Cisco is rolling out fixes for three vulnerabilities in its Webex video-conference software that made it possible for interlopers to eavesdrop on meetings as a “ghost,” meaning being able to view, listen, and more without being seen by the organizer or any of the attendees.
The vulnerabilities were discovered by IBM Research and the IBM’s Office of the CISO, which analyzed Webex because it’s the company’s primary tool for remote meetings. The discovery comes as work-from-home routines have driven a more than fivefold increase in the use of Webex between February and June. At its peak, Webex hosted up to 4 million meetings in a single day.
The vulnerabilities made it possible for an attacker to:
Legal Notice: Views expressed in articles published in www.ebusinessbrief.com are those of the authors and www.ebusinessbrief.com or its owners take no responsibility regarding the same. Advertisements in www.ebusinessbrief.com are published for information of the subscribers. www.ebusinessbrief.com does not authenticate, endorse or guarantee any of the products or services or claims made by the Advertisers. Readers are advised to themselves verify the details. No part of this publication may be reproduced by any means without prior written permission from the Editor. Permission is normally granted wherever sufficient acknowledgement is given to www.ebusinessbrief.com.