Zoom users told to Update device after Vulnerabilities unearthed

Fault in Zoom's stars...


After discovering vulnerabilities that allow a remote attacker to exploit the app, the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) advised users of the video-telephony platform, Zoom, to install the most recent update from its publisher’s official website.

Zoom was determined to have multiple weaknesses by the Indian Computer Emergency Response Team, according to a report published yesterday by NCC-CSIRT.

After the COVID-19 epidemic, the platform gained traction for virtual meetings, with more than 300 million daily users.

“A remote attacker might exploit the vulnerabilities to circumvent implemented security measures and cause a denial of service on the targeted machine,” the NCC-CSIRT report states.

Remote Monitoring and Management, why not to do it

These flaws were introduced in Zoom On-Premises Meeting Connector MMR prior to version 4.8.20220815.130 due to improper access control implementation.

These holes could be used by a remote attacker to sneak into a meeting they weren’t supposed to attend without being detected by other participants. Additionally, they have the ability to eavesdrop on other sessions and obtain audio and video feeds from meetings they weren’t allowed to join.

An unauthorized remote authenticated user could circumvent implemented security restrictions on the targeted system with a successful exploit of these vulnerabilities.

The NCC established the CSIRT as the telecom sector’s cyber security incident center to concentrate on incidents in the telecom sector and as they may affect telecom users and the general public.

The Federal Government established the Nigeria Computer Emergency Response Team (ngCERT) with the goal of reducing the frequency of future computer risks incidents by preparing, safeguarding, and securing Nigerian cyberspace to prevent attacks, problems, or related events works in tandem with CSIRT to achieve this goal.

Leave A Reply

Your email address will not be published.