How are high impact service providers driving digital excellence across government?

Federal agencies designated as HISPs are leading the charge to deliver seamless, secure and human-centered services. Our new Federal News Network Expert Edition brings together insights from leaders who are shaping the future of customer experience in government.

Get tips and insights from:

• Donald Bauer, former chief technology officer, Global Talent Management, State Department
• Stan Kowalski, director of organizational excellence and strategic delivery, International Trade Administration
• James McCament, chief digital transformation officer, Customs and Border Protection
• Barbara Morton, deputy chief veterans experience officer, Department of Veterans Affairs
• Jonathan Alboum, federal chief technology officer, ServiceNow
• Steven Boberski, public sector chief technology officer, Genesys
• Amanda Chavez, vice president of strategy, Qualtrics
• Jake Dempsey, CEO and co-founder, Project Broadcast
• Sean Hetherington, director of federal civilian, Adobe
• Matt Mandrgoc, head of U.S. public sector, Zoom
• Angy Peterson, vice president of experience services, Granicus

Explore how these leaders are leveraging AI, data and design thinking to simplify service delivery, scale personalization and build trust with the public.

Read the full e-book now!

The post Expert Edition: Reimagining service: How HISPs lead the digital charge sponsored by Carahsoft first appeared on Federal News Network.

Both platforms serve as backbone infrastructure for remote work and software development, making these flaws particularly dangerous for business continuity.

The post Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities appeared first on TechRepublic.

Both platforms serve as backbone infrastructure for remote work and software development, making these flaws particularly dangerous for business continuity.

The post Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities appeared first on TechRepublic.

Fixes were rolled out for over two dozen vulnerabilities, including critical- and high-severity bugs.

The post Atlassian, GitLab, Zoom Release Security Patches appeared first on SecurityWeek.

A critical command injection vulnerability in Zoom Node Multimedia Routers (MMRs) has been disclosed, potentially allowing meeting participants to execute arbitrary code on vulnerable systems. The flaw affects Zoom Node Meetings Hybrid and Meeting Connector deployments, requiring immediate patching across enterprise environments. Vulnerability Overview Zoom Offensive Security identified a command injection flaw in Zoom Node […]

The post Critical Zoom Vulnerability Enables Remote Code Execution via Command Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical Zoom vulnerability put Windows users at risk of data theft and system compromise. Zoom has patched the flaw. Users should update immediately.

The post Windows Users at Risk as Critical Zoom Vulnerability Exploited appeared first on TechRepublic.

A critical Zoom vulnerability put Windows users at risk of data theft and system compromise. Zoom has patched the flaw. Users should update immediately.

The post Windows Users at Risk as Critical Zoom Vulnerability Exploited appeared first on TechRepublic.

Summary Bullets:

• New Zoom Workplace features are emblematic of the advent of agentic AI and the rise of Zoom as a competitor.
• A rapid accumulation of Workplace features provides Zoom with the challenge of drafting clear messaging regarding security and market positioning.

Earlier this month Zoom continued its steady drumbeat of enhancements to the Zoom Workplace platform with the latest round of new features. As with previous rounds, the new capabilities enable users to be more productive by saving time during their workday. However, the real headline is that the features are emblematic of the advent of agentic AI and the rise of Zoom as a competitor.

All the new features add value, but two are especially worth noting. With the Custom AI Companion add-on, AI Companion can attend meetings on a user’s behalf held on platforms from three of Zoom’s biggest rivals – Microsoft, Google, and coming soon, Cisco – and automatically transcribe, summarize, and deliver actionable follow-ups. Also with the add-on, users can connect to 16 third-party apps to complete tasks without ever leaving Zoom. For example, resolving customer support tickets with Zendesk and ServiceNow; updating project statuses, assigning tasks, and setting deadlines with Asana and Jira; and expediting recruiting, interviews, and onboarding with Workday.

A common thread running through the announced features is the latest phase of AI – agentic AI. Agentic AI stretches beyond generating content, featuring agents that perform tasks on users’ behalf. Agentic AI can act autonomously, make decisions, and take action without human intervention. It can adjust its approach based upon new information or changing circumstances. Zoom and each of its competitors are leveraging agentic AI in some shape or form.

Most significantly, the new features symbolize a profound metamorphosis taking place at Zoom. After its video meetings capability became renowned virtually overnight in the dark, nascent days of the pandemic, Zoom ignited a steady evolution of its platform. With the October 2023 introduction of Zoom AI Companion, that evolution took a sharp trajectory upward and morphed into a full-blown renaissance marked by the introduction of GenAI features. With the implementation of agentic AI capabilities – both those recently and newly introduced – Zoom has entered yet another chapter. Now, Zoom has taken an important step in that chapter with the integrations between competitor platforms and roster of third-party apps.

Zoom is converting the Workplace platform from an island of collaboration into a centralized hub connecting with external tools. With a critical mass of functionality available from within Zoom, Zoom creates much stickier relationships with users and enables them to get work accomplished much more rapidly. However, there are disadvantages to having extended functionality under one roof.

Within the last few years, Zoom experienced a security incident which made headlines, labeled ‘Zoom bombing.’ The company promptly restored trust, resolving the problem quickly and communicating to the public what types of security measures it had in place. Today, with Zoom Workplace linking into other tools, the issue of security becomes top of mind again. Zoom needs to resurrect the strong security message it previously drafted and remind users what safeguards are in place to reduce the chance of a major breach.

The rapid accumulation of features on the platform over an abbreviated period has resulted in a mosaic of capabilities. Zoom needs to craft a clear ‘identity’ for its suite of tools and send an unambiguous positioning message to the market. Cisco provides a good lead for Zoom to follow. In communicating what its Webex Suite stands for Cisco has erected three pillars: hybrid work, customer experience, and workspaces. Zoom needs to decide what its pillars are and mold a message accordingly.

By continuing to regularly augment the platform while drafting strong messaging regarding security and market positioning, Zoom will be poised to continue its ascent.

As businesses pivot towards multiple UCaaS platforms, the latest Exoprise monitoring solution offers deep application and network intelligence to support a modern workforce with a great digital experience. Waltham, MA – October 12, 2022 – Exoprise, a leader in Digital Experience Monitoring (DEM) solutions, announced that its latest Service Watch release enables enterprise IT and Unified Communications…

The post Exoprise Expands Network Visibility into Microsoft Teams and Leading UCaaS Applications appeared first on Exoprise.

An investigation of the clickless attack surface for the popular Zoom video conferencing solution revealed two Zero-Day Bugs (previously unknown security vulnerabilities) that could be exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory.

Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues affect both Zoom clients and Media Router (MMR) servers that relay audio and video content between clients on on-premises deployments.

The flaws have since been fixed by Zoom as part of updates released on November 24, 2021.

The goal of a no-click attack is to stealthily take control of the victim’s device without requiring any user interaction, such as clicking on a link.

While exploit features vary depending on the nature of the vulnerability exploited, a key feature of click-free hacks is their ability to leave no trace of malicious activity, making them very difficult to detect.

Two defects identified by Project Zero:

• CVE-2021-34423 (CVSS score: 9.8) is a buffer overflow vulnerability that can be used to crash a service or application or execute arbitrary code.
• CVE-2021-34424 (CVSS score: 7.5) is a process memory disclosure error that can be used to potentially obtain information about arbitrary areas of product memory.

While analyzing real-time transport protocol (RTP) traffic used to deliver audio and video over IP networks, Silvanovich discovered that it was possible to manipulate the contents of a buffer that supports playback of various types of data by sending a malformed chat message that causes the MMR client and server to crash.

Additionally, the lack of a NULL check that is used to detect the end of a string allowed for a memory leak when joining a Zoom meeting through a web browser.

The researcher also attributed the lack of memory corruption to the fact that Zoom did not enable ASLR, i.e., address space layout randomization, a security mechanism designed to increase the difficulty of executing buffer overflow attacks.

“The absence of ASLR in the Zoom MMR process greatly increases the risk that an attacker can compromise it,” Silvanovich said. “ASLR is perhaps the most important defense against memory corruption exploits, and the effectiveness of most other defenses at some level depends on the fact that it is disabled in the vast majority of programs.”

While most videoconferencing systems use open source libraries such as WebRTC or PJSIP to implement multimedia communications, Project Zero has identified Zoom’s use of proprietary formats and protocols, as well as high license fees (nearly $1,500) as barriers to research. in the field of security.

“Closed source software creates unique security challenges, and Zoom can do more to make its platform available to security researchers and others who want to evaluate it,” Silvanovich said. “While Zoom Security helped me access and set up the server software, it’s not clear if support is available for other researchers, and software licensing was still expensive.”

The post Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers Details Google appeared first on OFFICIAL HACKER.