Zoom’s DocuSign integration lets users sign documents in video calls


Sabina Weston

16 Feb, 2022

Zoom has added a DocuSign integration to its video meetings, allowing users to sign documents within the video conferencing app.

DocuSign eSignature for Zoom is now available for versions of Zoom Desktop 5.7.3 or later. Users can add the extension by logging into their DocuSign and Zoom accounts and installing the DocuSign eSignature App from the Zoom App Marketplace.

Once installed, users can send a document via email or SMS and, once in the Zoom meeting, select the right document from the “Find your agreement” tab in the right pane of the app, and pass control to the signer. 

The integration could be particularly useful for signing legal documents when setting up a business agreement in another country or applying for a visa, which often require the presence of a notary in order to verify the identity of the signee. However, Zoom Apps & Integrations product lead Ross Mayfield said that the integration is primarily about simplifying the process of signing documents over video call.

“Employees don’t want to spend their days toggling between countless apps and emails, especially when working with customers or partners. They want tools that streamline workflows and easily enable them to connect and collaborate,” he said, adding that Zoom is “excited about DocuSign eSignature for Zoom as it allows stakeholders to review agreements together in real-time before signing, helping eliminate communication silos and accelerate the completion of agreements”.

In a blog post announcing the integration, DocuSign SVP Jerome Levadoux highlighted the impact of the pandemic-induced shift to remote working.

“The past few years have highlighted the need for agility and better productivity tools to meet the evolving needs of customers. We are excited to partner with Zoom to offer the DocuSign eSignature app for Zoom to make it easier than ever to streamline how we collaborate and come to agreement in the emerging anywhere economy,” he said.

The news comes days after the video conferencing platform released an update to its macOS Monterey client addressing a security issue whereby a Mac’s microphone remained enabled even after a Zoom meeting had ended, leading to users claiming that the app is ‘listening in on them’.

Google Chrome update fixes zero-day under active exploitation


Connor Jones

15 Feb, 2022

Google has released a fresh wave of patches for seven high-severity security issues affecting Google Chrome, including one zero-day vulnerability under active exploitation.

The latest stable build (98.0.4758.102) for WindowsMac, and Linux brings with it a total of 11 security fixes, with many of the highest-severity flaws relating to use after free (UAF) vulnerabilities.

The zero-day, tracked as CVE-2022-0609 and carrying a CVSSv3 score of 9.8/10, is a UAF in animation vulnerability which Google says is under active exploitation in the wild.

Discovered by Google’s Threat Analysis Group researchers, Adam Weidemann and Clément Lecigne, very few details of the security flaw have been revealed but UAF vulnerabilities typically facilitate attacks such as arbitrary code execution and data corruption in unpatched software, and can lead to the takeover of a victim’s machine.

UAF vulnerabilities relate to incorrect use of dynamic memory in software. Dynamic memory allocation is used by programmers to store large amounts of data within running software and blocks of data are reallocated repeatedly. 

Programmes use headers to check which sections of dynamic memory are free and UAF vulnerabilities can be exploited when programmes don’t manage these headers properly. These flaws allow an attacker to substitute code in place of cleared data in dynamic memory if a pointer isn’t cleared after data is moved to a different block.

The majority of the high-severity vulnerabilities in the latest wave of patches relate to UAF in various components of Google Chrome. One exists in File Manager (CVE-2022-0603), another in the Webstore API (CVE-2022-0605), one in ANGLE (CVE-2022-0606), and finally one in GPU (CVE-2022-0607), as well as the zero-day.

Among the other most serious flaws available in the latest stable build is CVE-2022-0608, an integer overflow flaw in Mojo. Reported by Google Project Zero’s Sergei Glazunov, integer overflow attacks occur when an arithmetic-based process within a programme returns a value greater than the range set by the target variable can hold.

Such vulnerabilities can lead to data theft, data exfiltration, a complete takeover of a system, or simply prevent the application from running properly.

Google said the update will be rolling out automatically over the coming days and weeks for all operating systems, but concerned users can force an update immediately to the latest version by navigating to the Google Chrome menu in the top right corner of the browser, hovering over ‘Help’, and selecting the ‘About Google Chrome’ menu, or by typing ‘chrome://settings/help’ into the URL bar.

Microsoft tempts legacy G Suite users with hefty discount


Sabina Weston

15 Feb, 2022

Microsoft is looking to tempt disgruntled legacy G Suite users with a “special offer” that includes a 60% discount on year-long Microsoft 365 Business Basic, Business Standard, or Business Premium subscriptions.

Last month, Google announced that it would give those with free G Suite accounts until 1 July to upgrade their plans to a paid subscription, after which point they will lose access to most of its services. The move could be especially detrimental to small businesses that were able to save up to £13.80 per user per month by not paying for a G Suite, now known as Workspace, account.

Microsoft has seemingly decided to capitalise on Google’s decision, identifying a new group of potential customers who could be seeking a new email account provider, allowing them to also benefit from Microsoft Teams, cloud storage, as well as a suite of Office apps.

“If you’re a small business that’s relied on G Suite legacy free edition, we couldn’t help but notice you might be in the market for a new solution. We’ve got news for you: today, you can get a 60% discount on a 12-month Microsoft 365 Business Basic, Business Standard, or Business Premium subscription, along with the help you need to make the move,” Jared Spataro, corporate vice president for Microsoft 365, announced last week in a blog post.

Small businesses that decide to migrate their data from legacy G Suite to Microsoft 365 will be able to benefit from Microsoft’s Business Assist, which provides expertise and advice for those who are new to the service, ensuring that they make the most out of 365.

Google has since backtracked on its decision to shutter legacy accounts, adding a section to its support page that promises more options for people to keep the data stored in their accounts for free. Although the options won’t include premium features like custom email or multi-account management, this could potentially be subject to change “in the coming months”, the tech giant added. 

The company was not immediately available to comment when reached by CloudPro

Vodafone taps Oracle for its cloud-native standalone 5G network


Sabina Weston

14 Feb, 2022

Vodafone has announced that it has selected Oracle to provide cloud-native network policy management that will help it progress towards standalone (SA) 5G

The solution is comprised of Oracle’s 5G Core Policy Control Function (PCF) and Policy and Charging Rules Function (PCRF), which allows the deployment of complex network policies, including wireless, fixed, and cable, as well as Internet of Things (IoT) and machine-to-machine (M2M) networks. 

In Vodafone’s case, the solution will provide data on the basis of which Vodafone’s customers will be able to choose the best network offering for their needs. This will allow Vodafone to automate and scale to meet the expected growth in 5G subscribers and connected devices, allowing a seamless experience across 4G and 5G networks while also delivering a smooth integration of new 5G services – such as VR/AR, live-streaming, or IoT.

Oracle’s senior vice president and general manager of Networks, Andrew Morawski, said that intelligent policy management is the “entryway” to any new opportunities provided by 5G connectivity:

“Our 5G and cloud capabilities are helping Vodafone to build a future-proof network that is automated, easier to scale, simpler to operate, and more cost-effective,” he added.

Commenting on the news, Vodafone UK chief network officer Andrea Dona said that “moving to ‘cloud native’ is a culture shift as much as it is a technology shift for a techcomms company like Vodafone”. 

“Our partners must demonstrate flexibility and agility, as well as aligning to our vision of how technology will augment and support tomorrow’s digital society,” she added.

The news comes days after reports emerged of Virgin Media O2 calling off its Mobile Virtual Network Operator (MVNO) agreement with Vodafone.

Signed in 2019 and implemented only last year, the deal saw Vodafone replace BT in supplying wholesale mobile network services, including both voice and data, to Virgin Mobile and Virgin Media Business. It also provided Virgin Media with full access to Vodafone’s current services and future technologies, including its 5G network, and was set to last until 2026. However, the newly-merged Virgin Media O2 has reportedly informed its bondholders late last week that it has now cancelled the deal.

A spokesperson for Virgin Media O2 declined to comment on the reports.

Zoom users claim macOS app keeps ‘listening’ after meetings end


Connor Jones

14 Feb, 2022

Video conferencing and collaboration platform Zoom has released an update to its macOS client addressing a security issue whereby a Mac’s microphone remained enabled even after a meeting had ended.

Zoom users running the latest version of macOS Monterey had been concerned about the apparent privacy issues since December 2021, according to posts made on the official Zoom community support forums, first reported by The Register.

The issue in question involved the orange dot in the Mac’s Control Centre appearing, indicating that the device’s microphone was being used in an application. That app was revealed to be Zoom, which was open in the taskbar but not actively in a meeting.

Numerous replies to the original post echoed concerns regarding where the audio data was being sent, and that it wasn’t a single use case. 

One user appearing to represent Zoom support said the bug was known to Zoom and it was patched in the 5.9.3 version released on 24 January 2022. That said, IT Pro is still waiting to hear from Zoom officially.

The release notes accompanying version 5.9.3 made no explicit mention of the macOS bug, but earlier release notes for version 5.9.1 issued on 20 December 2021 indicated the big had been fixed, though no explanation as to why the bug presented itself, or what was done with recordings.

Numerous users also reported the bug persisting even after updating to version 5.9.1 and complaints persisted well into January 2022, long after even the 5.9.3 patch was released. IT Pro will update this story if Zoom provides clarity on the issues.

At the time, users commenting on the community support thread voiced their concerns around privacy, re-iterating their experience with Zoom’s privacy issues in years gone by. One user said: “This is [a] major privacy breach and I am considering dropping Zoom and asking my IT department to replace Zoom with a more secure option”.

The incident prompted Apple to roll out a silent update removing the web server from all Mac machines which followed Zoom’s own update achieving the same purpose. Apple said at the time that no user intervention was required to enable the update but IT Pro’s testing, at the time, showed the issue persisted until the user rebooted their machine.

The company also settled a case with the Federal Trade Commission (FTC) in 2020 after the claims it made about the use of end-to-end encryption (E2EE) on its platform, which was used by governments and local authorities during the pandemic, turned out to be false.

Microsoft wins contract to build Singapore’s first sovereign cloud


Zach Marzouk

11 Feb, 2022

Singapore’s Home Team Science and Technology agency (HTX) has chosen Microsoft to develop a sovereign cloud to accelerate its digital transformation.

HTX said the agreement will play a key role in helping domestic services, such as the police or civil defence force, to deliver improved safety and security to all citizens, residents, and visitors to the city-state.

The sovereign cloud will be built on Microsoft’s Azure platform and equip HTX with on-demand high-performance cloud computing and data storage resources. It hopes this will help the agency quickly adopt and create new technologies and reduce time-to-market in introducing new digital capabilities.

It added that it will provide home team officers on the ground with real time data to help them respond quicker to incidents and make decisions faster.

“This strategic partnership with Microsoft to develop a sovereign cloud here in Singapore will enable us to push the boundaries of innovation and be in the forefront of technology,” said Chan Tsan, CEO of HTX and deputy secretary of the Ministry of Home Affairs.

“This way, we will be well-poised to exponentially enhance the capabilities of the home team and to keep Singapore as the safest place on the planet.”

Microsoft will also provide additional training and educational opportunities as part of the agreement, including 600 training places along with exam certificates to be made annually to the organisation. It hopes that the training will advance the technical skills of cloud technology professionals in Singapore.

“We’re delivering a trusted sovereign cloud that adheres to and meets the needs of the Singapore government – one that will expedite their digital transformation efforts,” said Judson Althoff, executive vice president and chief commercial officer at Microsoft. “Our agreement will enable key technological advancements and provide access to data and insights to help drive change across various communities.”

Although Microsoft does have an Azure cloud region in Singapore, it remains unclear as to where the new sovereign cloud will be housed. Building data centres in the city is still restricted but the government is planning to lift the ban on their construction once new rules placing strict energy efficiency requirements on all new sites come into force.

Almost a quarter of all spam emails were sent from Russia in 2021


Sabina Weston

11 Feb, 2022

A quarter (24.77%) of all spam emails sent in 2021 originated from Russia, with more than half (56%) of all emails being spam messages.

That’s according to Kaspersky’s latest Annual Spam and Phishing Report, which analysed close to 150 million malicious email attachments blocked by the cyber security provider’s antivirus over the course of last year.

Kaspersky identified 10 countries that were responsible for sending out more than three quarters of the world’s spam emails, with Russia and Germany (14.12%) being the most prolific senders.

The US and China came in third and fourth place, at 10.46% and 8.73% respectively. The Netherlands (4.75%) came in fifth place, followed by France (3.57%), Spain (3%) and Brazil (2.41%), Japan (2.36%), and Poland (1.66%).

When compared to 2020, Russia and China had the most significant rise in sent spam – a 3.5% and 2.5% increase, respectively.

Brazil-based users were most often targeted by phishing attacks, with 12.4% of 2021’s victims being based in the South American country, followed by French, Portuguese, and Mongolian users.

When it came to content, 2021’s spam emails mostly centred around popular topics including money and investment, Bond and Spider-Man movie premieres, and the pandemic, which Tatyana Shcherbakova, security expert at Kaspersky, described as “bread and butter for scammers”.

The most notable COVID-related scams included fictitious financial support schemes and fake COVID vaccination passes and QR codes, Kaspersky found.

“These scams prove to be very efficient as people continue to trust too much of what they see in their inboxes and browsers. We believe it is important to be aware that there are a lot of offers out there that seem “too good to be true”,” she said, calling on people “to be cautious when it comes to trusting what’s in their email”.

“This approach may help them save their private data and money,” Shcherbakova added.

Kaspersky’s findings come weeks after Microsoft issued a warning about hackers targeting Microsoft 365 users with a fake app capable of stealing OAuth authentication tokens, providing them full access to the victim’s email, calendar, and contacts.

Microsoft Teams now uses 50% less power than when it first launched


Connor Jones

10 Feb, 2022

Microsoft has said its Teams app now uses 50% less power when running video calls and meetings, thanks to a range of performance improvements it has implemented since 2020. 

Microsoft Teams can be especially demanding for users of low-end devices that lack the adequate hardware processing capabilities of more expensive models, Microsoft said, especially with functions like meetings with multiple video streams or sharing one’s screen with a group.

Ongoing optimisations to the collaboration platform have improved the experiences for many business users and have led to reduced energy costs, Microsoft said, as it outlined the timeline of its optimisation releases over the past few years.

“One of the challenges brought on by the ubiquity of Teams is the need to create equitable experiences across an incredibly diverse Windows device ecosystem,” said Robert Aichner, principal group program manager at Microsoft.

“We’re committed to ensuring great calling and meeting experiences for users on low-end hardware as well as those on high-end workstations and high-resolution monitors. One of the factors we’ve addressed is the difference in power requirements for different customer profiles by ensuring Teams meetings are as energy-efficient as possible, regardless of setup.”

Microsoft measured the improvements by creating a testing framework that accounted for different energy-demanding scenarios, such as video meetings and screen sharing, to evaluate the critical processes associated with them to identify optimisation opportunities. Such processes included content capture, encoding, and rendering.

Credit
Microsoft

Over the course of 17 months, Microsoft made changes to these processes, starting with video capture optimisation in October 2020, involving a reduction in CPU load when the camera was enabled. This delivered the most significant performance increase, with a 27% drop in power consumption.

Specifically, Microsoft focused on camera optimisations that targeted reduced CPU load in meetings and reducing code complexity in areas such as auto-exposure, auto-white balance, and auto-aliasing.

This was followed by consolidating multiple screen elements for a single render process in February 2021, which brought an additional 14% decrease in power use. Incremental optimisations made over the following year delivered small improvements, slowly building to a peak performance improvement of 52%.

“Similar to our other performance improvement initiatives, these power consumption improvements are subjected to progressive testing to validate the intended benefits across customers and environments,” said Aichner. “Additionally, we evaluate each new planned Teams feature to ensure existing processing efficiencies are not compromised.

“So while we continue to launch innovative Teams features to help people connect and collaborate in new ways, we’re also dedicated to making sure these experiences are optimised for all users, regardless of their network and devices.”

Microsoft Teams is getting a new LinkedIn integration


Danny Bradbury

9 Feb, 2022

Microsoft Teams is getting a new LinkedIn integration that will give users access to colleagues’ profiles on the professional social networking site. 

According to the company’s roadmap for Microsoft 365, users will be able to see their colleagues’ LinkedIn profiles when in a one-on-one chat. 

Microsoft added the feature to the road map last week, and it will enter general availability in March.

This addition follows enhancements to Microsoft Teams in public preview, including a compact chat option that lets users select a view displaying more chat messages and the ability to promote invitees to co-organizers.

Microsoft has been tying Teams more closely to its other products of late. It included tighter Teams integration with Windows 11 by displaying Teams contacts directly on the Windows taskbar for Teams personal users.

LinkedIn isn’t the only online service integrating with Teams. In November Microsoft also announced an integration deal with Meta’s rival Workplace collaboration service. This will enable the two services exchange content with each other so that Teams video will live stream directly into Workplace groups.

LinkedIn, which Microsoft acquired in 2016, has not always been happy with people accessing its data. hiQ Labs sued the professional social network, forcing it to allow access to its user-generated data. It won on appeal in 2019 but last year the Supreme Court vacated the decision, referring it once again to the ninth circuit court.

Microsoft is also planning some other feature enhancements for Office 365, including easy access to Teams files from its OneDrive storage service. This update, which will be available in April, will see the company add a ‘Your Teams’ section to OneDrive’s ‘More Places’ page.

Sophos to launch new data centre in Mumbai


Zach Marzouk

9 Feb, 2022

Sophos is set to launch a new data centre in Mumbai in March, as well as one in São Paulo in May.

The cyber security company said the new data centres will help organisations in the regions meet strict data sovereignty laws and regulations. It said this is increasingly required for those in banking, government, and other tightly regulated market sectors.

The new data centres will expand Sophos’ existing base around the world in the US, Canada, Ireland, Germany, Japan, and Australia.

The data centres are also set to provide organisations with the ability to store, manage, and access data locally from Sophos Central, its cloud management platform.

Products and services with access to the new data centres will initially include Sophos Extended Detection and Response, Sophos Intercept X, Intercept X for Server, Sophos Encryption, and Sophos Managed Threat Response services. Its other offerings are planned to be introduced over time, although it didn’t specify when.

“The data centre in Mumbai would help Indian organisations accelerate digital transformation and cloud migration,” said Sunil Sharma, managing director of sales for India and SAARC at  Sophos.

“India is one of the important markets for us and we have heavily invested in the country. We already have a large base of our research and development in India, and the data centre would enable Sophos to further build its leadership presence in the region by providing local data sovereignty and security solutions.”

Sophos added it is also focused on Brazil, where its new data centre would serve as a resource for local organisations as well as Latin American and other international companies planning to do business there.

“Sophos is planning to answer a critical market need for data sovereignty solutions in Brazil, which has strict regulatory requirements,” said Oscar Chavez-Arrieta, vice president for Latin America.

“Sophos is experiencing tremendous demand and growth momentum in Brazil and across Latin America, and significant investments are planned to expand and comprehensively address regional data regulations, including the Brazilian General Data Protection Law (LGPD) and Complementary Standard NC-14 regulations.”

Cloud companies are increasingly expanding into India, with Google Cloud announcing in late January it would open a new office in the city of Pune. This comes after the company opened its second cloud region in the country in Delhi last July, hoping it would better support customers and the public sector in India and across Asia Pacific.