A security researcher found vulnerabilities in the Mac client for Zoom, a popular video conferencing application. After 90 days and two weeks, the vulnerability still exists. Mitigating the vulnerability entails typing the following commands in terminal, replacing [pid] with the process ID:
$> lsof -i :19421
$> kill -9 [pid]
$> rm -rf ~/.zoomus
$> touch ~/.zoomus
Wordfence Threat Analyst Mikey Veenstra verified that the Linux client for Zoom also will turn video on automatically, but was not susceptible to reinstall if the client had been removed.
We also cover the WP Engine acquisition of Flywheel, cPanel’s new pricing structure and what it means for hosting providers, removal of caps on .org domain names, critical security vulnerabilities in Magento, WP Statistics XSS vulnerability, a hacked ad server pushing out SEON ransomware, British Airways landmark GDPR fine, breaches and leaks of the week, amongst many other stories.
Here are approximate timestamps in case you want to jump around:
1:30 Zoom Zero Day Vulnerability
10:12 WP Engine Acquires Flywheel
19:45 cPanel pricing structure changes
23:02 .org pricing caps removed
28:30 Magento vulnerabilities
32:15 XSS Vulnerabilities in WP Statistics
35:30 Ad server hacked, serving ransomware
40:18 British Airways GDPR Fine
42:00 Breaches of the week: MongoDB leak and leaky S3 buckets
44:50 Ruby Gem “strong_password” supply chain attack
Find us on your favorite app or platform including Apple Podcasts, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.
Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.
This week in the news we cover:
You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant. Please feel free to post your feedback in the comments below.