Skip to content

Addressing Security Concerns Related to Zoom

Michael Daniels

Apr 9, 2020

Source: Securian's Cybersecurity Department

In March, 200 million people used Zoom daily compared to just 10 million in December.

In response to the security concerns raised nationwide relative to Zoom Video and Audio services, Securian has updated the required security configuration requirements. If each Zoom user adheres to the requirements, we believe reasonable security controls are in place to continue using Zoom to remain connected with clients and continue to conduct business.

Please refer to the ZOOM page on SecurianAdvisor for details. ZOOM

Below is a summary of the risks and the effort to mitigate or reduce the risk. If you have not already, please take any action needed.

Session Password

  • Ensure each session has a “session password enabled.” Passwords will inhibit threat actors from accessing sessions, or “Zoom Bombing.”

Zoom Software Update

  • To address some of the security concerns, Zoom released an update to the client software that runs on your computer.  Verify that you have installed the update. (v4.6 19253.0401). (Log in to Zoom, click your profile picture, click “about Zoom” or “check for updates.”)

Security Patches

  • Managed computers should have security patches pushed to them automatically to ensure the Windows 10 operating system remains patched.

Chat Feature

The chat functionality has been identified as a risk and is open to several vulnerabilities.

  • If a user joins a meeting with “chat enabled” it is possible for a threat actor to hack passwords or introduce malicious links through chat sessions. In addition, chat may also allow unauthorized individuals to join a session and potentially view client information or even record it.

Unapproved Devices

  • MAC Computers remain vulnerable due to two privilege escalation vulnerabilities. It is not possible to deploy updates to unsupported hardware therefore, MAC Computers should not be used to conduct business.

ZOOM ENABLED CHANGES

  1. On Sunday April 5, Zoom enabled (by default) both a default password and waiting room feature. Each user must keep these features enabled.
  2. Zoom appears to have removed the servers hosted in China from the server rotation. Traffic to these servers stopped completely during the evening of 4/2/2020.

7 Comments

  1. ed meds online without doctor prescription on April 20, 2020 at 5:32 am

    ed meds online without doctor prescription

    Addressing Security Concerns Related to Zoom – North Essex Chamber of Commerce



  2. generic ventolin inhalers for sale on April 21, 2020 at 1:55 pm

    generic ventolin inhalers for sale

    Addressing Security Concerns Related to Zoom – North Essex Chamber of Commerce



  3. best price on generic viagra on April 24, 2020 at 6:17 pm

    best price on generic viagra

    Addressing Security Concerns Related to Zoom – North Essex Chamber of Commerce



  4. ciprofloxacina 750 on April 25, 2020 at 2:50 am

    ciprofloxacina 750

    Addressing Security Concerns Related to Zoom – North Essex Chamber of Commerce



  5. naltrexone weight loss on April 30, 2020 at 4:41 am

    naltrexone weight loss

    Addressing Security Concerns Related to Zoom – North Essex Chamber of Commerce



  6. tylenol for sale on May 8, 2020 at 5:02 pm

    tylenol for sale

    Addressing Security Concerns Related to Zoom – North Essex Chamber of Commerce



  7. chloroquine tablets uk on May 27, 2020 at 3:08 am

    chloroquine tablets uk

    Addressing Security Concerns Related to Zoom – North Essex Chamber of Commerce



Scroll To Top