Security controversy over a new Microsoft tool, a new open-source threat intelligence service, and more.
Welcome to Cyber Security Today. It’s Monday, May 27, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for TechNewsday.com.
 |
 |
 |
It’s Memorial Day in the U.S. To American listeners, thanks for tuning in and I hope you’re having a great long weekend.
There’s controversy about a proposed Windows tool Microsoft announced last week. It’s called Recall. It’s an option for computers using Microsoft’s Copilot AI chatbot that takes periodic snapshots of users’ screens so they can search for something they might have seen but can’t remember where. As outlined in an article by Dark Reading, Recall stores data encrypted on individuals’ PCs. Windows administrators can disable Recall in a group or mobile device management policy. Although encrypted the risk is data stored by Recall will be a target for hackers because it could save screenshots of passwords and other sensitive data. On the other hand, many IT administrators already use IT behaviour monitoring applications that also capture keystrokes and other actions of employees that could be found by hackers. Those applications, however, may have better security than Recall. IT administrators will have to think careful about using Recall.
The Open Source Security Foundation has started an open-source threat intelligence mailing list for developers. Called Siren, it’s a secure environment for sharing tactics, techniques, procedures and indicators of compromise. List members will get email notifications about emerging threats which may be relevant to software projects that use open source components. Johannes Ullrich of the SANS Institute notes that the best threat intelligence comes from peers in your area of interest, not from commercial threat intel sources.
IT administrators who oversee courtroom technologies should note the following: A serious vulnerability has been found in Justice AV Solution’s digital audio visual recording software. According to researchers at Rapid7, you need to be on version JAVS Viewer 8.3.8 or higher. An earlier version has been compromised with malware.
Beware of fake antivirus websites set up by crooks. According to researchers at Trellix, there are phony websites pretending to be Avast, Bitdefender, Malwarebytes and Trellix. The goal is to trick consumers into downloading what they think is free or trial security software. Instead they install malware that records keystrokes users enter — like passwords — copies data, installs a coin miner or does other nasty things. Unfortunately, the internet has no way of preventing threat actors from creating look-alike websites using a company’s name unless the company has previously registered the URL. So don’t be fooled if you get an email or text message purporting to be from any brand name firm. If you’re using a search engine to find a firm don’t automatically click on the first return — especially if its labeled ‘sponsored’ or ‘advertisement.’ Always double-check on links before clicking on them.
Also beware of fake websites offering the new Windows version of the Arc browser. Researchers at Malwarebytes say victims using their search engine looking for the Arc browser may be tricked if they click on the first link they see. Fake returns list the real Arc browser’s site. But what victims click on is not that URL, its a fake URL within the ad. Again, if a search result is tagged ‘Sponsored’ or ‘Advertiser’ it could be a phony.
In January voters in New Hampshire received automated phone calls that sounded like President Biden telling them there was no need to vote in the state’s primary election. The man behind that scam was charged last week with felony voter suppression and misdemeanor impersonating a candidate. On top of that the Federal Communications Commission has recommended he pay a US$6 million fine. The telecom company that actually transmitted the calls has also been charged by the FCC with violating regulations.
Finally, Google has issued another security update this month for the Chrome browser. Windows and macOS users should be on a version that starts with 125 and ends in 113.
Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon
