What is new with Zoom?
After the Zoom bombing incident with Zoom due to its vulnerabilities, it appears that the storm is not yet over the video conferencing app. From the day the weaknesses were exposed, numerous issues occurred on the rising application. It gets to us that what happened to Zoom is the “new normal” for the app. It is not surprising that recently they suffered another series of zero–day vulnerabilities exposure from cyber-criminals. They even had these approximately 530,000+ leaked accounts for sale or passed within the cyber-criminal network for free.
Zero–Day exploits for sale?
With all the unwanted publicity Zoom has been experiencing, what could get worse? Not that surprising, but sure could be damaging is a series of black hat attempts of selling these Zero-Day vulnerabilities on the Zoom app within the Dark Web, initially on the 11th of April we noticed some dark web marketplace and notorious forums going on about selling Zoom vulnerabilities for 5000 to 30000 USD. The price sounded like it was a highway robbery, but come to think of it Zero-Day vulnerabilities are highly valued! It is the fact that even before a pen-tester knew about these vulnerabilities, most likely a black hat hacker already abused these exploits. If it wasn’t right, then we won’t be seeing notorious dark web and highly recognized forum sellers peddling the information.
More Expensive Zero-Day Exploits for Sale?
On the 15th of April was a surprise because, according to a reliable source, the latest news Zoom related exploits are at it again. In the dark web and criminal forums, the buyers were stunned because, for a whopping $500,000, an unknown vulnerability that involves remote code execution. The said vulnerability is for sale, together with one intended to abuse a bug in the video conferencing app’s macOS client. Then on the sideline, more forums were seen to be selling account login details of Zoom users for less than a penny. Approximately 0.0020 USD per account, these accounts for sale were part of the massive breached that happened due to the recent unpatched exploits.
iZOOlogic’s Dark Web monitoring is always striving to get updated on leaks and vulnerabilities that are substantial to the landscape of cybersecurity. Zoom is one of these applications which we think is a game–changer. Therefore our robust dark web intelligence team and threat researchers are working round the clock to help keep the threat landscape in check. That may potentially affect businesses that we partnered with and, at the same time, divulge the open-source intelligence for the potentially affected industries to help with fraud management.