August 14, 2024 at 08:39AM Fortinet and Zoom announced patches for multiple vulnerabilities on Tuesday. Fortinet’s patches address three security defects, including high, medium, and low-severity flaws. Zoom published patches for 15 vulnerabilities, including high and medium-severity issues across its products. Both companies advise users to update their applications, with no reports of active exploitation. … Read more
May 22, 2024 at 01:33AM Zoom has introduced post-quantum end-to-end encryption for its Meetings, with plans to extend it to Zoom Phone and Zoom Rooms. This advanced security feature uses Kyber-768 and aims to counter potential threats from quantum computers in the future. It necessitates updated Zoom app versions for all participants, and other companies … Read more
May 21, 2024 at 03:49PM Zoom has introduced post-quantum end-to-end encryption (E2EE) for video conferencing, utilizing Kyber 768 to ensure data security against potential future quantum decryption. This advanced encryption will soon be available for Phone and Rooms. While enhancing security, it may limit some Zoom features, and individual users should assess their requirements before … Read more
February 15, 2024 at 10:37AM Zoom has disclosed security vulnerabilities, including a critical privilege escalation flaw (CVE-2024-24691). It affects Windows versions of Zoom desktop client, VDI client, Rooms client, and Zoom Meeting SDKs. Other vulnerabilities were also patched, with impacts ranging from denial of service to information disclosure. Users are urged to update to the … Read more
February 14, 2024 at 03:41PM Zoom’s Desktop and VDI clients and Meeting SDK for Windows are affected by an improper input validation flaw, allowing unauthenticated attackers to conduct privilege escalation. The flaw, tracked as CVE-2024-24691 with a critical rating, impacts specific product versions. Users are advised to update to the latest version to address this … Read more
January 11, 2024 at 09:43AM On the first Patch Tuesday of 2024, Intel, AMD, Zoom, and Splunk released security advisories. Intel addressed BIOS firmware vulnerabilities, AMD reported a low-severity SEV-SNP issue, and Splunk patched critical and high-severity vulnerabilities. Zoom informed customers of a high-severity flaw affecting Windows products. Several other companies also released their first … Read more
December 18, 2023 at 03:42PM Zoom developed the Vulnerability Impact Scoring System (VISS) as a more objective approach to assess the severity of vulnerabilities found during bug bounty programs. This system, providing a transparent and defensible way to calculate potential rewards for vulnerabilities, aims to prioritize critical and high-severity issues. VISS received positive feedback from … Read more