A previously undisclosed bug in Zoom s customizable URL feature has been addressed that could have offered a hacker a perfect social-engineering avenue for stealing credentials or sensitive information. An attacker could pose as a company employee, invite customers or partners to meetings, then use socially engineered conversation to extract sensitive information, according to an analysis from Check Point. The security flaw existed in the Vanity URL feature for Zoom, which allows companies to set up their won Zoom meeting domain, i.e. “yourcompany.zoom.us ”
Source: https://threatpost.com/zoom-vanity-url-zero-day/157510/