A new Microsoft Windows feature dubbed Recall planned for Copilot+ PCs has been called a security and privacy nightmare by cybersecurity researchers and privacy advocates. Copilot Recall will be enabled by default and will capture frequent screenshots, or “snapshots,” of a user’s activity and store them in a local database tied to the user account. The potential for exposure of personal and sensitive data through the new feature has alarmed security and privacy advocates and even sparked a UK inquiry into the issue.

Copilot Recall Privacy and Security Claims Challenged

In a long Mastodon thread on the new feature, Windows security researcher Kevin Beaumont wrote, “I’m not being hyperbolic when I say this is the dumbest cybersecurity move in a decade. Good luck to my parents safely using their PC.” In a blog post on Recall security and privacy, Microsoft said that processing and storage are done only on the local device and encrypted, but even Microsoft’s own explanations raise concerns: “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry.” Security and privacy advocates take issue with assertions that the data is stored securely on the local device. If someone has a user’s password or if a court orders that data be turned over for legal or law enforcement purposes, the amount of data exposed could be much greater with Recall than would otherwise be exposed. Domestic abuse situations could be worsened. And hackers, malware and infostealers will have access to vastly more data than they would without Recall. Beaumont said the screenshots are stored in a SQLite database, “and you can access it as the user including programmatically. It 100% does not need physical access and can be stolen.” He posted a video (republished below) he said was of two Microsoft engineers gaining access to the Recall database folder with apparent ease, “with SQLite database right there.” [videopress izzNn3K5]

Does Recall Have Cloud Hooks?

Beaumont also questioned Microsoft’s assertion that all this is done locally. “So the code underpinning Copilot+ Recall includes a whole bunch of Azure AI backend code, which has ended up in the Windows OS,” he wrote on Mastodon.  “It also has a ton of API hooks for user activity monitoring. “It opens a lot of attack surface. ... They really went all in with this and it will have profound negative implications for the safety of people who use Microsoft Windows.”

Data May Not Be Completely Deleted

And sensitive data deleted by users will still be saved in Recall screenshots. “There's no feature to delete screenshots of things you delete while using your PC,” Beaumont said. “You would have to remember to go and purge screenshots that Recall makes every few seconds. If you or a friend use disappearing messages in WhatsApp, Signal etc, it is recorded regardless.” One commenter said Copilot Recall seems to raise compliance issues too, in part by creating additional unnecessary data that could survive deletion requests. “[T]his comprehensively fails PCI and GDPR immediately and the SOC2 controls list ain't looking so good either,” the commenter said. Leslie Carhart, Director of Incident Response at Dragos, replied that “the outrage and disbelief are warranted.” A second commenter noted, “GDPR has a very simple concept: Data Minimization. Quite simply, only store data that you actually have a legitimate, legal purpose for; and only for as long as necessary. Right there, this fails in spectacular fashion on both counts. It's going to store vast amounts of data for no specific purpose, potentially for far longer than any reasonable use of that data.” It remains to be seen if Microsoft will make any modifications to Recall to quell concerns before it officially ships. If not, security and privacy experts may find themselves busier than ever.

Microsoft seems to be concerned about some of OpenAI's business dealings. From a report: Satya Nadella recently met with Sam Altman to discuss an apparent deal between OpenAI and Apple, The Information reported [hard-paywalled]. According to the outlet, the OpenAI CEO recently reached an agreement with the iPhone maker to incorporate some OpenAI services into Apple products. Nadella was reportedly concerned about the potential impact of a deal on Microsoft's product ambitions, per the report. Apple was said to be considering both Google and OpenAI for the deal, which could be worth billions. If OpenAI has indeed reached an agreement with Apple, it would be a much-needed win for Altman. The tech boss has faced heightened scrutiny after former employees and board members publicly criticized him. Helen Toner, a former OpenAI director, recently accused Altman of lying to the board "multiple" times and "withholding information."

Read more of this story at Slashdot.

SecurityWeek editor-at-large Ryan Naraine examines the broad tension between tech innovation and privacy rights at a time when ChatGPT-like bots and generative-AI apps are starting to dominate the landscape. 

The post Microsoft’s Windows Recall: Cutting-Edge Search Tech or Creepy Overreach? appeared first on SecurityWeek.

A GitHub project that disables Windows Defender and firewall is generating buzz among cybersecurity researchers. Will Dormann, a senior vulnerability analyst at CERT, posted about the GitHub project on a Mastodon cybersecurity instance. “Somebody figured out the secret technique that 3rd-party AV uses to disable Microsoft Defender so that they themselves can run without interference,” Dormann wrote. “This tool uses this technique to install a null AV product, thus having the effect of simply disabling Microsoft Defender.” Dormann included a screen recording of the tool in action, and it appears to work effectively (screenshot below). [caption id="attachment_72709" align="alignnone" width="1057"] 'No Defender' Windows Defender bypass[/caption] The GitHub project, simply called “No Defender,” is billed as “A fun way to disable windows defender + firewall.” In a note on the project, repository owner “es3n1n” said they essentially reverse-engineered the API that antivirus vendors use to disable Windows Defender. “There's a WSC (Windows Security Center) service in Windows which is used by antiviruses to let Windows know that there's some other antivirus in the hood and it should disable Windows Defender,” the note states. “This WSC API is undocumented and furthermore requires people to sign an NDA with Microsoft to get its documentation, so I decided to take an interesting approach for such a thing and used an already existing antivirus called Avast. This AV engine includes a so-called wsc_proxy.exe service, which essentially sets up the WSC API for Avast. With a little bit of reverse engineering, I turned this service into a service that could add my own stuff there.” One limitation noted by es3n1n is that “to keep this WSC stuff even after reboot, no-defender adds itself (not really itself but rather Avast's module) to the autorun. Thus, you would need to keep the no-defender binaries on your disk.”

Windows Defender Bypass Requires Admin Privileges

EDR (endpoint detection and response) and antivirus software bypasses aren’t uncommon, as hackers and researchers alike have found ways to disable security defenses. Security researchers and testers often turn off security defenses in the course of research and testing, so such tools have legitimate uses too. As one commenter noted on the ycombinator Hacker News feed, "Defender is a real irritant when doing security research and is near impossible to turn off completely and permanently. Even using the Group Policy Editor or regedits is not reliable. If you do get it to stop, it will randomly reenable itself weeks later...For the vast majority of people this is a good thing!" Dormann noted that elevated admin privileges are all that’s required to run the No Defender tool, so Windows users have yet another reason not to run Windows as an admin. “If you don't log in to Windows as an admin, as we security-conscious people do, then you won't have as much to worry about,” Dormann wrote. One Mastodon commenter saw the GitHub tool as an Avast flaw rather than Microsoft’s, noting that “it requires an executable signed with AuthentiCode SigningLevel 7 ("Signed by an Antimalware vendor whose product is using AMPPL"). “I see this more as a vulnerability of the Avast wsc_proxy.exe component misused here that allows untrusted/unsigned code to interact with it,” said the commenter, who goes by the handle “faebudo.” The Cyber Express reached out to Microsoft and Avast for comment and will update this article with any response. But Dormann told The Cyber Express the issue is "more of a novelty than a vulnerability per se. Admin-privileged users can do admin things. Which includes reconfiguring the system they're on. Including kernel-level access."

Source: www.proofpoint.com – Author: 1 Microsoft has come under fire recently from both the U.S. government and rival companies for its failure to stop a Chinese hack of its systems last summer. One change the tech giant is making in response: linking executive compensation more closely to cybersecurity. In April, a government review board described […]

La entrada A Microsoft under attack from government and tech rivals after ‘preventable’ hack ties executive pay to cyberthreats – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Microsoft has uncovered a new “FakePenny” ransomware variant being deployed by a North Korean threat actor to target organizations in the software, information technology, education and defense industrial base sectors for both espionage and monetary gains. The threat actor, which Microsoft tracks as Moonstone Sleet, was first observed delivering a new custom ransomware variant in April, to an undisclosed company whose networks it compromised a couple of months earlier. The ransomware is straightforward and contains a loader and an encryptor module. North Korean threat actor groups have previously developed such custom ransomware, but “this is the first time we have observed this threat actor deploying ransomware,” the tech giant said.

“Microsoft assesses that Moonstone Sleet’s objective in deploying the ransomware is financial gain, suggesting the actor conducts cyber operations for both intelligence collection and revenue generation.”

FakePenny ransomware demands exorbitant ransoms, with recent demands reaching $6.6 million in Bitcoin. “This is in stark contrast to the lower ransom demands of previous North Korea ransomware attacks, like WannaCry 2.0 and H0lyGh0st,” Microsoft said. Notably, the ransom note used by FakePenny ransomware closely resembles the one employed in the infamous NotPetya ransomware attack, which is attributed to the North Korean group Seashell Blizzard. This continuity in tactics highlights the interconnected nature of North Korean cyber operations.

Moonstone Sleet’s Strategy and Tradecraft

Moonstone Sleet has a diverse set of operations supporting its financial and espionage objectives. This group has been observed creating fake companies, employing trojanized versions of legitimate tools, and even developing malicious games to infiltrate targets. Their ability to conduct concurrent operations and quickly evolve and adapt their techniques is notable. The threat actor, as noted earlier, has several different tradecrafts under its belt. In early August 2023, Moonstone Sleet delivered a compromised version of PuTTY, an open-source terminal emulator, through platforms like LinkedIn, Telegram, and freelancing websites. The trojanized software decrypted and executed the embedded malware when the user provided an IP and password mentioned in a text document contained in the malicious Zip file that the threat actor sent. The same technique was used by another North Korean actor Diamond Sleet. Moonstone Sleet has also targeted victims using malicious “npm” packages distributed through freelancing sites and social media. These packages often masqueraded as technical assessments, lead to additional malware downloads when executed. Since February 2024, Moonstone Sleet has also taken a different approach by using a malicious game called DeTankWar to infect devices. The group approached targets posing as a game developer or fake company, presenting the game as a blockchain project. Upon launching the game, additional malicious DLLs were loaded, executing a custom malware loader known as “YouieLoad.” This loader performs network and user discovery and browser data collection.

Fake Companies and Work-for-Hire Schemes

Since January 2024, Moonstone Sleet has created several fake companies, including StarGlow Ventures and C.C. Waterfall, to deceive targets. These companies posed as software development and IT service firms, often related to blockchain and AI, to establish trust and gain access to organizations. Moonstone Sleet has also pursued employment opportunities in legitimate companies, which is consistent with reports of North Korea using remote IT workers to generate revenue. Recently, U.S. charged North Korean job fraud nexus that was amassing funds to support its nuclear program. The nexus scammed more than 300 U.S. companies and accumulated at least $6.8 million. This employment tactic could also provide another avenue for gaining unauthorized access to organizations. Moonstone Sleet’s notable attacks include compromising a defense technology company to steal credentials and intellectual property and deploying ransomware against a drone technology firm.

“Despite being new, Moonstone Sleet has demonstrated that it will continue to mature, develop, and evolve, and has positioned itself to be a preeminent threat actor conducting sophisticated attacks on behalf of the North Korean regime.”

Defending Against Moonstone Sleet

To defend against Moonstone Sleet, Microsoft recommends endpoint detection and response (EDR), implementing attack surface reduction rules to block executable content from email clients and webmail, preventing executable files from running unless they meet specific criteria, use advanced protection against ransomware, and block credential stealing from LSASS. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

An anonymous reader shares a report: Just before Microsoft closed its acquisition of Activision Blizzard, it said that it would take some time to bring the publisher's titles to Game Pass. We've only seen one such addition so far in the form of Diablo IV, but the company has announced another, somewhat notable one. Call of Duty: Black Ops 6 will be available on Game Pass on its release day later this year. Microsoft is banking on the debut of a new Call of Duty title on its subscription service leading to a significant bump in the number of Game Pass members. It's a bit of a gamble, as for nearly every year in recent memory, the latest Call of Duty release has been the best-selling game. Microsoft is likely to see lower direct sales of Black Ops 6 on Xbox and PC, though it will still generate revenue from Game Pass and the PlayStation version (and perhaps even a Nintendo Switch release), as well as through microtransactions.

Read more of this story at Slashdot.

Originally introduced as a feature of Windows 95, the RTF-compatabile word processor Microsoft WordPad will be removed in the version 24H2 release of Windows 11, due later this year. The app will be missed, along with AI agent Cortana and help directory Tips, but will be survived by its older sibling, Microsoft NotePad.

Source: securityboulevard.com – Author: Wajahat Raja Recent reports claim that the Microsoft Threat Intelligence team stated that a cybercriminal group, identified as Storm-1811, has been exploiting Microsoft’s Quick Assist tool in a series of social engineering attacks. This group is known for deploying the Black Basta ransomware attack. On May 15, 2024, Microsoft released details […]

La entrada Black Basta Ransomware Attack: Microsoft Quick Assist Flaw – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Recent reports claim that the Microsoft Threat Intelligence team stated that a cybercriminal group, identified as Storm-1811, has been exploiting Microsoft’s Quick Assist tool in a series of social engineering attacks. This group is known for deploying the Black Basta ransomware attack. On May 15, 2024, Microsoft released details about how this financially motivated group […]

The post Black Basta Ransomware Attack: Microsoft Quick Assist Flaw appeared first on TuxCare.

The post Black Basta Ransomware Attack: Microsoft Quick Assist Flaw appeared first on Security Boulevard.

Microsoft has announced Auto SR, an AI-powered image upscaling solution for Windows 11 on Arm devices. The feature, exclusive to Qualcomm's Snapdragon X CPUs, aims to enhance gaming performance on ARM-based systems. Auto SR, however, comes with notable restrictions, including compatibility limitations with certain DirectX versions and the inability to work simultaneously with HDR.

Read more of this story at Slashdot.

Episode 331 of the Shared Security Podcast discusses privacy and security concerns related to two major technological developments: the introduction of Windows PC’s new feature ‘Recall,’ part of Microsoft’s Copilot+, which captures desktop screenshots for AI-powered search tools, and Slack’s policy of using user data to train machine learning features with users opted in by […]

The post Microsoft’s Copilot+ Recall Feature, Slack’s AI Training Controversy appeared first on Shared Security Podcast.

The post Microsoft’s Copilot+ Recall Feature, Slack’s AI Training Controversy appeared first on Security Boulevard.

💾

"Microsoft has confirmed plans to pull the plug on VBScript in the second half of 2024 in a move that signals the end of an era for programmers," writes Tech Radar. Though the language was first introduced in 1996, Microsoft's latest announcement says the move was made "considering the decline in VBScript usage": Beginning with the new OS release slated for later this year [Windows 11, version 24H2], VBScript will be available as features on demand. The feature will be completely retired from future Windows OS releases, as we transition to the more efficient PowerShell experiences. Around 2027 it will become "disabled by default," with the date of its final removal "to be determined." But the announcement confirms VBScript will eventually be "retired and eliminated from future versions of Windows." This means all the dynamic link libraries (.dll files) of VBScript will be removed. As a result, projects that rely on VBScript will stop functioning. By then, we expect that you'll have switched to suggested alternatives. The post recommends migirating applications to PowerShell or JavaScript. This year's annual "feature update" for Windows will also include Sudo for Windows, Rust in the Windows kernel, "and a number of user interface tweaks, such as the ability to create 7-zip and TAR archives in File Explorer," reports the Register. "It will also include the next evolution of Copilot into an app pinned to the taskbar." But the downgrading of VBScript "is part of a broader strategy to remove Windows and Office features threat actors use as attack vectors to infect users with malware," reports BleepingComputer: Attackers have also used VBScript in malware campaigns, delivering strains like Lokibot, Emotet, Qbot, and, more recently, DarkGate malware.

Read more of this story at Slashdot.

These sources, as clearly stated in the repo’s readme, are the 8088 assembly language sources from 10th Feb 1983, and are being open-sourced for historical reference and educational purposes. This means we will not be accepting PRs that modify the source in any way.

↫ Rich Turner

I’m loving all these open source releases from Microsoft, but honestly, I’d wish the pace was a little higher and we’d get to some more recent stuff. Open sourcing early versions of MS-DOS and related software is obviously great from a software preservation standpoint, but at this rate we’ll get to more influential pieces of software by the time the sun experiences its helium flash.

On a related note, about a month ago Microsoft released the source code to MS-DOS 4.00. Well, we’ve now also got access to the code for MS-DOS 4.01, a bugfix release that came out very quickly after 4.00.

Due to various bugs, DOS 4.00 was a relatively short-lived release, and it was replaced by DOS 4.01 just a couple of months later.

Howard M. Harte (hharte), who already fixed various flaws in the official source code release of MS-DOS 4.00, managed to figure out the differences between DOS 4.00 and 4.01 — we now have access to the improved version as well!

↫ Lothar Serra Mari

We’re getting a pretty complete picture of early MS-DOS source code.

Thursday long-time Slashdot reader mschaffer reported that "Microsoft's search engine isn't working correctly, and many alternative search engines that rely on it are down, too." Bing started "having issues" around 1:30 a.m. EST, reports SearchEngineLand (citing Downdector.com, and sharing screenshots of Bing.com searches failing — even on partner sites like DuckDuckGo). By Thursday morning search capabilities for ChatGPT, Copilot, DuckDuckGo, and other platforms had stopped working, reports the Verge, saying the issues "appeared to be linked to Bing's API and any service that relies upon it." While Microsoft's own web search engine, Bing, was also seemingly affected, according to TechCrunch, it came back online eventually. By 11AM ET, OpenAI posted a note indicating the issue had been resolved, saying, "Between around 10:10 PM PT yesterday and 6:50 AM PT today, we experienced a partial outage affecting ChatGPT's web-browsing capabilities due to Bing being unavailable." DuckDuckGo posted that "we're coming back up" at around 10:30AM ET, and so did Ecosia, which is "the search engine that plants trees." Copilot users experienced "a loading loop that prevented users from accessing the service," according to the article, while ChatGPT users attempting a web search got error messages instead. Ars Technica adds that it also stopped searches from Microsoft's Edge browsers (that hadn't changed their default search settings). But they also had a disturbing observation for people worried that web search is dominated by Google: "most of your other major options were brought down by a single API outage... The overwhelming majority of search tools offering an alternative" to Google are using Google, Bing, or Yandex... Yandex, being based in Russia, is a non-starter for many people around the world at the moment." But their article digs deep into the alternatives, starting with this list compiled by undergraduate CS major Rohan Kumar of search sites with their own indexes — including Mojeek, Stract, and Right Dao and Yep...

Read more of this story at Slashdot.

Source: www.govinfosecurity.com – Author: 1 Standards, Regulations & Compliance March Decision Mandated Commission to Stem Data Flows From Its Office 365 Use Akshaya Asokan (asokan_akshaya) • May 24, 2024     The European Commission is appealing a decision that might make it impossible for it to use Microsoft 365. (Image: Shutterstock) The European Commission is […]

La entrada EU Commission and Microsoft Appeal EDPS Office 365 Decision – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityaffairs.com – Author: Pierluigi Paganini Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns UK data watchdog is investigating Microsoft regarding the new Recall feature in Copilot+ PCs that captures screenshots of the user’s laptop every few seconds. The UK data watchdog, the Information Commissioner’s Office (ICO), is investigating a new feature, […]

La entrada Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.infosecurity-magazine.com – Author: 1 Microsoft has warned retailers and restaurants of sophisticated gift card fraud which can cost victims up to $100,000 a day. In a new Cyber Signals report, the tech giant highlighted a 30% rise in intrusion activity by the threat actor Storm-0539 between March and May 2024. The group, which operates […]

La entrada Microsoft: Gift Card Fraud Rising, Costing Businesses up to $100,000 a Day – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.techrepublic.com – Author: Cedric Pernet A new report from IBM X-Force exposes changes in the Grandoreiro malware landscape. The banking trojan is now capable of targeting more than 1,500 global banks in more than 60 countries, and it has been updated with new features. Also, Grandoreiro’s targeting has become wider, as it initially only […]

La entrada IBM X-Force Report: Grandoreiro Malware Targets More Than 1,500 Banks in 60 Countries – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.schneier.com – Author: Bruce Schneier Microsoft is trying to create a personal digital assistant: At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called “Recall” for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall records […]

La entrada Personal AI Assistants and Privacy – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Read 11 remaining paragraphs | Comments

Microsoft is trying to create a personal digital assistant:

At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called “Recall” for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall records everything users do on their PC, including activities in apps, communications in live meetings, and websites visited for research. Despite encryption and local storage, the new feature raises privacy concerns for certain Windows users.

I wrote about this AI trust problem last year:

One of the promises of generative AI is a personal digital assistant. Acting as your advocate with others, and as a butler with you. This requires an intimacy greater than your search engine, email provider, cloud storage system, or phone. You’re going to want it with you 24/7, constantly training on everything you do. You will want it to know everything about you, so it can most effectively work on your behalf.

And it will help you in many ways. It will notice your moods and know what to suggest. It will anticipate your needs and work to satisfy them. It will be your therapist, life coach, and relationship counselor.

You will default to thinking of it as a friend. You will speak to it in natural language, and it will respond in kind. If it is a robot, it will look humanoid—­or at least like an animal. It will interact with the whole of your existence, just like another person would.

[…]

And you will want to trust it. It will use your mannerisms and cultural references. It will have a convincing voice, a confident tone, and an authoritative manner. Its personality will be optimized to exactly what you like and respond to.

It will act trustworthy, but it will not be trustworthy. We won’t know how they are trained. We won’t know their secret instructions. We won’t know their biases, either accidental or deliberate.

We do know that they are built at enormous expense, mostly in secret, by profit-maximizing corporations for their own benefit.

[…]

All of this is a long-winded way of saying that we need trustworthy AI. AI whose behavior, limitations, and training are understood. AI whose biases are understood, and corrected for. AI whose goals are understood. That won’t secretly betray your trust to someone else.

The market will not provide this on its own. Corporations are profit maximizers, at the expense of society. And the incentives of surveillance capitalism are just too much to resist.

We are going to need some sort of public AI to counterbalance all of these corporate AIs.

EDITED TO ADD (5/24): Lots of comments about Microsoft Recall and security:

This:

Because Recall is “default allow” (it relies on a list of things not to record) … it’s going to vacuum up huge volumes and heretofore unknown types of data, most of which are ephemeral today. The “we can’t avoid saving passwords if they’re not masked” warning Microsoft included is only the tip of that iceberg. There’s an ocean of data that the security ecosystem assumes is “out of reach” because it’s either never stored, or it’s encrypted in transit. All of that goes out the window if the endpoint is just going to…turn around and write it to disk. (And local encryption at rest won’t help much here if the data is queryable in the user’s own authentication context!)

This:

The fact that Microsoft’s new Recall thing won’t capture DRM content means the engineers do understand the risk of logging everything. They just chose to preference the interests of corporates and money over people, deliberately.

This:

Microsoft Recall is going to make post-breach impact analysis impossible. Right now IR processes can establish a timeline of data stewardship to identify what information may have been available to an attacker based on the level of access they obtained. It’s not trivial work, but IR folks can do it. Once a system with Recall is compromised, all data that has touched that system is potentially compromised too, and the ML indirection makes it near impossible to confidently identify a blast radius.

This:

You may be in a position where leaders in your company are hot to turn on Microsoft Copilot Recall. Your best counterargument isn’t threat actors stealing company data. It’s that opposing counsel will request the recall data and demand it not be disabled as part of e-discovery proceedings.

Source: www.bleepingcomputer.com – Author: Mayank Parmar A massive Microsoft outage affects Bing.com, Copilot for web and mobile, Copilot in Windows, ChatGPT internet search and DuckDuckGo. Microsoft outage started at approximately 3 AM EDT and seems to have primarily affected users in Asia and Europe. According to user reports and our tests, if you try to open Bing.com, […]

La entrada Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: thehackernews.com – Author: . May 23, 2024NewsroomEndpoint Security / Data Privacy Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell. “Technology has advanced over the years, giving rise to more powerful and versatile scripting […]

La entrada The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Read 5 remaining paragraphs | Comments

‘I am not a typo’ campaign is calling for technology companies to make autocorrect less ‘western- and white-focused’

People whose names get mangled by autocorrect have urged technology companies to fix the problem faster, with one person whose name gets switched to “Satan” saying: “I am tired of it.”

People with Irish, Indian and Welsh names are among those calling for improvements to the systems that operate on phones and computers as part of the “I am not a typo” campaign.

Continue reading...

💾

© Photograph: Yuri Arcurs/Alamy

💾

© Photograph: Yuri Arcurs/Alamy

Developing an AI-powered threat to security, privacy, and identity is certainly a choice, but it’s one that Microsoft was willing to make this week at its “Build” developer conference.

On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology to promise faster speeds, enhanced productivity, and a powerful data collection and search tool that screenshots a device’s activity—including password entry—every few seconds.

This is “Recall,” a much-advertised feature within what Microsoft is calling its “Copilot+ PCs,” a reference to the AI assistant and companion which the company released in late 2023. With Recall on the new Copilot+ PCs, users no longer need to manage and remember their own browsing and chat activity. Instead, by regularly taking and storing screenshots of a user’s activity, the Copilot+ PCs can comb through that visual data to deliver answers to natural language questions, such as “Find the site with the white sneakers,” and “blue pantsuit with a sequin lace from abuelita.”

As any regularly updated repository of device activity poses an enormous security threat—imagine hackers getting access to a Recall database and looking for, say, Social Security Numbers, bank account info, and addresses—Microsoft has said that all Recall screenshots are encrypted and stored locally on a device.

But, in terms of security, that’s about all users will get, as Recall will not detect and obscure passwords, shy away from recording pornographic material, or turn a blind eye to sensitive information.

According to Microsoft:

“Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry.”

The consequences of such a system could be enormous.

With Recall, a CEO’s personal laptop could become an even more enticing target for hackers equipped with infostealers, a journalist’s protected sources could be within closer grasp of an oppressive government that isn’t afraid to target dissidents with malware, and entire identities could be abused and impersonated by a separate device user.

In fact, Recall seems to only work best in a one-device-per-person world. Though Microsoft explained that its Copilot+ PCs will only record Recall snapshots to specific device accounts, plenty of people share devices and accounts. For the domestic abuse survivor who is forced to share an account with their abuser, for the victim of theft who—like many people—used a weak device passcode that can easily be cracked, and for the teenager who questions their identity on the family computer, Recall could be more of a burden than a benefit.

For Malwarebytes General Manager of Consumer Business Unit Mark Beare, Recall raises yet another issue:

“I worry that we are heading to a social media 2.0 like world.”

When users first raced to upload massive quantities of sensitive, personal data onto social media platforms more than 10 years ago, they couldn’t predict how that data would be scrutinized in the future, or how it would be scoured and weaponized by cybercriminals, Beare said.

“With AI there will be a strong pull to put your full self into a model (so it knows you),” Beare said. “I don’t think it’s easy to understand all the negative aspects of what can happen from doing that and how bad actors can benefit.”

---

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Sean Hollister reports via The Verge: At Build, Microsoft now says it's adding native version control to File Explorer by integrating systems like Git, letting you see new changes and comments directly from the app. Here's a cropped and zoomed version of the provided screenshot so you can get a better look. [...] Microsoft says it's also letting File Explorer natively compress files to 7-zip and TAR; currently, the right-click context menu has a "Compress to ZIP file" option, but ZIP is thought to be a bit antiquated in terms of how much compression you get.

Read more of this story at Slashdot.

Read 9 remaining paragraphs | Comments

Microsoft is planning to either add subtitles or even dub video produced by major video sites, using AI to translate the audio into foreign languages within Microsoft Edge in real time. From a report: At its Microsoft Build developer conference, Microsoft named several sites that would benefit from the new real-time translation capabilities within Edge, including Reuters, CNBC News, Bloomberg, and Coursera, plus Microsoft's own LinkedIn. Interestingly, Microsoft also named Google's YouTube as a beneficiary of the translation capabilities. Microsoft plans to translate the video from Spanish to English and from English to German, Hindi, Italian, Russian, and Spanish. There are plans to add additional languages and video platforms in the future, Microsoft said.

Read more of this story at Slashdot.

Read 6 remaining paragraphs | Comments

Read 13 remaining paragraphs | Comments

An anonymous reader quotes a report from Ars Technica: Microsoft is going all-in on Arm-powered Windows PCs today with the introduction of a Snapdragon X Elite-powered Surface Pro convertible and Surface Laptop, and there are inevitable comparisons to draw with another big company that recently shifted from Intel's processors to Arm-based designs: Apple. A huge part of the Apple Silicon transition's success was Rosetta 2, a translation layer that makes it relatively seamless to run most Intel Mac apps on an Apple Silicon Mac with no extra effort required from the user or the app's developer. Windows 11 has similar translation capabilities, and with the Windows 11 24H2 update, that app translation technology is getting a name: Prism. Microsoft says that Prism isn't just a new name for the same old translation technology. Translated apps should run between 10 and 20 percent faster on the same Arm hardware after installing the Windows 11 24H2 update, offering some trickle-down benefits that users of the handful of Arm-based Windows 11 PCs should notice even if they don't shell out for new hardware. The company says that Prism's performance should be similar to Rosetta's, though obviously this depends on the speed of the hardware you're running it on. Microsoft also claims that Prism will further improve the translation layer's compatibility with x86 apps, though the company didn't get into detail about the exact changes it had made on this front.

Read more of this story at Slashdot.

Microsoft today launched its new Surface Laptop, featuring Qualcomm's Snapdragon X Elite or Plus chips, aiming to compete with Apple's powerful and efficient MacBook laptops. The Surface Laptop, available for preorder starting at $999.99, boasts up to 22 hours of battery life, a haptic touchpad, and support for three external 4K monitors. Microsoft claims the device is 80% faster than its predecessor and comes with AI features powered by its Copilot technology.

Read more of this story at Slashdot.

Google is invoking the 'monoculture' word in response to a scathing U.S. government report on Microsoft's inadequate cybersecurity practices.

The post Google Cites ‘Monoculture’ Risks in Response to CSRB Report on Microsoft appeared first on SecurityWeek.

Microsoft held a live event today showcasing their vision of the future of the home PC (or "Copilot+ PC"), boasting longer battery life, better-standardized ARM processors, and (predictably) a whole host of new AI features built on dedicated hardware, from real-time translation to in-system assistant prompts to custom-guided image creation. Perhaps most interesting is the new "Recall" feature that records all on-screen activity securely on-device, allowing natural-language recall of all articles read, text written, and videos seen. It's just the first foray into a new era of AI PCs -- and Apple is expected to join the push with an expected partnership with OpenAI debuting at WWDC next month. In a tech world that has lately been defined by the smartphone, can AI make the PC cool again?

Read 7 remaining paragraphs | Comments

Read 3 remaining paragraphs | Comments

News avatars are proliferating on social media and experts say they will spread as the technology becomes more accessible

The news presenter has a deeply uncanny air as he delivers a partisan and pejorative message in Mandarin: Taiwan’s outgoing president, Tsai Ing-wen, is as effective as limp spinach, her period in office beset by economic under performance, social problems and protests.

“Water spinach looks at water spinach. Turns out that water spinach isn’t just a name,” says the presenter, in an extended metaphor about Tsai being “Hollow Tsai” – a pun related to the Mandarin word for water spinach.

Continue reading...

💾

© Photograph: Storm-1376

💾

© Photograph: Storm-1376

Microsoft is working on a promising-looking protocol to lock down DNS.

ZTDNS aims to solve this decades-old problem by integrating the Windows DNS engine with the Windows Filtering Platform—the core component of the Windows Firewall—directly into client devices.

Jake Williams, VP of research and development at consultancy Hunter Strategy, said the union of these previously disparate engines would allow updates to be made to the Windows firewall on a per-domain name basis. The result, he said, is a mechanism that allows organizations to, in essence, tell clients “only use our DNS server, that uses TLS, and will only resolve certain domains.” Microsoft calls this DNS server or servers the “protective DNS server.”...

The post Zero-Trust DNS appeared first on Security Boulevard.

Microsoft is working on a promising-looking protocol to lock down DNS.

ZTDNS aims to solve this decades-old problem by integrating the Windows DNS engine with the Windows Filtering Platform—the core component of the Windows Firewall—directly into client devices.

Jake Williams, VP of research and development at consultancy Hunter Strategy, said the union of these previously disparate engines would allow updates to be made to the Windows firewall on a per-domain name basis. The result, he said, is a mechanism that allows organizations to, in essence, tell clients “only use our DNS server, that uses TLS, and will only resolve certain domains.” Microsoft calls this DNS server or servers the “protective DNS server.”

By default, the firewall will deny resolutions to all domains except those enumerated in allow lists. A separate allow list will contain IP address subnets that clients need to run authorized software. Key to making this work at scale inside an organization with rapidly changing needs. Networking security expert Royce Williams (no relation to Jake Williams) called this a “sort of a bidirectional API for the firewall layer, so you can both trigger firewall actions (by input *to* the firewall), and trigger external actions based on firewall state (output *from* the firewall). So instead of having to reinvent the firewall wheel if you are an AV vendor or whatever, you just hook into WFP.”

Patch Tuesday: Microsoft documents 60 security flaws in multiple software products and flags an actively exploited Windows zero-day for urgent attention.

The post Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities appeared first on SecurityWeek.

Read 8 remaining paragraphs | Comments

Read 13 remaining paragraphs | Comments

Microsoft is making security its number one priority for every employee, following years of security issues and mounting criticisms. After a scathing report from the US Cyber Safety Review Board recently concluded that “Microsoft’s security culture was inadequate and requires an overhaul,” it’s doing just that by outlining a set of security principles and goals that are tied to compensation packages for Microsoft’s senior leadership team.

↫ Tom Warren at The Verge

The devil is in the details regarding tying executive pay to security performance, but it we take it at face value and assume good intent – which is a laughable assumption in our corporatist world, but alas – I would like to see more of this. It’s high time executives start paying – literally and figuratively – for the failings of the companies and teams they claim to run.

Microsoft security chief Charlie Bell pledges significant reforms and a strategic shift to prioritize security above all other product features.

The post Microsoft Overhauls Cybersecurity Strategy After Scathing CSRB Report appeared first on SecurityWeek.

Years of accumulated security debt at Microsoft are seemingly crashing down upon the company in a manner that many critics warned about, but few ever believed would actually come to light. 

Microsoft is an entrenched enterprise provider, owning nearly one-quarter of the global cloud infrastructure services market and, as of Q1 last year, nearly 20% of the worldwide SaaS application market, according to Synergy Research Group.

Though not immune to scandal, in the wake of two major nation-state breaches of its core enterprise platforms, Microsoft is facing one of its most serious reputational crises.

↫ David Jones at Cybersecurity Dive

It’s almost like having the entire US government dependent on a single vendor is a bad idea.

Just spitballing here.

Microsoft provides an easy and logical first step into GenAI for many organizations, but beware of the pitfalls.

The post Why Using Microsoft Copilot Could Amplify Existing Data Quality and Privacy Issues appeared first on SecurityWeek.

Regarding the release of the MS-DOS 4.00 source code, Michal Necasek makes an excellent point about how just dumping the code in git is a terrible and destructive way to release older source code.

It’s terrific that the source code for DOS 4.00/4.01 was released! But don’t expect to build the source code mutilated by git without problems.

Historic source code should be released simply as an archive of files, ZIP or tar or 7z or whatever, with all timestamps preserved and every single byte kept the way it was. Git is simply not a suitable tool for this.

↫ Michal Necasek at OS/2 Museum

The problems caused by dumping the code in git are quite real. Timestamps are not preserved, and the conversion to UTF-8 is deeply destructive, turning some parts of the code to literal gibberish. It’s a bit of a mess, and the people responsible for these release should be more careful and considerate.