CERT-In or Computer Emergency Response Team, the country's top cyber security agency has found several security flaws in the popular video conferencing app Zoom. The country's nodal agency under the Ministry of Electronics and Information Technology has warned Zoom users of security vulnerabilities that can let a remote unauthenticated user join a Zoom video meeting without even appearing to other participants in the list of all participants in the video call.
This is what Zoom is calling improper access control vulnerability, according to reports. Zoom reported the security flaw a few days back on September 13 and CERT-In issued the advisory on September 19.
Also read: Beware! SOVA Trojan Virus Infecting Banking Apps, Can Encrypt Android Phones For Ransom
“These vulnerabilities exist due to improper access control implementation. A remote attacker could exploit these vulnerabilities to join a meeting they are authorised to join without appearing to the other participants or obtain the audio and video feed of a meeting they were not authorised to join and cause other meeting disruptions,” read an advisory by CERT-In.
CERT-In has advised also cautioned Zoom users to update to the latest version of the Zoom app to avoid any likely security issues. The security vulnerabilities have been dubbed CVE-2022-28758, CVE-2022-28759, and CVE-2022-28760, and they affect Zoom's On-Premise Meeting Connector MMR before version 4.8.20220815.130.
This comes amid reports that Zoom is planning to debut its own email and calendar services, possibly as soon as its Zoomtopia conference for customers in November, a recent report said citing a person with direct knowledge of the company's plans.
Meanwhile, a new banking virus has been recently identified by CERT-In which has the capability to compromise sensitive consumer data and harm large-scale financial frauds is on the prowl. The banking Trojan virus is named SOVA and it can also stealthily encrypt an Android smartphone user's device for ransom.