A security researcher found vulnerabilities in the Mac client for Zoom, a popular video conferencing application. After 90 days and two weeks, the vulnerability still exists. Mitigating the vulnerability entails typing the following commands in terminal, replacing [pid] with the process ID:
$> lsof -i :19421 $> kill -9 [pid] $> rm -rf ~/.zoomus $> touch ~/.zoomus
Wordfence Threat Analyst Mikey Veenstra also verified that the Linux client for Zoom also will turn video on automatically, but was not susceptible to reinstall if the client had been removed.
We also cover the WP Engine acquisition of Flywheel, cPanel's new pricing structure and what it means for hosting providers, removal of caps on .org domain names, critical security vulnerabilities in Magento, WP Statistics XSS vulnerability, a hacked ad server pushing out SEON ransomware, British Airways landmark GDPR fine, breaches and leaks of the week, amongst many other stories.
Here are approximate timestamps in case you want to jump around:
1:30 Zoom Zero Day Vulnerability 10:12 WP Engine Acquires Flywheel 19:45 cPanel pricing structure changes 23:02 .org pricing caps removed 28:30 Magento vulnerabilities 32:15 XSS Vulnerabilities in WP Statistics 35:30 Ad server hacked, serving ransomware 38:00 YouTube 40:18 British Airways GDPR Fine 42:00 Breaches of the week: MongoDB leak and leaky S3 buckets 44:50 Ruby Gem "strong_password" supply chain attack