June 10, 2024 Microsoft backs down on Recall.

Welcome to Cyber Security Today. It’s Monday, June 10th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for TechNewsday.com.

Microsoft has given in to overwhelming negative comments by security and privacy pros to its upcoming Windows 11 Recall feature. That feature would by default take and store screenshots every five seconds of whatever a user or employee is doing PCs. That could include plaintext passwords being entered as well as sensitive websites users visit. The goal is to help users recall websites they’ve been to. But while Recall’s data store is supposed to be saved encrypted on each person’s computer and not in the cloud, experts complained it would still be a great security risk. So on Friday Microsoft announced that Recall will be off by default. Second, to turn Recall on and laster to decrypt the storage a user has to be enrolled in the Windows Hello user identification and access management capability. And third, to search Recall a user will have to show proof of presence on the computer. In other words, a remote hacker can’t get to it. Recall will only run on PCs designated Copilot+ that have certain processors.

It’s easy to publish a malicious Visual Studio extension that could infect companies in Microsoft’s VSCode marketplace, say three Israeli researchers. The marketplace is used by developers to get tools and utilities for applications built with Visual Studio. As a test of the marketplace’s security the researchers created an extension that spoofed the name of a legitimate extension. It copied decriptive information about the computer used by whoever downloaded their tool. Pretty innocent, but it gave proof the tactic works. One victim apparently worked for a multi-billion dollar company. The Bleeping Computer news service, which reported on this, asked Microsoft for comment. As of Sunday morning it hadn’t heard back.

Texas has launched an investigation into allegations several unnamed car manufactures have been secretly collecting mass amounts of data from vehicles and selling it to third parties, including insurance companies. Manufacturers and anyone who bought data have been told by the state’s attorney general to produce documents, including whether vehicle buyers were told about the collection and sale of data.

And application developers using the PHP language should make sure they’re running the latest version. This is because a critical vulnerability was found that could allow an attacker to take control of Windows servers running infected code. The hole was discovered by researchers at Devcore.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon