Slammed for the lack of users’ privacy and security by the U.S. Federal Bureau of Investigation (FBI) and cybersecurity experts, video meeting app Zoom is also prone to hacking, a new report has claimed, saying an unpatched bug can let hackers steal users Windows password. The ‘Zoom client for Windows’ is vulnerable to the ‘UNC path injection’ vulnerability that could let remote attackers steal login credentials for victims’ Windows systems, reports TheHacckeNews. The attack involves the ‘SMBRelay technique’ wherein Windows automatically exposes a user’s login username and NTLM password hashes to a remote server, when attempting to connect and download a file hosted on it. Besides Windows credentials, the vulnerability can also be exploited to launch any programme present on a targeted computer. “Users are advised to either use an alternative video conferencing software or Zoom in your web browser instead of the dedicated client app,” said the report.

Source: The Hindu April 02, 2020 05:38 UTC