Comprehensive software reviews to make better IT decisions
Cisco Suffers Security Flaw With Zoom Interoperability
On October 31, 2019, Cisco was notified of a security risk with the Zoom Connector for Cisco. Access for the Zoom Connector for Cisco hosted on zoom.us did not require authentication, allowing external users to join a Zoom meeting without password credentials.
Furthermore, Zoom’s landing page copied Cisco’s landing page, misleading users into thinking they were on a secure Cisco webpage.
Cisco named three major security problems that resulted from this incident:
- The Zoom URL did not require credentials.
- Zoom exposed Cisco Webex Devices to administrative exposure by placing itself between the user and the Cisco interface.
- The Zoom URL did not get revoked if the administration password was changed.
Source: Web Conferencing at SoftwareReviews. Accessed November 11, 2019
Cisco’s announcement of this security issue beat the press to the fold. The result is that Cisco has been able to shape the narrative of this incident – and it doesn’t portray Zoom in a good light. Given Zoom’s security problem earlier this year, which saw an exposure in Zoom’s APIs for Webex, Cisco is losing patience.
Sri Srinivasan, SVP and GM for the Team Collaboration Group at Cisco, issued this stark statement: “We [Cisco] would like them [Zoom] to take additional steps to use our supported APIs and work with us to certify the solution so that we can secure our mutual customers effectively.”
Yet in a competitive collaboration marketplace, the harsh reality is that Cisco and Zoom need to ensure interoperability. Microsoft’s Teams offering is making serious traction in this space, and Cisco and Zoom cannot afford to lose out on users due to security problems.
However, Cisco’s public statement will be a jolt to Zoom, who will be left to suffer by themselves if their security issues are not resolved. After all, as Srinivasan continued, though interoperability is convenient, it “comes with zero compromises on security and data integrity.” Abandoning Zoom may not be attractive, but it would certainly limit the fallout if Zoom’s security problems become more frequent.
Want to Know More?
Apple Rushes to Fix Zoom Security Flaw
SoftwareReviews: Zoom Scorecard
Next-Gen EDR/MDR/XDR – Field Effect Covalence
Field Effect Covalence is an EDR/MDR/XDR offering that translates chaos into order.
To SIEM or Not to SIEM?
Information security leaders fully understand the importance of having a security incident and event management (SIEM) solution, but teams need to overcome three main challenges before considering purchasing a SIEM solution.
Chronicle Expands Its North American Presence by Partnering With Herjavec Group
Chronicle, Alphabet’s enterprise security company, expands its North American partner base with Herjavec Group, its first Canadian partner. Herjavec Group is the first service provider in Canada to be certified in, and provide access to, Chronicle’s security intelligence products.
Qualys and Ivanti Partnership Boasts an Incredibly Robust Vulnerability Management Platform
Qualys VMDR and Ivanti have announced a new partnership dedicated to improving the detection and patching of vulnerabilities. Announced July 30, the Qualys and Ivanti Partnership have already gone live as an integrated component of the VMDR solution.
IBM Raises Price on Software Support; Shoves Customers Toward the Cloud
IBM is changing the terms of its ubiquitous Passport Advantage agreement to remove entitled discounts on over 5,000 on-premises software products, resulting in an immediate price increase for IBM Software & Support (S&S) across its vast customer landscape.
RiskSense Releases a Unified Infrastructure Security Risk Management Program
RiskSense announced on July 13 its new version of the cloud-delivered RiskSense risk management platform. The main draw of the program is its holistic risk calculation across CVEs and CWEs.
Organizations Report Higher Satisfaction When Switching to Software With an Info-Tech Award
Thinking about choosing a new software vendor but don't know where to start? Narrow down your shortlist by focusing on software that has received an Info-Tech Research Group award. New data from SoftwareReviews shows that organizations reported higher satisfaction when they switched to software that had received an Info-Tech award.
Address the Root of Your Vulnerabilities in a Resource-Tight Period
Cyberthreats are omnipresent for any enterprise. Monitoring ingress and egress points while still conducting business is a balance security professionals attempt to strike. Couple this with the continued security issues around remote work during the pandemic, and security teams have their hands full.
Kenna Security Releases Tool for the Custom Benchmarking of Vulnerability Management Programs
On May 26, Kenna Security released its new Prioritization to Prediction Benchmark Survey. This free tool provides organizations with the ability to compare their vulnerability management programs to industry averages Kenna Security has compiled over the years.