Web application firewalls bypasses collection and testing tools

How to test, evaluate, compare, and bypass web application and API security solutions like WAF, NGWAF, RASP, and WAAP

CVE-2022-32958: What You Should Know

When it comes to data breaches and data leaks, organizations are learning that there is no such thing as a minor incident. The potential for the leak of sensitive user data can lead to reputational damage, legal liability, and financial consequences that can be severe. In the past few months alone, there have been a growing number of high-profile incidents where user information has been leaked or hacked. From Marriott to Exeter School, NNpe to DatEND, and Google+ to ReputableEND, we’ve seen some major companies (and smaller organizations) take an unfortunate hit when their user data has been compromised. If you’re a security professional working in technology with the goal of protecting users from these kinds of incidents, then you’ll want to read on to learn more about CVE-2022-32958 and what it means for your organization and others like it.


What You Can Do to Protect Yourself

For starters, it’s crucial to understand what led to CVE-2022-32958. By getting an overview of the situation, you can then put yourself in a position to properly defend against a similar kind of attack. When it comes to the root cause of this recent data breach, the culprit appears to be the use of the Zoom video conferencing software. Zoom is a widely used product with more than 200 million users, including many businesses of all sizes. Zoom has a feature that allows users to create conference calls that are accessible to anyone who knows the conference call number. Zoom then has a service that allows people to programmatically find out the number for any conference call. As a result, anyone who knows the Zoom API and the conference call number could find out the number for any Zoom call. We’ve seen malware in the wild that exploited this vulnerability to find out the conference call number, then dial into the call to record it.


Download the latest version of TeamPlus Pro

As part of your preparation for how best to defend against this type of attack in the future, you should download the latest version of TeamPlus Pro. We plan to make some changes to our architecture to help prevent this type of exploitation.


Change your password and enable two-factor authentication

Whenever there’s a major data breach, it’s important to change your password. This is the simplest way to help protect your account from being compromised. We also encourage you to enable two-factor authentication on any accounts that support it. With two-factor authentication enabled, an attacker would not only have to have your password, but also have possession of your phone to gain access to your account. This can be a powerful way to protect your data and accounts from being compromised.


Check for updates on a regular basis

It’s also important to check your software and operating systems regularly for updates. Not only will this keep you up to date with protection against known threats, but it can also help you stay safe from exploits and vulnerabilities that may have been discovered since you last updated. You may also consider using an automated patch management solution to help you stay up to date with software updates. One of the most effective ways to keep your systems safe is to apply the latest security patches.


Turn off Auto-Syncing in the Group Settings

Finally, there’s one more thing you can do to help prevent this type of exploit in the future. Zoom has a feature that allows you to auto-sync your Zoom conference calls from one account to another. This feature can be helpful if you’re sharing your account with other people, but it can also be a potential security risk. For this reason, we recommend turning off the auto-sync feature in the group settings of your Zoom account.


Conclusion

This article has outlined why it’s so important to be aware of potential risks to your organization’s security and the best ways to prepare for and defend against them. And while the rising number of high-profile data breaches can be a cause for concern, it can also be an opportunity to learn from and improve upon the experiences of others. The best way to do this is to educate yourself about the potential risks that may be posing a threat to your organization. Then, you can take steps to mitigate those risks and defend against attacks that try to exploit them. With the information in this article, you have the knowledge you need to stay safe and protect your organization from this type of exploit. So make sure you’re taking the necessary steps to protect yourself, your team, and your organization!