So, Tom had a very nice video showing the pcap from a zoom session and how it properly establishes a secure TLS channel with the zoom servers. I have seen discussions elsewhere about over 500,000 zoom accounts being sold on the darkweb; with the service protecting the users communication channel, the only insecure thing I have seen has been the settings to which apply to your meeting room, like Tom also discussed. I have not seen any phishing attempts for zoom yet and was thinking that phishing may be the result of these compromised zoom accounts. I wanted to see what the community’s thoughts are on this?
Many people reuse passwords and the lists are most likely password dumps that were validated against Zoom accounts and compiled into a list to be sold.
Thats a good point a good, a good list and some user accounts is all you need.