Sunlight Detergent

NCC Warns Zoom Users Over New Wave Of Attacks By Hackers

0

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has urged users of Zoom, a video telephony platform, to be conscious of remote attackers who could compromise their information.

According to NCC, users need to install the latest update of the software from its publisher’s official website following the discovery of vulnerabilities that allow remote attackers to exploit the app.

 In a report, the NCC-CSIRT recorded that the Indian Computer Emergency Response Team (CERT-In) had found several flaws in the Zoom product recently.

The platform became popular for virtual meetings in the wake of the COVID-19 pandemic with more than 300 million daily users.

According to the NCC-CSIRT advisory, “A remote attacker could exploit the vulnerabilities to circumvent implemented security measures and cause a denial of service on the targeted machine.”

It noted that “these vulnerabilities exist owing to incorrect access control implementation in Zoom On-Premises Meeting Connector MMR before version 4.8.20220815.130. A remote attacker could exploit these flaws to join a meeting they were not permitted to attend without being seen by the other attendees. They can also access audio and video feeds from meetings they were not permitted to attend, as well as interrupt other sessions.”

In a statement, it was said that the successful exploit of these vulnerabilities could allow an unauthorised remote authenticated user to bypass implemented security limitations on the targeted system.

CSIRT is the telecom sector’s cyber security incidence center set up by the NCC to focus on incidents in the telecoms sector and as they may affect consumers and citizens at large.

It also works collaboratively with the Nigeria Computer Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.

Leave A Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.