UCSF IT Technology

Zoom has released a security bulletin to address a critical vulnerability in its Windows applications. The attack is described as an improper input validation that could allow an attacker with network access to escalate privileges.For a complete description of the vulnerabilities and affected systems go to Zoom Security Bulletin.IT SecurityRead more about IT Security service offerings.

Threat Alert: Deepfake Scam Targeting Financial Transactions An employee attended a video conference call with seemingly authentic colleagues, all of whom were later revealed to be deepfake representations. The worker, initially suspicious of a phishing email, was convinced by the realistic appearance and voices of the deepfake participants during the video call. Subsequently, the employee authorized a large financial transaction, thinking it was a legitimate request initiated by the CFO. 

Threat Alert: Company Policy Phishing Lures Bypass MFA 

The newly disclosed flaw is tracked as CVE-2024-0204 and is rated critical with a CVSS v3.1 score of 9.8 as it is remotely exploitable, allowing an unauthorized user to create admin users via the product’s administration portal. Creating arbitrary accounts with administrative privileges can lead to a complete device takeover. In the case of Go Anywhere MFT, that would allow attackers to access sensitive data, introduce malware, and potentially enable further attacks within the network.