New Episode Alert EP115

What is Zoom-Bombing? 🔥

April 06, 2020

Weekly Blaze PodcastEpisode 115April 6 2020

Another Marriott Data BreachZoom-BombingEconomic Stimulus Scams

Because everyone is working from home and using video conferencing technology like Zoom, now is a great time to think about the privacy of the web cam that is built into your laptop. Of course, there is the risk of malware being installed on your computer that could turn your webcam on without you knowing. Which is why I always recommend covering your webcam as a best practice when you're not using it. A webcam cover can also help prevent situations where you've accidentally enabled your webcam when you didn't know it was on. And the easiest way to prevent webcam misuse is to use Silent Pocket's reusable and removable webcam stickers for your laptop. Pick up a set for your laptop today at Silent Pocket's newly designed website,

. And don't forget to take 15% off your order by using discount code "sharedsecurity".

Over 90% of individuals show risky behavior in handling potential phishing messages according to Click Armor's free

. This engaging coronavirus edition of CanIBePhished.com can help identify your teams total vulnerability to phishing attacks that exploit the pandemic situation. So test your own vulnerability to phishing attacks for free now at

.

Marriott data breach affects 5.2 million hotel guests

In breaking news last week

. This is now the second major Marriott data breach in recent years. The last data breach, in 2018, affected more than 339 million hotel guests when the Starwood Hotels guest reservation database was compromised way back in 2014, and not detected by Marriott until 2018. This time Marriott discovered an unexpected amount of guest information was accessed using possibly stolen login credentials at a franchise property. Marriott believes the activity started in January 2020 and was discovered in February. Personal information exposed included contact details, loyalty account information, and other details including company, gender, data of birth, and room and language preferences. Marriott said in a statement posted on their website that there was no evidence of account passwords, PINs, payment card details, passport information, or driver's license numbers that were compromised. While the compromised accounts have been disabled and as the investigation continues, Marriott is reaching out to affected guests by having them change their password and also enable two-factor authentication if they haven't already. Marriott also has set up a portal where you can check to see if you were impacted by the breach, which of course, asks you to put in more of your personal information. For more details on this data breach check out our show notes for

and to also sign up for your complimentary one year of free credit monitoring if you happen to be a victim of this latest data breach.

Zoom popularity increases as does the privacy and security concerns

With the massive increase in working from home because of COVID-19, video conferencing is now the new normal when it comes to communicating with anyone. From business, to doctors, teachers, students, and even kids who want to virtually "hang out" with their friends, Zoom is probably the most popular video conferencing technology being used today. In fact, according to web analytics firm

, there was a 535% increase in daily traffic to the zoom.us website just in the last month. And because of that popularity, privacy concerns as well as security vulnerabilities in the Zoom software have been in the news lately and have many people concerned about the security and privacy of their meetings. In one example,

despite some marketing that Zoom put out which makes it sound like it is, but rather is using standard HTTPS encryption just like a typical website. In another example, researchers discovered that the Apple iOS version of the Zoom client was

, even if you don’t have a Facebook account. And

which could allow a malicious link posted to the chat within a Zoom meeting. If you were to click on this malicious link, an attacker may be able to grab your hashed Windows login credentials or launch an application on your computer. But the most popular attack that's going on right now is something called

. Zoom bombing is where someone will access your Zoom meeting by either guessing or brute-forcing the meeting ID number or by simply clicking on your meeting link that you may have posted publicly on Twitter or through another public forum. Once someone is in your meeting, they can cause all kinds of havoc like taking over the sharing on your meeting and in some recent cases showing everyone porn or other things you probably didn't want to see in your meeting. The solution for this is make sure you change the default "Who can share" setting in your Zoom configuration from "All Participants" to "Host Only" and of course enable a password for your meetings.

Now because of these and a few other reported security vulnerabilities, late last week

to improve security and privacy as well as conduct a third-party security review of their product. Look, I know it's easy to pile on Zoom right now and blame them for not securing their software. However, every software and website has security vulnerabilities and we shouldn't fault Zoom too much here especially when Zoom has rapidly risen in popularity. Zoom really seems to be trying to do the right thing here from a security perspective. Everything you use on the Internet has a risk associated with it but in my opinion, Zoom is no more riskier than using Skype or some other solution that most likely has similar or worse vulnerabilities. My final thoughts on this are if you really do need real end-to-end encrypted video communication you should use something like Signal which is open source and routinely vetted by the cybersecurity community. If you are using Zoom in cases where the information you may be talking about is government secrets, proprietary or highly confidential information, or conducting meetings that would be of interest to a large nation state, you probably shouldn't be using Zoom anyway.

IRS warns of surge in economic stimulus payment scams

The IRS

about a new surge in coronavirus related scams over email, phone, or social media requesting personal information while using the new economic stimulus payment as a lure. Because economic stimulus payments are going to be showing up in bank accounts and through the mail in the next several weeks, everyone should be on alert for scams attempting to take advantage of the stress and anxiousness related to the COVID-19 pandemic. Top things to watch out for include looking for common words used in these scams such as "Stimulus Check" or "Stimulus Payment". The official term from the IRS is "economic impact payment". Other things to look out for include asking the tax payer to sign over their payment check, asking by phone, email, text or social media for verification of banking account information to "speed up" payment, and even mailing the taxpayer a bogus check, perhaps in an odd amount, then telling the taxpayer to call a number to verify information online in order to cash it. As the IRS notes, they already have your information from previous tax returns and if you don't have direct deposit set up, the IRS will mail your check to the address they have on file. More details are available on

which you can find linked in our show notes. And if you do become a target of a COVID-19 related economic impact payment scam, be sure to report it to [email protected].

MarchMonthly ShowEpisode 98In episode 98 of our monthly show co-host Scott Wright shows us a demo of Click Armor which is a gamified cybersecurity awareness platform, Tom presents the results of our listener survey, and we have a discussion about the privacy concerns with geofence warrants.

Watch this episode on our YouTube Channel!

Thank you to our sponsor

Silent Pocket!

Take advantage of this exclusive offer and help support this podcast!

Visit

to shop Silent Pocket's great line of privacy focused products.