InfoSecBulletin Cybersecurity for mankind
CERT-In issued a security advisory for multiple vulnerabilities in the Zoom app that could let attackers access sensitive information, escalate privileges, or disrupt service.
Vulnerabilities exist in various Zoom products, including the Zoom Workplace App, Zoom Rooms Client, and Zoom Video SDK, across multiple operating systems: macOS, iOS, Windows, Linux, and Android.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Many Zoom applications are affected by the these vulnerabilities notably those before version 6.2.0. Affected products include:
CIRT in address the vulnerability as Improper Input Validation (CVE-2024-45422), Buffer Overflow Vulnerability (CVE-2024-45421), Symlink Following (CVE-2024-45418), Uncontrolled Resource Consumption (CVE-2024-45420), Improper Input Validation and Information Disclosure (CVE-2024-45419), Uncontrolled Resource Consumption in macOS Installers (CVE-2024-45417.
The vulnerabilities in these products arise from issues like improper input validation, buffer overflows, symlink following, and uncontrolled resource consumption. These flaws can result in serious consequences, including unauthorized system access, privilege escalation, and denial of service (DoS) attacks.
Zoom has recognized the issues and released updates on their website to fix them. This emphasizes the need for regular software updates to ensure cybersecurity.
Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)
