Top of Page
Skip main navigation

Below are current information security advisories. If you have any questions, please email infosec@nova.edu

Keeping Zoom Secure

You may have heard the phrase “Zoombombing” recently talked about in the media. It is a disruptive practice of that seeks to disturb online meeting sessions by displaying offensive graphicsmessages or broadcasting disruptive audioYou can think of this like a prank telephone call, but the results could be disastrous since you can’t erase or undo what happens, and all attendees will be part of it. 

To protect your online classroom environment, please be sure to update your Zoom software and implement the following suggestions when scheduling and hosting Zoom sessions. 

 

Update your Zoom software

An important update for the Zoom application was released April 2nd, 2020 that fixes a recently identified security vulnerability. As a result, OIIT urges you to update your application in order to ensure platform safety, privacy, and security. 

To update Zoom, open the Zoom application on your Windows or Mac personal computer. You will see up to two different notifications alerting you of an application update.

The first notification is a pop-up window that will appear with the "Zoom Update" (pictured below). 

Zoom Update

The second notification will appear on your Zoom application home screen. A light blue stripe is visible with verbiage that reads, "A new version is available! Update."

Zoom Pop Up

Click the "Update" button in either area and follow the onscreen prompts to complete the process.

Additional Security for Zoom Hosts

Your primary methods to ensure safety with Zoom meetings should be:  

  • Only allowing attendees you expect in your session  
  • Not allowing unintended video, audio or screen sharing  
  • Moderating or removing disruptive attendees   

To accomplish these goals, we have the following recommendations on Zoom meetings:   


Never share meeting URLs on public-facing sites or services 

Do not share your meeting URL on public-facing sites like social media or forums. Students can access Zoom meetings in Canvas from the Course Menu; inecessary, you can provide the meeting details by emailing or messaging participants directly. 


Don’t use a Personal Meeting ID 

The Meeting ID is the ID used in a Zoom meeting URL. It is best practice to allow Zoom to generate this automatically, and do not use the same ID each time. 

Personal Meeting ID


Turn off participant video and audio by default, and mute users on entry

To avoid attendees (including yourself) from being seen or heard before you are ready, we recommend not enabling video or audio by default. Additionally, you should mute all participants on entry.

Video Screen

Mute Screen


Use Waiting Rooms when you feel additional security may be warranted

You can enable a waiting room for your meeting, which allows you to decide who will enter the session.

Zoom Waiting Rooms


Co-host permissions

Due to a change for education customers, screen sharing is not enabled by default for every participant in a session. The host can determine who can share their screen by making those who wish to share a co-host. Always be cautious about who you give co-host permissions, as they have the ability to moderate participants and share whatever they like on screen.

Moderate your participants

When hosting a Zoom session, it is important to understand the controls provided by Zoom to moderate participants, such as muting, stopping video, putting participants on hold/in waiting room or removing them. You might consider adding another trusted user as a co-host to help you moderate, especially in larger meetings.

Click the Manage Participants button to see the Participants pane:

Manage Participants

At the bottom of the Participants pane, you have options to mute all, unmute all along with some additional participant options, such as locking the meeting so that no one else can join:

Mute Directions

For each individual participant, you can mouse over their name, and use the Mute button or the More button for asking to start video or stop video (if video is enabled), put a participant on hold, or remove them from the session:

Participants

For more information on managing participants and breakout rooms, see the following Zoom articles:

Managing Participants in Meeting

Managing Breakout Rooms

 

Further Zoom Resources

Zoom Tips Shared in a Previous LEC Article

Zoom Help Center

Zoom Resources for Instructional Continuity

Scammers Replicate Third Party Payment Website

Many online shops give the option to complete your transaction through third-party payment sites (e.g., PayPal, Visa Checkout, Google Pay, Apple Pay, etc.). If you shop online at a website that redirects you or has a pop-up window appear, be sure to take a close look at the domain to ensure that you're not being conned.

This is a side-by-side comparison of the fake payment processor versus the real one.

In this image: A side-by-side comparison shows how the fake processor looks versus the real one. There is virtually no difference in appearance save for the domain, which is "payment-mastercard.com" on the fake one and "migs.mastercard.com.au" on the real one. Image courtesy of Malwarebytes.

One of the most common methods hackers use to steal information is infecting a merchant's checkout page with malware that "skims" or gathers personal data. This new method is similar in that the hacker adds bad code to a shop's site, but instead of skimming information, it redirects you to a fake site to pay the hacker directly.

While there is only one known instance of this happening (to a shop in Australia), this could be a trial run for a much larger operation.

Source: Ars Technica

Return to top of page