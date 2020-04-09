Zoombombing has become a big problem for Zoom and many people use it (Getty Images / iStockphoto)

After Zoom announced that it is stopping product development to focus on fixing its safety, the first changes seem to be coming.

The video messaging service has flourished since the coronavirus outbreak, but users have fallen victim to a particular type of attack called Zoombombing.

This happens when malicious attackers enter the public meeting (or guess the meeting ID and enter the private meeting) and start sharing the screen of pornographic or violent movies.

Zoom responded by creating a security board and appointing Alex Stamos (who was Facebook Security Director) to do the trick.

“Zoom has to do important work in the field of basic application security, cryptographic design and infrastructure security. I am looking forward to working with Zoom engineering teams on these projects, “Stamos wrote in a recent post at an intermediate level.

The first change is that the meeting ID is now hidden in the title bar, so it cannot be accidentally shared using the screenshot. Secondly, hosts will now see a security icon that allows them to control all meeting security options.

Zoom has also set the “Waiting Room” option as the default setting, so hosts must approve meeting participants before they can join.

How safe is Zoom?

Prime Minister used Zoom at the cabinet meeting and gave the meeting ID (photo: Pippa Fowles / 10 Downing Street)

Zoom is currently being studied by cyber security experts around the world, and many say that there are basic things that users can do to ensure their security.

“Currently, there is a lot of controversy about Zoom’s security and privacy, although he is far from dominating the emerging security threats,” said Ilia Kolochenko, founder and CEO of the security company in the ImmuniWeb network.

“Few attackers will ever try to intercept Zoom communication, even less will extract any value from the alleged sharing of data on Facebook.

“Instead, they will bet on an incredible number of misconfigured VPNs and RDP technologies, abandoned servers and unprotected cloud storage, exposed databases, and tracking IT resources that open doors wide open to companies’ crown jewels.

“Others are improving their skills in large-scale phishing campaigns and BEC. Unfortunately, most of their attacks are likely to be extremely successful. “

Cyber ​​security experts pay attention to Zoom (Getty Images)

He continued: “Since the start of the coronavirus, only a few organizations have successfully transferred their entire workforce to safe work from home.

“These organizations are building emergency infrastructure around the clock to enable remote work, but often ignore even the basic aspects of security and privacy, let alone compliance with industry standards and internal policies that are inappropriate for such an unprecedented and devastating crisis.”

“Organizations of all sizes should urgently update and disseminate to their employees information security principles adopted to limit the risks and threats of COVID19.

“When everyone has a clear and coordinated cyber security strategy, it is necessary to implement continuous monitoring of the attack surface reinforced by Dark Web surveillance, which will probably show the remarkable amount of newly stolen data for sale. Safety awareness programs for employees, as well as the discovery and management of IT resources are at the top of the list of tasks to be carried out in an emergency, because they are necessary to ensure the safety of companies during desolation.