Zoom is the most popular application teleconference, especially at a time when a large percentage of people around the world are sitting at home because of their pandemic Coronavirus, can turn into a nightmare when it comes to safety and protecting users' personal data. According to one report BleepingComputer, a bug was recently discovered in application Zoom, which can allow hackers to steal Windows passwords from users. This is related to the way Zoom's conversations handle links, as the app converts Windows UNC (Universal Naming Convention) routes to left-wing, on which users can "click". If a user clicks on such a link, Windows will leak the username and password they set to Windows. The password has been "hacked". However, in many cases it is easy to reveal the password using password recovery tools such as Hashcat.
The Zoom error was first detected by security researcher @ _g0dmode and confirmed by security researcher Matthew Hickey. In addition, Hickey pointed out that this vulnerability could be used for startups programs on the victim computer when he "clicks" on a link, although Windows will (optionally) give at least one security warning before the program starts. As for security vulnerabilities, this is very bad, as it does not require much knowledge to be exploited by hackers. The victim just needs to "click" on a link and this can be mitigated by matching the Windows security settings, but it is definitely something that Zoom needs to fix by changing the way the platform chat handles the UNC links.
In the meantime, for a quick fix, go to Computer Settings -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network Security: NTLM Restriction: Outgoing NTLM Motion to Servers and Setup ".
However, this is not the only issue that has been identified in the last two weeks regarding the privacy and security of users who use the Zoom application. Intercept said Zoom doesn't actually use end-to-end encrypted connection for its calls, though it claims to do so. The issue of message leakage is also raised e-mail and photos of users in unconnected places while still applying iOS of the company recently sent data on Facebook for no apparent reason. Zoom also has some controversial functions confidentiality and although this is not a mistake of Zoom, it is worth noting that hackers take advantage of the popularity of the application to deceive them users motivating them to download malware.