The Computer Security Incident Response Team (CSIRT) of the Nigerian Communications Commission (NCC) has advised users of videoconferencing platform, Zoom, to install the latest update of the software from the publisher’s official website following the discovery of vulnerabilities that allows a remote attacker to breach users’ privacy.
In its advisory issued on Wednesday the CSIRT reported that the Indian Computer Emergency Response Team (CERT-In) found several flaws in the Zoom app.
The videoconferencing platform became popular for virtual meetings in the wake of the COVID-19 pandemic with more than 300 million daily users worldwide.
It has since become a platform for millions of more affordable virtual meetings and conferences, which would otherwise have been held in person at more a higher cost to organizers and even participants.
But several hackers have found a way to breach the app and join private meetings without invitations and sometimes post very obnoxious content to distract meetings.
In the current instant, the NCC-CSIRT) noted that “The vulnerabilities exist owing to incorrect access control implementation in Zoom On-Premises Meeting Connector MMR prior to version 4.8.20220815.130.”
It added that “A remote attacker could exploit these flaws to join a meeting they were not permitted to attend without being seen by the other attendees. They can also access audio and video feeds from meetings they were not permitted to attend, as well as interrupt other sessions.”
Successful exploit of these vulnerabilities could allow an unauthorized remote authenticated user to bypass implemented security limitations on the targeted system.
The Computer Security Incident Response Team (CSIRT) is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.
The CSIRT also work in collaboration with the Nigeria Computer Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risks incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.
Ghana
Ghana has a whole Cyber Security Authority (CSA), which does more talking than paying attention to and advising the public on the specific dangers in the cyberspace.
Recently, the Acting Director-General of CSA, Dr. Albert Antwi-Boasiako was in the media talking about how uneducated Ghanaians are about cybersecurity and how vulnerable citizens are to dangers in the cyberspace.
Meanwhile, several reports and incidents happen around the world regarding risks in the cyberspace, but very little is heard of the CSA on what citizens should do to avoid being victims, and if they fall victim, how to get out of the web of hackers and fraudsters.
There have been several industry reports of how vulnerable Ghana and Ghanaians are to cyberattacks, but the CSA is happy holding cyber security month and also receiving accolades for some paperwork done, while citizens still remain vulnerable to hackers and cyber fraudsters.
