Below are current information security advisories. If you have any questions, please email firstname.lastname@example.org.
You may have heard the phrase “Zoombombing” recently talked about in the media. It is a disruptive practice of that seeks to disturb online meeting sessions by displaying offensive graphics, messages or broadcasting disruptive audio. You can think of this like a prank telephone call, but the results could be disastrous since you can’t erase or undo what happens, and all attendees will be part of it.
To protect your online classroom environment, please be sure to update your Zoom software and implement the following suggestions when scheduling and hosting Zoom sessions.
An important update for the Zoom application was released April 2nd, 2020 that fixes a recently identified security vulnerability. As a result, OIIT urges you to update your application in order to ensure platform safety, privacy, and security.
To update Zoom, open the Zoom application on your Windows or Mac personal computer. You will see up to two different notifications alerting you of an application update.
The first notification is a pop-up window that will appear with the "Zoom Update" (pictured below).
The second notification will appear on your Zoom application home screen. A light blue stripe is visible with verbiage that reads, "A new version is available! Update."
Click the "Update" button in either area and follow the onscreen prompts to complete the process.
Your primary methods to ensure safety with Zoom meetings should be:
To accomplish these goals, we have the following recommendations on Zoom meetings:
Do not share your meeting URL on public-facing sites like social media or forums. Students can access Zoom meetings in Canvas from the Course Menu; if necessary, you can provide the meeting details by emailing or messaging participants directly.
The Meeting ID is the ID used in a Zoom meeting URL. It is best practice to allow Zoom to generate this automatically, and do not use the same ID each time.
To avoid attendees (including yourself) from being seen or heard before you are ready, we recommend not enabling video or audio by default. Additionally, you should mute all participants on entry.
You can enable a waiting room for your meeting, which allows you to decide who will enter the session.
Due to a change for education customers, screen sharing is not enabled by default for every participant in a session. The host can determine who can share their screen by making those who wish to share a co-host. Always be cautious about who you give co-host permissions, as they have the ability to moderate participants and share whatever they like on screen.
When hosting a Zoom session, it is important to understand the controls provided by Zoom to moderate participants, such as muting, stopping video, putting participants on hold/in waiting room or removing them. You might consider adding another trusted user as a co-host to help you moderate, especially in larger meetings.
Click the Manage Participants button to see the Participants pane:
At the bottom of the Participants pane, you have options to mute all, unmute all along with some additional participant options, such as locking the meeting so that no one else can join:
For each individual participant, you can mouse over their name, and use the Mute button or the More button for asking to start video or stop video (if video is enabled), put a participant on hold, or remove them from the session:
For more information on managing participants and breakout rooms, see the following Zoom articles:
Many online shops give the option to complete your transaction through third-party payment sites (e.g., PayPal, Visa Checkout, Google Pay, Apple Pay, etc.). If you shop online at a website that redirects you or has a pop-up window appear, be sure to take a close look at the domain to ensure that you're not being conned.
One of the most common methods hackers use to steal information is infecting a merchant's checkout page with malware that "skims" or gathers personal data. This new method is similar in that the hacker adds bad code to a shop's site, but instead of skimming information, it redirects you to a fake site to pay the hacker directly.
While there is only one known instance of this happening (to a shop in Australia), this could be a trial run for a much larger operation.
Source: Ars Technica