Security Update: Microsoft Recall Stirs Security, Privacy Worries, More
- Microsoft Recall Stirs Cybersecurity, Privacy Concerns
- LockBit Black Ransomware Bot Sprays “Millions of Messages”
- U.S. Health Agency Earmarks $50M for Hospital Cyber Defense
- IT Nation Secure 2024: What to Expect
- Check Point VPN Vulnerability Hit Via Remote Access
ChannelE2E affiliate site MSSP Alert provides everything service providers need to know about cybersecurity including news, analysis and insights. Each week we bring you top content from this site to help your business navigate the challenges of delivering cybersecurity to your end customers. This week we look at a new Microsoft AI technology that is causing serious cybersecurity and privacy concerns. We’ll also look at
Microsoft Recall Stirs Cybersecurity, Privacy Concerns
Microsoft may have done itself no favors with a new AI-like feature baked into its forthcoming Copilot+ PCs that takes screenshots of users’ activity every few seconds but doesn’t redact passwords or financial account numbers.
Even confidential work emails could be viewed through Recall. If, for example, you log onto your banking website, your account numbers, balances, statements, activity and the like will slip into Recall’s onboard database.
Microsoft unwrapped Recall at its recent Build conference as part of its new lineup of Windows PCs with support for AI features, slated to debut in June.
The company said its Recall tool is meant to give users the ability to “find the content you have viewed on your device.” It’s exclusive to the Copilot+ PCs release. The tech giant is currently showcasing Recall in preview mode to collect customer feedback, develop additional controls for enterprise customers and improve the user experience.
LockBit Black Ransomware Bot Sprays “Millions of Messages”
A phishing campaign consisting of “millions of messages” carrying the Lockbit Black (3.0) ransomware is being delivered by the Phorpiex botnet, Proofpoint and other cybersecurity researchers have observed.
Phorpiex is one of the oldest bots, first observed around 2011, morphing a number of times from using worms spread by removable USB drives and instant messaging apps to delivering more dangerous payloads in a ransomware-as-a-service model.
Since 2018, the botnet has been observed conducting data exfiltration and ransomware delivery activities.
Proofpoint said it began to track the high volume of messages beginning on April 24, 2024, the first time its researchers had observed samples of LockBit Black in such numbers.
U.S. Health Agency Earmarks $50M for Hospital Cyber Defense
The Department of Health and Human Services (HHS) has earmarked some $50 million for special projects to defend hospitals from cyberattackers.
The Universal PatchinG and Remediation for Autonomous DEfense (UPGRADE) program is intended to secure systems and networks of medical devices to deploy solutions at scale, HHS said. The program will be operated by the Advanced Research Projects Agency for Health (ARPA-H).
The UPGRADE platform will be designed to evaluate and fix potential vulnerabilities, no easy feat in a system dominated by hundreds of internet-facing devices, officials said. Still, a major goal of the project is to detect threats, automatically procure or develop and test a patch, and deploy it in a hospital setting.
“UPGRADE will speed the time from detecting a device vulnerability to safe, automated patch deployment down to a matter of days, providing confidence to hospital staff and peace of mind to the people in their care,” said ARPA-H director Renee Wegrzyn.
IT Nation Secure 2024: What to Expect
Cybersecurity-minded MSPs and channel-friendly vendors will descend on Orlando, Florida, June 3-5, for IT Nation Secure 2024, the ConnectWise security conference.
MSSP Alert will be there. As MSPs increasingly act as the front line of security for small- and mid-sized businesses, service providers are focusing more on this essential area of their tech stacks, and this event is designed for these organizations.
ConnectWise IT Nation Secure’s agenda is organized around three learning blocks:
- Unlock the secrets to building a profitable cybersecurity practice
- Transform your cybersecurity business with cutting edge strategies
- Elevate your cybersecurity expertise with masterful best practices
Check Point VPN Vulnerability Hit Via Remote Access
Check Point Software Technologies has identified a vulnerability that impacted “a small number of customers” on VPN remote access networks and subsequently issued a fix.
According to a May 28 Check Point blog, the vulnerability potentially allows an attacker to read certain information on internet-connected gateways with remote access VPN or mobile access enabled.
“The attempts we’ve seen so far, as previously alerted on May 27, focus on remote access scenarios with old local accounts with unrecommended password-only authentication,” Check Point wrote. “Within a few hours of this development, Check Point released an easy to implement solution that prevents attempts to exploit this vulnerability. To stay secure, customers should follow these instructions to deploy the provided solution.”
Check Point said it is working with affected customers to remediate the situation, adding that its network is not affected by the vulnerability.