Zoom Video Communications offers video conferencing, online meeting, and mobile chat software for businesses. Hundreds of enterprises around the country use Zoom to collaborate with partners, clients, or remote workforces.
Unfortunately, a recently disclosed bug with Zoom’s software demonstrates the importance of endpoint security for businesses.
Security researcher Jonathan Leitschuh discovered and disclosed a zero-day vulnerability in the Zoom software. Basically, the vulnerability allowed any website to forcibly join a Zoom call without permission. Additionally, any website could issue a Denial of Service to a Mac user.
However, the above bugs don’t constitute the most distressing findings by Mr. Leitschuh. Instead, the most distressing discovery comes in the form of forced reinstallation; if you installed Zoom on any endpoint and then uninstalled it, a localhost on your machine would reinstall it for you without your knowledge.
Reportedly, the video conference provider is working to fix the issue. You can read Mr. Leitschuh’s full disclosure here.
Zoom and Endpoint Security
Imagine how many applications and programs operate on your business network. Think about all of the programs your employees use to complete their everyday business processes. Now imagine that any one of these applications or programs installed a means to linger on your network. You delete, and it reinstalls itself, allowing hackers an easy infiltration point.
It’s a chilling touch, and yet that’s exactly what happened here. Obviously, this should serve as a wake-up call to enterprises of all sizes; you shouldn’t automatically trust any application or program from outside your IT environment.
Therefore, you need to install a next-generation endpoint security solution on all of your connected endpoints. Endpoint security can help your IT team sandbox programs to discover their intent and observe their behavior in a simulated network; you might discover dangerous aspects which might otherwise remain hidden.
Critically, endpoint security can also install controls on your endpoints that prevent programs from automatically installing themselves without IT supervision. This capability alone can close huge numbers of security vulnerabilities. Also, it can help you feel more confident about your digital hygiene.
To find out more about endpoint security, check out our free 2019 Buyer’s Guide!
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021
- CrowdStrike Releases 2021 Threat Hunting Report from Falcon OverWatch - September 13, 2021