Comprehensive software reviews to make better IT decisions
Zoom Account Logins for Sale … on the Dark Web
Security research firm Cyble has reported a discovery of over 500,000 Zoom accounts, including login and password information, being sold on the dark web and in hacker forums.
BleepingComputer reports that these accounts are being sold for as little as a penny apiece, and in some cases are given away for free. “Some of these Zoom accounts are offered for free on hacker forums so that hackers can use them in zoom-bombing pranks and malicious activities,” writes Lawrence Abrams.
The article goes on to suggest that user account information was cultivated through past vulnerabilities in Zoom, whether due to insecure passwords used or past data breaches where compromised account passwords were never changed.
Below is a sample of a redacted list of user account emails and passwords, including accounts from members of the University of Vermont, University of Colorado, Dartmouth, Lafayette, and the University of Florida.
Image courtesy of BleepingComputer, April 2020
BleepingComputer confirmed that a number of the listed email addresses are current active Zoom accounts and that the login credentials are indeed correct.
Change your passwords. Set it to something that can’t be easily guessed, and do not use the same password on multiple systems or sites. That is the persistent message that IT departments have been telling their users, and this time is no different.
With Zoom’s overnight stardom and the sudden wide use of Zoom for both personal and business communications, now would be an ideal time for IT departments to remind their users to change their Zoom passwords at their earliest convenience.
From Zoom’s standpoint, though this does not exploit a current vulnerability, its brand is still associated with bad press around security and its product. Zoom has started to take IT security very seriously, and it would not be unreasonable for the company to implement some measure of password complexity for its user accounts, enforce a password change across the board, or to send out communication to all Zoom users asking them to change their passwords.
Want to Know More?
Q headlines a bevy of announcements at AWS re:Invent 2023 in Las Vegas that shed more light on the cloud service provider’s AI strategy and where its differentiation from other vendors lies.
This note outlines some tips and tricks that you should be aware of when embarking on the installation and configuration of a Kubernetes cluster. Such an endeavor should only be attempted if the need for an enterprise-grade container orchestration solution is required.
It’s simply not enough today to pit your traditional application security toolkit against today’s advanced threats, especially those attacks that target APIs or mobile platforms. Bolstering your CI/CD pipeline by introducing more advanced and accurate SAST, SCA, IAST, and DAST will most certainly improve your security posture, but the journey does not end there. There are attacks and use cases that need careful consideration for how you approach security. Appdome believes it has those unknown challenges addressed and can significantly improve your application security program with very little effort from your development and security team, a welcome change from solutions that required a good bit of work to introduce problem-free into your code base four years ago.
This post provides a review of Zoom’s 2023 conference, Zoomtopia 2023. Core aspects covered include what major product releases and upgrades Zoom announced at Zoomtopia 2023, and what these announcements mean for Zoom’s market positioning in 2024.
Contact center as a service (CCaaS) enterprise providers are steamrollering ahead with embedding generative AI functionality in their platforms – whether organizations are prepared for it or not. In this post, I explore a positive outlook for how generative AI can be used to enhance organizations' customer experience capabilities while generating ROI. This includes: 1. Listing the major use cases for generative AI in the contact center. 2. Discussing how we might calculate ROI from utilizing generative AI in the contact center. 3. Considering what organizations can do to prepare for CCaaS vendors’ release of generative AI functionality.
In June 2023, I decided to remove the password on my primary email account as well as the one used to log-in to all of my devices. Did I wait too long? Am I too optimistic this will work without issue? Are there kinks that still need to be worked out? I recently attended Identiverse 2023 and got a FIDO2 hardware token intending at some point in the future to go passwordless. Why wait though? I was pumped up with all the passkey and passwordless sessions I attended and was eager to try this out and share my experience.
If you’re in the market for a password manager or are interested in secrets management, Bitwarden has a powerful platform for you. This unified platform is delivered via a thoughtful and intuitive UI, which Bitwarden Password Manager users will recognize. Bitwarden ranks as top of the Leader Quadrant in SoftwareReviews under the Password Management category, and the company believes its optimized, wide-range passwordless solution set will address most organizations’ needs.
Next-generation firewalls were smarter than previous firewalls, able to deeply analyze traffic and integrate with complementary security solutions. Today our needs are more complex, however, with a 742% increase in software supply chain attacks over the past three years. Sonatype Nexus Firewall has been paying attention and claims its firewall product is smarter about these attacks.
Have you ever thought of what else you could do to take your security operations center (SOC) to the next level and focus on prevention? Look no further – external attack surface management (EASM) was a popular managed service and topic of discussion at Rivest–Shamir–Adleman (RSA) Conference 2023, named after a popular public-key cryptosystem.