Warning on COVID-19 scams
6 April 2020 - Yucel Cifci
Zoom security fix
Zoom has now released an update to address the issue discussed below. Zoom has advised that an automatic prompt to update Zoom will appear when you next go to use the platform. If this does not occur automatically, use this link to manually initiate the update.
The latest version of Zoom that includes the security fix is version 4.6.9. Ensure you are on this version when you next use the Zoom platform.
3 April 2020 - Yucel Cifci
Zoom security vulnerability identified
With video platforms now an essential part of a work-from-home toolset you need to be careful of any vulnerabilities that they may present. The Zoom platform is one platform which has seen a significant uptake. A security vulnerability has been identified on the Zoom platform which can lead to logon credentials being hacked. The vulnerability allows hackers to send a malicious link through the chat session to a user and gain access to the users network credentials. This vulnerability exists in the windows (not web) version of the product.
For those needing to use this platform, until the vulnerability is resolved, we would suggest the following:
Use the Zoom web version (via the browser) to join the meeting
Do not use chat during the Zoom session
If a chat is initiated by the other party, do not click on any links that may be sent through - discontinue the chat.
For internal meetings, we believe the risk to be minimal, however, we suggest being very careful when you have external parties on the call. Where possible avoid the Zoom platform until the issue is address by Zoom.
The Australian Competition & Consumer Commission (ACCC) has posted the following information:
Australians should be aware scammers are adapting existing technology to play on people’s fears around coronavirus and selling products claiming to prevent or cure the virus.
Since 1 January 2020, the ACCC’s Scamwatch has received 94 reports of scams about coronavirus, but warns figures are starting to climb.
Scamwatch has received multiple reports of phishing scams sent via email or text message that claim to be providing official information on coronavirus but are attempts to try and obtain personal data.