Trojan that could perform keylogging, password stealing, facts exfiltration, gaining access to webcams, and microphones, downloading extra documents, and plenty of others. It changed into first determined in 2012 and was attacking companies in middle Japanese c...
Post a Comment
Read more

SIM swap attack permits Hackers Port a phone quantity to a brand new SIM to Hack WhatsApp & Evasion 2FA.

SIM swap attack permits Hackers Port a phone quantity to a brand new SIM to Hack WhatsApp & Evasion 2FA. Cybercriminals are actively performing SIM swap attacks in diverse international locations to bypass 2 things Authentication and to compromise the numerous social media apps which include WhatsApp through porting a sufferer’s smartphone number to a brand new SIM card. This widespread assault brought on economic damages, stolen credentials, and seizes OTPs to bypass victims’ online money owed. There are various fraud facilities and thousands of operators are running round the arena to seamlessly port a cell phone wide variety to a new SIM with an excessive achievement ratio.   In this situation, countries like Brazil and Mozambique have an excessive fee of SIM swap fraud the use of various social engineering strategies, and phishing attacks. A hit tries of this assault allow fraudsters take manage of clients’ telephone numbers with a purpose to get hold of mobile money tran...
Post a Comment
Read more

Former protection Engineer Arrested for Stealing $9 Million from Crypto alternate.

  Former protection Engineer arrested for stealing $9 Million from Crypto alternate. Shakeeb Ahmed, a former safety engineer, has been arrested for defrauding a decentralized crypto trade and stealing over $nine million. A digital currency trading, also known as a crypto currency alternate (DCE), is an enterprise that permits individuals to trade crypto currencies or digital currencies for different property, inclusive of conventional fiat money or other digital currencies. This marks the first crook case involving a smart agreement operated via a decentralized alternate. Vulnerability in Crypto exchange’s clever Contracts In July 2022, Ahmed took gain of vulnerability in clever contracts and inserted fake pricing facts, ensuing in fraudulent gains of about $9 million. He also utilized “flash loans” to defraud the crypto trade. Using his specialised capabilities as a senior protection engineer, he forcefully carried out the assault through reverse engineering smart contracts ...
Post a Comment
Read more