Welcome to neoRhino IT Solutions' The Breacher Report, where twice a month we provide some of the most notable security news and data breaches in bite-sized doses to keep you informed and aware of what's happening in the world of cybersecurity.

The Torrid Journey of Zoom and its Multiple Security Flaws: While nearly all online communication tools have experienced unforeseen growth as a result of the COVID-19 pandemic, Zoom has been under hot water for a multitude of security concerns.

In today’s special Breacher Report, we’re covering the various issues that Zoom has experienced during COVID-19’s tenure. We understand that many use Zoom, but we only hope to let everyone know what has been going on with the program so you can be aware if the flaws within is security.

As of April 13th, 2020:

  • Multiple incidents of hackers hijacking free Zoom meetings that were not password protected to deliver hate speech and offensive images, which is now known as “Zoombombing.” As of April, Zoom users in the free tier can no longer disable using passwords for access to meetings.
  • Silently divulging app usage data, user location, and cellular carrier data to Facebook through the Zoom iOS app.
  • Removing an undisclosed “activity tracker” that would alert the originator of the meeting if any attendee diverted their attention away from the meeting for longer than 30 seconds.
  • A “malware-like” installation of its macOS application that basically preloads the program to gather data before the user acknowledges the user agreement and approves.
  • Flaws in the app’s auto-link creation in text messages that would open a security hole that could grant remote access to the user’s machine.
  • Harvesting data from users of LinkedIn’s Sales Navigator tool. every Zoom participant’s name and email address was matched against LinkedIn’s database without disclosure that the user’s data was being utilized in this way.
  • Two zero-day flaws were discovered in late March that users of Zoom local, unprivileged attackers root privileges, and allow them to access victims’ microphone and camera.
  • Zoom has now been banned across several school districts after “zoombombing” incidents increased. New York City's Department of Education began for their schools to switch to Microsoft Teams "as soon as possible."
  • Google has banned their employees from using the Zoom app on their company equipment. After evaluation, the app “does not meet security standards.” They are then invited to use Google’s Meet app, connect via web browser, or use the mobile app instead.
  • One of Zoom’s key investors has filed a class action lawsuit against the company for allegedly doctoring encryption details, leaking personal info to Facebook, and for not properly divulging security flaws.
  • “Zoombombing” violators can now see potential jail time if caught. The FBI has stated that Zoom meeting hijackers could face charges of “disruption of a public meeting, computer intrusion, using a computer to commit a crime, hate crimes, fraud, or transmitting threatening communications” or jail time depending on the infraction.

There are more instances of issues with the Zoom service, but our Breacher Report team wanted to raise awareness of the problems with the platform before more people are affected. neoRhino is here and ready to assist your business in determining what would be the best videoconferencing tool for your employees. Contact us or give us a call at (281) 779-4850 and we can help your business stay connected during this rough time and beyond.

* These news bytes are curated from several reputable sources, including: CNet, Forbes, CIO, TechRepublic, BleepingComputer, InfoSec Megazine, ZDNet, The Verge, and more.