Better get Grandpa off Windows 7 because zero-day bug in Zoom allows remote code execution on vintage OS

Plus: Kazakh man charged with corporate mega-hack, and more

In brief With world+dog on Zoom these days, news of a zero-day attack against the videoconferencing app would cause a stir, but relax – it's only if you're on Windows 7 or older.

An independent researcher told ACROS Security about the flaw that would allow for remote code execution on any Zoom Client for Windows used by Windows 7, even with extended support after the OS was shuttered in January. You can see some details of the attack in the video below:

Youtube Video

The security shop has made micropatches freely available for the latest builds of the videoconferencing app from versions 5.1.2 to 5.0.3, and has informed Zoom of the issue. Any bounty paid out will go to a charity of the anonymous researcher's choice.

Hacking charges for Kazakh chap

On Tuesday the US unsealed a 2018 indictment for Andrey Turchin, a citizen of Kazakhstan, accusing him of being behind the hacking of more than 300 organizations in around 40 countries, the indictment [PDF] reads.

Turchin, who the US said operated under the online name fxmsp, is accused of running a hacking crew that specialised in breaking into corporate networks since October 2017. The team would try to brute-force logins on RDP or send malware-laced phishing attempts until they got lucky.

The indictment stated that after installing their own remote access software, which also monitored the network's security software to protect itself, the crew then auctioned off the company to the highest bidder online. The US claimed some auctions had raised $150,000, indicating very valuable targets.

Turchin was charged in the Western District of Washington, Seattle, with conspiracy to commit computer hacking, unauthorized access to a protected computer, intentional damage, access device fraud, and – of course – wire fraud. The US does not have an extradition treaty with Kazakhstan.

Warning for Parks and Rec people

A Register reader has tipped us off to a successful hack that could really hurt local governments.

Canadian SaaS seller PerfectMind has warned customers that on July 7, between 05:00 and 16:00 PST (12:00 to 23:00 UTC), anyone who entered their credit card information into one of its servers needs to cancel the plastic immediately and check their systems for malware. PerfectMind does registration software, with an emphasis on selling to government-run recreation facilities. With 500,000 customers, that's a big juicy target.

The hackers managed to scoop not only the name and number of the cards, but, crucially, the card verification value (CVV) numbers. That could lead to a lot of charges getting made very quickly, thus the urgency in the warning letter about shutting down cards.

The warning letter, which you can see here, comes from the Ontario city of Guelph, which is ironically reported to be one of the safest places to live in the great Northern nation.

Google moves on stalkerware ads – finally

It has taken the Chocolate Factory long enough, but from August developers won't be able to advertise stalkerware apps on the world's biggest ad generator.

"The updated policy will prohibit the promotion of products or services that are marketed or targeted with the express purpose of tracking or monitoring another person or their activities without their authorization," Google said. "This policy will apply globally and we will begin enforcing this policy update on August 11, 2020."

Google already bans such products from its app store, as does Apple, but it was quite happy to tell people where to buy the covert tracking code if they wanted it. That will now end – although the ban doesn't apply to software used by private investigators or on software designed for parents to track their offspring, which is somewhat of a loophole.

The move is another success in a campaign headed by the Electronic Frontier Foundation to ban such code because of its misuse. ®

Similar topics

Other stories you might like

Biting the hand that feeds IT © 1998–2021