This week:

3 – Microsoft decides security should be a priority.

2 – And yet, Microsoft Recall is a security and privacy nightmare.

1 – Instead of aiming for gold, they are aiming to keep us at home.



3 – Microsoft decides security should be a priority

“Security is a team sport, and accelerating [our security improvement programme] isn’t just job number one for our security teams – it’s everyone’s top priority and our customers’ greatest need.”

Summary: Microsoft CEO Satya Nadella recently emphasised the company’s commitment to security by introducing the Secure Future Initiative (SFI). This initiative focuses on principles such as “Secure by Design,” “Secure by Default,” and “Secure Operations” to enhance cybersecurity. Microsoft aims to embed security in all facets of its operations and make it the top priority, even if that means delaying the release of new features.

So what? I’m sure this has nothing to do with the stinging criticism of Microsoft’s lax attitude from CISA’s Cyber Safety Review Board, which I discussed a few weeks ago.

Source: Microsoft Blog



2 – Meanwhile: Microsoft Recall is a security and privacy nightmare.

“It’s a bit disappointing to see such a powerful feature not taking security more seriously.”

Summary: Recall, a feature of Microsoft’s new Copilot+ PCs, “enables Windows users to easily find something they know they have seen before on their PC [by taking] screenshots at regular intervals to capture the user’s activities”. By default, it is turned on. Microsoft assured us that accessing the screenshots would require physical access to the device. However, researchers have shown that this is not true by demonstrating how cyber criminals could use existing malware to steal the screenshots, potentially exposing sensitive information.

So what? It looks like the Recall engineers seemed to miss their CEO’s letter, even though it was only published a few weeks before Recall’s launch! But even without the threat of a cyber attacker gaining access to these screenshots, are you really comfortable with frequent screenshots of your activity being taken and stored on your device? Who thought this was a good idea? ‘Recall’ needs to be recalled and reconsidered.

Source: SecurityWeek



1 – Instead of aiming for gold, they are aiming to keep us at home.

“With their athletes excluded from the international sporting community after a succession of doping scandals and the unprovoked invasion of Ukraine, Russia-backed and -aligned threat actors are ramping up malicious disinformation campaigns against the upcoming Summer Olympics, blending decades-old tactics with a new focus on artificial intelligence (AI).

Summary: Russian threat actors are using AI-generated deepfakes, including a fake Tom Cruise, in disinformation campaigns targeting the 2024 Summer Olympics. Their goal is to undermine the International Olympic Committee and spread fear of violence in Paris.

So what? When we think about cyber security, we naturally think about the security of our ‘stuff’. But some nation-states also use the online world to make us feel less safe and secure. Unfortunately, some of the recent news from France (including some recent arrests here and here, may only help these disinformation campaigns.

Source: Computer Weekly