Benvenuto in Scribd!

Infosec Review PDF

Caricato da

Il 0% ha trovato utile questo documento (0 voti)

40 visualizzazioni7 pagine

This document discusses security and privacy issues with the video conferencing platform Zoom. It notes that several organizations, including SpaceX and Taiwan's government, have banned the use of Zoom due to cybersecurity concerns. The document outlines vulnerabilities in Zoom, including how the app collects extensive personal data on users and may share it with third parties like Facebook. It warns that using Zoom poses risks like leaking confidential Pertamina information, exposing employee personal data, compromising end user devices, and harming Pertamina's IT infrastructure. The document recommends that Pertamina not use Zoom and instead use only approved internal collaboration tools like Microsoft Teams.

Descrizione originale:

Titolo originale

Infosec Review.pdf

Copyright

Formati disponibili

PDF, TXT o leggi online da Scribd

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Segnala questo documento

Copyright:

Formati disponibili

Scarica in formato PDF, TXT o leggi online su Scribd

Segnala contenuti inappropriati

Il 0% ha trovato utile questo documento (0 voti)

40 visualizzazioni7 pagine

Infosec Review PDF

Caricato da

Fajar Kurniawan

Copyright:

Formati disponibili

Scarica in formato PDF, TXT o leggi online su Scribd

Segnala contenuti inappropriati

Salta alla pagina

Sei sulla pagina 1di 7

Cerca all'interno del documento

Corporate ICT – PT Pertamina (Persero)

Pertamina Internal Use Only!

Zoom Flaws

Ref: Infosec Web Publisher

Pertamina Internal Use Only!
Zoom’s banned by organization

Ref:
➢ https://www.forbes.com/sites/kateoflahertyu
k/2020/04/02/elon-musks-spacex-bans-zoom-
after---security-and-privacy-
warnings/#905869c775a7
➢ https://www.fbi.gov/contact-us/field-
offices/boston/news/press-releases/fbi-warns-
of-teleconferencing-and-online-classroom-
hijacking-during-covid-19-pandemic
➢ https://www.bloomberg.com/news/articles/2
020-04-07/taiwan-bans-government-use-of-
zoom-over-cybersecurity-concerns

Pertamina Internal Use Only!

Zoom’s data collection and data sharing
Zoom Privacy Policy:
Besides, Zoom may also collects:
• MAC Address, Device ID, OS Version, Camera
Type, Microphone and Speaker, Connection
type, etc
• Approximate Location
• Employer Detail (Company, title, department)
• Customer content (Cloud recordings, chat /
instant messages, files, whiteboards, and other
information shared while using the service,
voice mails)
• Other account data (Your phone number,
language preference, password)

Ref:
➢ https://securityboulevard.com/2020/03/us
ing-zoom-here-are-the-privacy-issues-you-
need-to-be-aware-of/
➢ https://zoom.us/privacy
➢ Forum Keamaan Siber (FORMASI) by
Gildas Deograt, Cyber Sec Specialist

Pertamina Internal Use Only!

Other Zoom’s Vulnerability

• Zoom knows if you are paying

attention to the call
• Zoom’s installer allows
unprivileged attackers to gain
root privileges on macOS client
• The flaw gives attackers Zoom’s
mic and camera access,
allowing for a way to record
Zoom meetings, or snoop in on
victims’ personal lives
• Zoom could share your
personal data to facebook even
you don’t have facebook
account
Ref:
➢ https://threatpost.com/two-zoom-zero-day-
flaws-uncovered/154337/
➢ https://securityboulevard.com/2020/03/usin
g-zoom-here-are-the-privacy-issues-you-
need-to-be-aware-of/
➢ https://techcrunch.com/2020/03/31/zoom-
at-your-own-risk/ Pertamina Internal Use Only!
Risk
1. Pertamina confidential information could be leaked
2. Employee personal data could be exposed
3. End user device could be compromised
4. Pertamina network/ IT infrastructure could be harmed

Recommendation
1. Do not use Zoom for Pertamina business-related
activities
2. Use Only Pertamina standard application for
online meeting (Microsoft Teams / m-Teams)

Pertamina Internal Use Only!

Potrebbero piacerti anche

ZOOM Quality Management Suite: Compliance Guide
Documento65 pagine
ZOOM Quality Management Suite: Compliance Guide
Laila Yemeni
Nessuna valutazione finora
CERT in Advisory Note Zoom
Documento2 pagine
CERT in Advisory Note Zoom
Nitin Tripathi
Nessuna valutazione finora
Workshop Datacenter Slides
Documento35 pagine
Workshop Datacenter Slides
Arav Chockalingam
Nessuna valutazione finora
Cyberoam Presentation Resellers
Documento59 pagine
Cyberoam Presentation Resellers
Samira Elkamel
Nessuna valutazione finora
ATG IBM z16 Remote Replication - 12-6-2022 Final
Documento94 pagine
ATG IBM z16 Remote Replication - 12-6-2022 Final
Carlos Cardozo
Nessuna valutazione finora
Imonitor Eam Programbook en
Documento28 pagine
Imonitor Eam Programbook en
joaolu
Nessuna valutazione finora
White Paper Fasoo Enterprise DRM
Documento18 pagine
White Paper Fasoo Enterprise DRM
sarontomiguel
Nessuna valutazione finora
Network Security, Report 01
Documento5 pagine
Network Security, Report 01
dara
100% (1)
Increasing Complexity Increases Vulnerability
Documento25 pagine
Increasing Complexity Increases Vulnerability
hannah jane dakit
Nessuna valutazione finora
EPDP
Documento20 pagine
EPDP
Nilesh Bhise
Nessuna valutazione finora
Fbtools Me
Documento8 pagine
Fbtools Me
JOE PARRA
Nessuna valutazione finora
Cyberoam Endpoint Data Protection
Documento2 pagine
Cyberoam Endpoint Data Protection
Dan Toncanu
Nessuna valutazione finora
Essential Computer Security: CSCD 396
Documento45 pagine
Essential Computer Security: CSCD 396
Micara57
Nessuna valutazione finora
Zoom Risk Assessment Final 4.8.2020
Documento5 pagine
Zoom Risk Assessment Final 4.8.2020
Momo Nishina
Nessuna valutazione finora
IT and Digital Literacy in ECE Individual Task: Case Study: U15B 12476816 Kan Wing Shan
Documento19 pagine
IT and Digital Literacy in ECE Individual Task: Case Study: U15B 12476816 Kan Wing Shan
kandy3128
Nessuna valutazione finora
Privacy Vs Security: The Byod Dilemma: Group 6
Documento10 pagine
Privacy Vs Security: The Byod Dilemma: Group 6
Manisha
Nessuna valutazione finora
Technology Usage Policy
Documento6 pagine
Technology Usage Policy
Phung Ong
Nessuna valutazione finora
Sony Ericsson K800i
Documento98 pagine
Sony Ericsson K800i
reza
Nessuna valutazione finora
Clarification Letter (30 Mar 2020) PDF
Documento1 pagina
Clarification Letter (30 Mar 2020) PDF
vita
Nessuna valutazione finora
Call Center Little Instruction Book
Documento98 pagine
Call Center Little Instruction Book
Lorena Chagartegui
Nessuna valutazione finora
Zoom Security Review by Safaricom
Documento6 pagine
Zoom Security Review by Safaricom
Majala Mlagui
Nessuna valutazione finora
Snom3x0 - Support
Documento6 pagine
Snom3x0 - Support
Jesús Ruiz
Nessuna valutazione finora
Zoom:: Lack of Confidentiality, Stability and The Rise of Security Challenges
Documento2 pagine
Zoom:: Lack of Confidentiality, Stability and The Rise of Security Challenges
Srujan Ravindra
Nessuna valutazione finora
LECTURE 4 Aplikasi Komputer
Documento9 pagine
LECTURE 4 Aplikasi Komputer
PREMA SUBRAMANIAM
Nessuna valutazione finora
Protecting From Within
Documento19 pagine
Protecting From Within
oreste2008
Nessuna valutazione finora
K790a UG R1a AE PDF
Documento95 pagine
K790a UG R1a AE PDF
Soumeya Boumadjen
Nessuna valutazione finora
Why Systems Are Vulnerable
Documento8 pagine
Why Systems Are Vulnerable
Sadia Rahman
Nessuna valutazione finora
Global Standard For Technology Security
Documento1 pagina
Global Standard For Technology Security
RS
Nessuna valutazione finora
Global Standard For Technology Security FDM Group Toronto Canada
Documento1 pagina
Global Standard For Technology Security FDM Group Toronto Canada
RS
Nessuna valutazione finora
Vulnerabilities in Foscam IP Cameras Report
Documento12 pagine
Vulnerabilities in Foscam IP Cameras Report
edijhon5815
Nessuna valutazione finora
1.6.1 Data Security: Explain The Difference Between The Terms Security, Privacy and Integrity of Data
Documento17 pagine
1.6.1 Data Security: Explain The Difference Between The Terms Security, Privacy and Integrity of Data
Pardon
Nessuna valutazione finora
5 Things You Need To Make A Secure Call - Rokacom
Documento6 pagine
5 Things You Need To Make A Secure Call - Rokacom
Teo Java
Nessuna valutazione finora
Workstation Requirements
Documento3 pagine
Workstation Requirements
api-259221946
Nessuna valutazione finora
Lab 1 Creating A Zero Trust Environment PDF
Documento24 pagine
Lab 1 Creating A Zero Trust Environment PDF
Jeevan Teza Yadav
Nessuna valutazione finora
Quiz 6 in IT 208 (IT 2-I)
Documento10 pagine
Quiz 6 in IT 208 (IT 2-I)
Aldrei Torres
Nessuna valutazione finora
S&T II Assignment
Documento11 pagine
S&T II Assignment
Paridhi Jain
Nessuna valutazione finora
Summary of The Article: Cybersecurity 101: Protect Your Privacy From Hackers, Spies, and The Government
Documento7 pagine
Summary of The Article: Cybersecurity 101: Protect Your Privacy From Hackers, Spies, and The Government
Uzman Ahmed
Nessuna valutazione finora
2) Host Level Threats and Vulnerabilities
Documento19 pagine
2) Host Level Threats and Vulnerabilities
Bhanu Naik
Nessuna valutazione finora
Department of Computer Science
Documento5 pagine
Department of Computer Science
Rao Aqib Javed
Nessuna valutazione finora
The Malware Menagerie: Roger Clarke
Documento12 pagine
The Malware Menagerie: Roger Clarke
kittysingla40988
Nessuna valutazione finora
Somansa Introduces Mail-I Cloud, Network Data Loss Prevention, DLP For Web
Documento2 pagine
Somansa Introduces Mail-I Cloud, Network Data Loss Prevention, DLP For Web
PR.com
Nessuna valutazione finora
Communicating With Others: Want A Security Starter Pack? - Surveillance Sel..
Documento6 pagine
Communicating With Others: Want A Security Starter Pack? - Surveillance Sel..
luciange
Nessuna valutazione finora
Cyberoam EndPoint Data Protection Presentation
Documento31 pagine
Cyberoam EndPoint Data Protection Presentation
Akshay Vyas
Nessuna valutazione finora
Spyware - A Hidden Threat
Documento5 pagine
Spyware - A Hidden Threat
Aungkhine
Nessuna valutazione finora
Pranil SSS LAB 2
Documento5 pagine
Pranil SSS LAB 2
Pranil Choudhari
Nessuna valutazione finora
Chp4internetintranetextranet 140904095601 Phpapp02
Documento20 pagine
Chp4internetintranetextranet 140904095601 Phpapp02
YâshRåj
Nessuna valutazione finora
WP 7 Things Secure Nomadic Workforce
Documento7 pagine
WP 7 Things Secure Nomadic Workforce
vipin2k8
Nessuna valutazione finora
Fips Seal Icx7750
Documento9 pagine
Fips Seal Icx7750
jscer
Nessuna valutazione finora
Information Security Awareness
Documento4 pagine
Information Security Awareness
Domin Go
Nessuna valutazione finora
Role Description Information Systems Support Latam: Phibion Pty LTD
Documento3 pagine
Role Description Information Systems Support Latam: Phibion Pty LTD
Ranieri Dante Janousek
Nessuna valutazione finora
Mobile Protection: Smartphone Security
Documento36 pagine
Mobile Protection: Smartphone Security
sunny kent
Nessuna valutazione finora
Curriculum Vitae: Work Experience
Documento2 pagine
Curriculum Vitae: Work Experience
Thomaz Stepheson de Souza Gomes
Nessuna valutazione finora
Practical # 8 AIM:-: Configure Web Browser Security Settings
Documento8 pagine
Practical # 8 AIM:-: Configure Web Browser Security Settings
Ayush Patel
Nessuna valutazione finora
Symantec Endpoint Encryption, Powered by PGP™ Technology
Documento3 pagine
Symantec Endpoint Encryption, Powered by PGP™ Technology
BorisKkb
Nessuna valutazione finora
MS-Defender-endpoint Competitive Cheatsheet - Cleaned
Documento3 pagine
MS-Defender-endpoint Competitive Cheatsheet - Cleaned
Hugo Garcia
Nessuna valutazione finora
PC World October 2008 - PC World
Documento175 pagine
PC World October 2008 - PC World
Adam Glassner
Nessuna valutazione finora
COMPUTER A LEVEL (FORM SIX) NOTES - AN INTRODUCTION OF COMPUTER SECURITY AND PRIVACY - EcoleBooks
Documento23 pagine
COMPUTER A LEVEL (FORM SIX) NOTES - AN INTRODUCTION OF COMPUTER SECURITY AND PRIVACY - EcoleBooks
Hyacinth Chimunda
Nessuna valutazione finora
PRN 2018.07 Twelve Ways To Defeat Two-Factor Authentication ISACA
Documento51 pagine
PRN 2018.07 Twelve Ways To Defeat Two-Factor Authentication ISACA
Hussain Mansoor
Nessuna valutazione finora
Security 30 March 2019
Documento70 pagine
Security 30 March 2019
James Doyton
Nessuna valutazione finora
Your System's Sweetspots: CEO's Advice on Basic Cyber Security: CEO's Advice on Computer Science
Da Everand
Your System's Sweetspots: CEO's Advice on Basic Cyber Security: CEO's Advice on Computer Science
Warren H. Lau
Nessuna valutazione finora
National Institute For Industrial Training Final
Documento18 pagine
National Institute For Industrial Training Final
Bishwajit Prasad Gond
Nessuna valutazione finora
Manual-108M Router PDF
Documento47 pagine
Manual-108M Router PDF
Calin Paul-Doru
Nessuna valutazione finora
ACN Error Detection and Control
Documento15 pagine
ACN Error Detection and Control
arvind venkat
Nessuna valutazione finora
Group 13 Airtel
Documento53 pagine
Group 13 Airtel
Shilpa Ravindran
100% (1)
WEP Crack Using Aircrack-Ng by Arunabh Das
Documento146 pagine
WEP Crack Using Aircrack-Ng by Arunabh Das
Arunabh Das
Nessuna valutazione finora
Hybrid Video Recorder Sistore MX 3G: V2.90 SP2 - M1
Documento5 pagine
Hybrid Video Recorder Sistore MX 3G: V2.90 SP2 - M1
Deni Hadi
Nessuna valutazione finora
Voice VLAN Technology White Paper
Documento16 pagine
Voice VLAN Technology White Paper
vanandrea
Nessuna valutazione finora
997-01510-03 User Guide
Documento216 pagine
997-01510-03 User Guide
gilsondarkman
Nessuna valutazione finora
Checklist For Technical Verification of Ship Security Alert System (SSAS)
Documento1 pagina
Checklist For Technical Verification of Ship Security Alert System (SSAS)
Pratik Ramavat
Nessuna valutazione finora
Chapter 7
Documento50 pagine
Chapter 7
T20UBCA027 - Mithuna Shanmugam
Nessuna valutazione finora
Spread-Spectrum Signals For Digital Communications
Documento51 pagine
Spread-Spectrum Signals For Digital Communications
nandini
Nessuna valutazione finora
5530-24TFD Data Sheet
Documento12 pagine
5530-24TFD Data Sheet
Vikal Agarwal
Nessuna valutazione finora
Technical Characteristics of Emergency Position-Indicating Radio Beacons Operating On The Carrier Frequencies of 121.5 MHZ and 243 MHZ
Documento4 pagine
Technical Characteristics of Emergency Position-Indicating Radio Beacons Operating On The Carrier Frequencies of 121.5 MHZ and 243 MHZ
hishamuddinohari
Nessuna valutazione finora
UMTS Basic Principles
Documento64 pagine
UMTS Basic Principles
mazagngi2010
100% (3)
Security Procedures For LTE
Documento57 pagine
Security Procedures For LTE
Samad Rafiq Talha
Nessuna valutazione finora
PA0FBK Antenna Demystified
Documento25 pagine
PA0FBK Antenna Demystified
Enero A. Sais
Nessuna valutazione finora
Huawei B2368
Documento10 pagine
Huawei B2368
Anthony Fernandez Mendez
Nessuna valutazione finora
DCN Exp 1-2022
Documento6 pagine
DCN Exp 1-2022
Soham Sawant
Nessuna valutazione finora
Micromax Case
Documento30 pagine
Micromax Case
Lakshav Kapoor
Nessuna valutazione finora
Wa0001.
Documento6 pagine
Wa0001.
souvikgh22
Nessuna valutazione finora
Andrew Antenas RF
Documento123 pagine
Andrew Antenas RF
Roger Pereira Guerra
0% (1)
BRKCRS 2501
Documento372 pagine
BRKCRS 2501
dodowe1143
Nessuna valutazione finora
WC Lab File
Documento30 pagine
WC Lab File
kann
Nessuna valutazione finora
Instructor Version
Documento16 pagine
Instructor Version
Jeevan Gipulan Nacuspag
Nessuna valutazione finora
Acer Aspire 7336 7336g 7336gz 7336z 7736 7736g 7736gz 7736z jv71-mv (09242-1 4fx01)
Documento60 pagine
Acer Aspire 7336 7336g 7336gz 7336z 7736 7736g 7736gz 7736z jv71-mv (09242-1 4fx01)
smooky1980
Nessuna valutazione finora
NNH4-65C-R6-V2 Product Specification
Documento5 pagine
NNH4-65C-R6-V2 Product Specification
Antony López Gálvez
Nessuna valutazione finora
Quiz On Mobile Communication
Documento12 pagine
Quiz On Mobile Communication
kundan1094
Nessuna valutazione finora
2835 I2C Interface PDF
Documento2 pagine
2835 I2C Interface PDF
Anonymous I42Heqce7f
100% (2)
IEC PAS 62030 Real-Time Publish-Subscribe (RTPS) Wire Protocol Specification Version 1.0
Documento166 pagine
IEC PAS 62030 Real-Time Publish-Subscribe (RTPS) Wire Protocol Specification Version 1.0
Benjamin Ricardo Nasrallah Alvarez
Nessuna valutazione finora
GMDSS Students WorkBook - 2016-2017 - LB Engl
Documento124 pagine
GMDSS Students WorkBook - 2016-2017 - LB Engl
Anatolii Copanoi
Nessuna valutazione finora