Following the discovery of vulnerabilities that allow a remote attacker to exploit the app, the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has advised users of the videotelephony platform, Zoom, to install the most recent update of the software from its publisher’s official website.
The Indian Computer Emergency Response Team (CERT-In) discovered a number of bugs in the Zoom product, according to a Wednesday advisory from NCC-CSIRT.
Advertisements
After the COVID-19 Pandemic, the videotelephony platform gained popularity for virtual meetings, with more than 300 million daily users.
“A remote attacker might exploit the vulnerabilities to circumvent implemented security measures and cause a denial of service on the targeted machine,” the NCC-CSIRT report states.
It stated, “These vulnerabilities exist because Zoom On-Premises Meeting Connector MMR previous to version 4.8.20220815.130 implemented access control incorrectly.
Advertisements
“A remote attacker could take advantage of these issues to sneak into a conference without the other participants noticing.
Additionally, they have the ability to eavesdrop on other sessions and obtain audio and video streams from meetings they were not authorized to join.
A successful exploit of these weaknesses could give an unauthorized remote authenticated user the ability to get beyond security measures that have been put in place on the targeted system.
Advertisements
The NCC established the Computer Security Incident Response Team (CSIRT) as the telecom industry’s cyber security incident center to focus on problems in the telecom sector and as they may affect consumers of telecom services as well as the general public.
The Nigeria Computer Emergency Response Team (ngCERT), founded by the Federal Government to lessen the frequency of future computer hazards occurrences by preparing, safeguarding, and securing Nigerian cyberspace to prevent attacks, difficulties, or related events, also collaborates with the CSIRT.
2 comments