I think there are a couple of lessons here.
Media love to dogpile on a tech company that gets security wrong publicly, and Zoom certainly got it wrong (secure development is not really a new concept guys). That said, I wouldn’t go so far as to call this malware as some articles have. It represents a need for everyone to know the full extent of their supply chain for not only the products and hardware they own, but also the services they consume.
That said, if you are using Zoom right now to easily allow grandma to communicate safely with the grandkids during these times, more power to you. If you are conducting sensitive company meetings over the platform, well…….maybe stop for now?
#infosec #securedevelopment
https://www.nytimes.com/article/zoom-privacy-lessons.html