[im] Hacking Zoom to Steal Windows Passwords
szabolcs kisspal
kisspal.sz at gmail.com
Fri Apr 3 14:04:58 CEST 2020
To protect your meeting, here are a few things you should do:
https://www.inc.com/jason-aten/hackers-are-trying-to-get-into-your-zoom-meetings-here-are-5-ways-to-stop-them.html
> 2020. ápr. 2. dátummal, 23:34 időpontban János Sugár <sj at c3.hu> írta:
>
> New Zoom Hack Lets Hackers Compromise Windows and Its Login Password
>
> https://thehackernews.com/2020/04/zoom-windows-password.html <https://thehackernews.com/2020/04/zoom-windows-password.html>
> /Š/
> According to cybersecurity expert @_g0dmode, the Zoom video conferencing software for Windows is vulnerable to a classic 'UNC path injection' vulnerability that could allow remote attackers to steal victims' Windows login credentials and even execute arbitrary commands on their systems.
>
> Such attacks are possible because Zoom for Windows supports remote UNC paths that convert potentially insecure URIs into hyperlinks when received via chat messages to a recipient in a personal or group chat.
>
> Confirmed by researcher Matthew Hickey and demonstrated by Mohamed Baset, the first attack scenario involves the SMBRelay technique that exploits the fact that Windows automatically exposes a user's login username and NTLM password hashes to a remote SMB server when attempting to connect and download a file hosted on it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.c3.hu/pipermail/intermedia-l/attachments/20200403/bce7a6b2/attachment.htm>
More information about the Intermedia-l
mailing list