In a notable development, Microsoft has unveiled a preview of its much-anticipated Windows Recall feature, which aims to enhance user experience through artificial intelligence. Initially announced in May, the rollout faced multiple delays, but the latest iteration promises to incorporate robust privacy measures. Recall is designed to periodically capture screenshots of active windows, utilizing on-device AI to analyze and store them in an SQLite database. Users can retrieve these snapshots using natural language queries, making it easier to search through their PC activities.
In response to privacy concerns raised by researchers regarding earlier versions, Microsoft has made significant adjustments. The feature will be opt-in, requiring users to enable BitLocker full-disk encryption, activate Secure Boot, and enroll in Windows Hello access controls to bolster security. Recall is engineered to avoid capturing sensitive information, such as passwords and credit card details, and users have the option to delete snapshots or exclude specific applications and websites from data capture. Additionally, enterprise devices will have Recall disabled by default, placing the decision in the hands of IT administrators.
As part of its commitment to security, Microsoft has implemented safeguards like anti-hammering and rate limiting to protect against brute-force attacks. The data collected remains encrypted locally, with Microsoft asserting that it cannot access this information. A new feature, “Click to Do,” will analyze Recall snapshots to suggest inline actions or link users to relevant applications, further enhancing productivity while addressing privacy concerns. Currently, this preview is available exclusively to participants in the Windows Insider Program for Developers, with plans for broader release pending user feedback.
Most Smart Devices Lack Clear Update Policies
In a recent report, the U.S. Federal Trade Commission (FTC) highlighted a troubling trend among smart device manufacturers. Nearly 90% of the websites reviewed for internet-enabled products, such as hearing aids and security cameras, failed to disclose how long these devices would receive critical software updates. This lack of transparency could leave consumers vulnerable and potentially lead to significant financial losses if their devices cease to function properly.
The FTC’s examination of 184 smart products revealed that 161 lacked clear information regarding update durations. Basic internet searches yielded support timelines for only about one-third of the devices. Samuel Levine, director of the FTC’s Bureau of Consumer Protection, emphasized the importance of transparency, noting that consumers deserve to know the longevity of support for their smart products. The agency warned that this lack of clarity may violate the Magnuson-Moss Warranty Act and could also breach the FTC Act if manufacturers misrepresent product usability.
Florida IT Worker Sentenced for Spying for China
A Florida IT professional, Ping Li, has been sentenced to four years in prison for acting as an agent for China’s Ministry of State Security (MSS). Li, a 59-year-old U.S. citizen, pleaded guilty to conspiring with the MSS and was fined 0,000, in addition to facing three years of supervised release. Prosecutors revealed that since at least 2012, Li had been providing sensitive information, including data on Chinese dissidents and cybersecurity training materials, to the MSS.
Li’s actions included sharing details about cyberattacks against the U.S., including the high-profile SolarWinds incident, shortly after being requested by the MSS. He also leaked internal cybersecurity training materials from his employer in 2022. Following his arrest in July 2022, Li initially denied his involvement but later confessed upon being confronted with evidence of his communications.
African Cybercrime Takedown Arrests 1,000 Suspects
In a significant international operation dubbed “Operation Serengeti,” law enforcement agencies across 19 African countries have arrested over 1,000 individuals suspected of engaging in various forms of cybercrime. This operation, coordinated by INTERPOL and the African Union’s AFRIPOL, targeted ransomware attackers, business email compromise schemes, and other digital extortion activities, resulting in nearly 3 million in global financial losses affecting approximately 35,000 victims.
The operation led to the dismantling of numerous attacker-controlled networks and sites, with authorities confiscating around million in stolen funds. This collaborative effort underscores the ongoing commitment to combat cybercrime on the continent.
DOJ Unveils Money Laundering Charges
The U.S. Department of Justice has indicted nine individuals linked to a multi-state money laundering scheme associated with internet fraud, including business email compromise scams. Allegedly, the group laundered over million in fraudulent proceeds since 2016, recruiting money mules to funnel the funds through sham companies. The scheme targeted businesses and individuals both domestically and internationally, with each defendant facing up to 20 years in prison if convicted.
NVIDIA Patches High-Severity Flaw
NVIDIA has released a critical firmware update addressing an improper-authentication vulnerability, tracked as CVE-2024-0130. This flaw, present in various versions of its UFM Enterprise and UFM Cyber-AI products, could allow attackers to steal data and compromise systems. While the vulnerability primarily exists within an ethernet management interface that is not typically public-facing, a successful exploit could lead to privilege escalation, data tampering, denial of service, and information disclosure.
Google Play’s Malicious Loan Apps
Cybersecurity firm McAfee has uncovered a series of “spyloan” Android applications on the Google Play Store that masquerade as financial loan services while aiming to steal users’ personal data. Targeting users in regions such as Mexico, Colombia, and Indonesia, these malicious apps often mimic legitimate financial institutions, promising low-interest loans but failing to deliver or imposing exorbitant fees.
These apps require excessive permissions, allowing them to harvest sensitive information, including banking details and personal contacts. Victims have reported harassment and blackmail attempts from scammers using the data collected. Although Google has removed many of these apps, others continue to operate under modified versions.
Pirate Streaming Service Scuppered
An extensive international law enforcement operation has successfully dismantled a major pirate streaming network that served over 22 million users and generated approximately 4 million monthly for its operators. Spearheaded by Italy’s Postal and Cybersecurity Police Service, the operation, codenamed “Taken Down,” involved collaboration with Eurojust, Europol, and law enforcement from various countries.
This operation targeted a criminal organization responsible for illegally capturing and reselling content from platforms such as Netflix and Amazon Prime. Authorities executed 89 searches in Italy and 14 additional raids across several countries, resulting in the arrest of 102 individuals. The investigation, which began two years ago, revealed that suspects employed encrypted apps and fake identities to evade detection.
Man Accused of Hacking Health Club
A federal grand jury has indicted Nicholas Michael Kloster, a 31-year-old from Kansas City, Missouri, for allegedly hacking into computer networks to promote his cybersecurity services. Kloster is accused of breaching the systems of a health club and a nonprofit organization, manipulating the gym’s systems to reduce his membership fee and even stealing a staff member’s name tag.
In a separate incident, Kloster allegedly accessed a nonprofit’s restricted area, causing around ,000 in damages. He faces multiple charges, including unauthorized access and theft, with the potential for a 15-year prison sentence if convicted.
HDFC Life Investigates Data Breach
In India, HDFC Life Insurance has informed customers of a potential data breach, stating that certain data fields have been shared with malicious intent. The financial services firm has initiated an information security assessment and data log analysis to investigate the apparent data leak.
