Set as Homepage - Add to Favorites

【Sorority (2025)】

Source:Prosperous Times Information Network Editor:Science Time:2025-06-26 01:43:26

Zoom,Sorority (2025) the videoconferencing software that's skyrocketed in popularity as much of the globe sits at home due to the coronavirus outbreak, is quickly turning into a privacy and security nightmare.

BleepingComputer reports about a newly found vulnerability in Zoom that allows an attacker to steal Windows login credentials from other users. The problem lies with the way Zoom's chat handles links, as it converts Windows networking UNC (Universal Naming Convention) paths into clickable links. If a user clicks on such a link, Windows will leak the user's Windows login name and password.

The good thing is that the password is hashed; but the bad thing is that it is in many cases simple to reveal it using password recovery tools such as Hashcat.

The vulnerability was first found by security researcher @_g0dmode and verified by security researcher Matthew Hickey. Additionally, Hickey told the news outlet that this vulnerability can be used to launch programs on a victim's computer when they click on a link, though Windows will (by default) at least give a security warning before launching the program.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

As far as security vulnerabilities go, this one is pretty bad, as it doesn't require a lot of knowledge to exploit. It does require the victim to actually click on a link, and it can be mitigated by tinkering with Windows' security settings, but it's definitely something Zoom should fix by changing the way the platform's chat handles UNC links.

In the meantime, for a quick fix, go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers and set to "Deny all".

Mashable has contacted Zoom for comment on this story, and we'll update it when we hear back.

SEE ALSO: Zoom's iOS app no longer sends data to Facebook

This is not the only privacy/security-related issue that has been unearthed at Zoom in the past couple of weeks. Just yesterday, The Intercept reported that Zoom doesn't actually use an end-to-end encrypted connection for its calls, despite claiming to do so. There's also the issue of leaking users' emails and photos to unrelated parties, and the fact that the company's iOS app, until recently, sent data to Facebook for no good reason.

Zoom software also has a couple of worrying privacy features, and although this isn't Zoom's fault, it's worth noting that hackers are using the app's newfound popularity to trick users into downloading malware.

Topics Cybersecurity

Previous:No Really, You Don’t Need a Weatherman

Next:A Shoot-Em-Up for the Resistance

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

Dad pranks his son at school in the most embarrassing way possibleLizzo's version of 'Pomp and Circumstance' is the perfect graduation soundtrackSnapchat CEO's wedding was so secret we can't even find photos on the internetFeminine design is the next frontier of genderFacebook is valiantly trying but failing to moderate hate speech in some languages'I May Destroy You' is a defining moment for onThe Moto G Fast and Moto E are Motorola's new budget Android phones'The Help' becomes the most watched movie on NetflixFeminine design is the next frontier of genderNATO spouse photo includes a male leader's husband for the first timeSomeone found Forest Fenn's million dollar treasure in the RockiesJack Dorsey calls out Trump on Twitter over video copyrightEven scientists funded by Zuckerberg think Facebook is screwing up'Selma' creators out 2015 Oscar snub as Black Lives Matter retaliationHow to plan out your whole summer movie season during lockdownShirley Jackson biopic on Hulu is surprisingly fun and sexy: ReviewPresident Trump finally calls Portland attack 'unacceptable'—but slyly avoids his baseTesla workers reportedly test positive for COVIDUber is only legal in London for 4 more monthsAvatar creators need to be improved in video games. Here's why. IT workers blame employees for the biggest security vulnerabilities The Mega Sg makes Sega Genesis games worth collecting Bitcoin surges, hitting $5,000 for the first time this year England is burning a massive effigy of Donald Trump holding Hillary Clinton's head Facebook backs away from asking for some users' email passwords New 'Hobbs & Shaw' footage gets thunderous reaction at CinemaCon Elon Musk says Dogecoin is his favorite cryptocurrency America, you may be sleepwalking into a Trump presidency. Still. Google Duplex comes to Android and iOS, so you might actually use it now The screen on Sheryl Crow's Tesla goes black, Elon Musk saves the day Lincoln Aviator SUV returns with 28 'Downton Abbey' movie revolves around a royal visit Everything we learned about 'Cats' at CinemaCon 'Avengers: Endgame' CinemaCon footage is all about Captain Marvel Swiping is the new cheating—or is it? iPhone 11 to come with larger batteries for reverse wireless charging The Mannequin Challenge will actually make you miss planking Prince Harry wants 'Fortnite' banned from the UK 'The Chilling Adventures of Sabrina' makes a good witch go bad: Review John Legend's voice comes to Google Assistant on April 3

0.4694s , 8197.3125 kb

Copyright © 2025 Powered by 【Sorority (2025)】,Prosperous Times Information Network  

Sitemap

Top

Quick Links