Top infosec trends in the social media spotlight this week

Web amp-video conferencing giant Zoom was trending for all the wrong reasons this week, as a security researcher went public with a vulnerability in the app that could allow a malicious site to auto-join Mac users to a amp-video call and enable their webcam without permission.

What’s more, researcher Jonathan Leitschuh found that Zoom’s Mac client installs a local web server on devices that stays on systems even after users have removed the app.

“Ultimately, Zoom failed at quickly confirming that the reported vulnerability actually existed and they failed at having a fix to the issue delivered to customers in a timely manner,” Leitschuh explains in a technical blog post published on Monday.

Things didn’t end here, however. While the Zoom devs said they were working to release an uninstaller by the weekend, news emerged that the hidden web server was leaving users open to remote code execution. Ouch.

Apple rolled out an update to remove the Zoom web server from impacted Macs on Wednesday.


Elsewhere, investigative journalist Brian Krebs took a deep dive into the infamous GandCrab ransomware campaign, which shuttered its operation last month after generating a reported $2 billion in extortion payments for affiliates.

“It remains unclear how many individuals were active in the core GandCrab malware development team,” Krebs writes.

“But KrebsOnSecurity located a number of clues that point to the real-life identity of a Russian man who appears to have been put in charge of recruiting new affiliates for the program.”

This latest investigative piece comes just weeks after Tamas Boczan, senior threat analyst at VMRay, provided fresh insight into GandCrab.

Speaking at the FIRST annual conference in Edinburgh, Boczan suggested that the developers’ involvement in an escalating cat-and-mouse game with security defenders played a key role in the campaign’s demise.


In privacy news, two US tech heavyweights have taken aim at social media, with Wikipedia co-founder Larry Sanger and Apple co-founder Steve Wozniak issuing separate warnings over what they see as Facebook & co’s dystopian rise to world domination.

Sanger recently penned a ‘Declaration of Digital Independence’, which outlines support for decentralized social networks and pours scorn on the “vast digital empires” that have “data-mined user content and behavior in sophisticated and disturbing ways”.

We have begged and pleaded, complained, and resorted to the law. The executives of the corporations must be familiar with these common complaints; but they acknowledge them publicly only rarely and grudgingly. The ill treatment continues, showing that most of such executives are not fit stewards of the public trust.

Wozniak threw his own hat into the ring, with the Apple guru suggesting that “most people” should “figure out a way to get off Facebook” in a short interview with TMZ.

“There are many different kinds of people and some the benefits of Facebook are worth the loss of privacy,” he said. “But to many like myself, my recommendation to most people is, you should figure out a way to get off Facebook.”


Finally this week, things took a stranger turn at Microsoft, as the OS giant created a Windows 1.11 app to tie-in with the launch of season three of the hit TV show, Stranger Things.

The free-to-install software allows users to “experience 1985 nostalgia” through Windows 1.11, which comes complete with native programs including Paint, Write, and the original Windows cmd prompt.

Those interested in heading back to the future should check out the Microsoft blog for more info.