nGuard

Call us p. 704.583.4088
Client PortalSpeak to An Expert

Sensitive Information

Microsoft’s Recall Saga: Continuous Coverage and Latest News

New Recall Updates and Changes – September 2024

September 11th, 2024

This article serves as the latest update to our ongoing coverage of Microsoft’s controversial Windows Recall feature. Since our previous discussions in June, significant developments have unfolded, particularly surrounding the security concerns and the broader implications of Recall’s reintroduction. Microsoft has made a series of changes in response to user feedback and security concerns, and in this article, we will explore the latest updates and how they fit into the wider Recall saga.

The Comeback of Windows Recall: October Rollout for Windows Insiders

After pausing the rollout of Windows Recall in June 2024, Microsoft has now confirmed that the feature will be returning in October. However, this return will be limited to Windows Insiders who are using Copilot+ PCs. These devices, equipped with powerful Neural Processing Units (NPUs), are the only ones capable of running Recall’s AI-powered screenshot functionality effectively.

Despite privacy concerns that led to Recall’s initial suspension, Microsoft is moving ahead with plans to test the feature among Insiders. The company hopes to leverage user feedback from this program before making Recall more widely available. Microsoft has made several key adjustments, including stronger encryption for the Recall database and requiring biometric authentication through Windows Hello. These security improvements aim to address the vulnerabilities that were previously identified, but questions remain about the long-term privacy risks of the feature.

Key Updates and Adjustments to Windows Recall

1. Security Enhancements: Encryption and Authentication

The most notable security update is the encryption of the SQLite database that Recall uses to store screenshots. This database will remain encrypted until a user authenticates through Windows Hello, adding a critical layer of security to protect the data collected by Recall. Moreover, the feature now requires biometric verification, ensuring that unauthorized users cannot access this sensitive information. These measures are welcomed, given the concerns raised by security researchers that the unencrypted database could be exploited by malware or other malicious actors.

These updates, while addressing some of the initial concerns, highlight the need for comprehensive security solutions for businesses and organizations that may adopt this feature. Companies can turn to services provided by nGuard for security assessments and managed SIEM, which can help ensure that sensitive data, such as that captured by Recall, is protected from exploitation.

2. Clarification on Uninstallation Options

Recently, confusion arose when users discovered an option to uninstall Recall in the Windows Features menu following the release of Windows 11’s 24H2 update (KB5041865). Microsoft has since clarified that this was a bug and that Recall cannot be fully uninstalled – only disabled. This has disappointed users hoping to remove the feature entirely due to its security risks. While Recall can be disabled, Microsoft’s decision not to allow full removal may lead to concerns in specific environments, particularly in corporate or governmental sectors, where stringent data privacy policies are in place.

The Return of Recall with More Screenshots Features

As Microsoft prepares to release Recall for testing within the Windows Insider community, more detailed information about the system requirements has emerged. To run Recall, a device must meet the following specifications:

  • Processor: Snapdragon X Plus or X Elite processors, System on a Chip (SoC), or another compatible processor.
  • RAM: At least 16GB DDR5/LPDDR5.
  • Storage: Minimum of 256GB SSD or UFS storage.

These hardware requirements ensure that Recall functions smoothly and securely, as it heavily relies on the computational power of NPUs to analyze and manage the continuous stream of screenshots.

Microsoft’s reintroduction of Recall also includes the Copilot Screenray feature, which offers real-time analysis of the user’s desktop, further expanding the functionality of Recall. For instance, this feature could translate text from an email in real-time or provide AI-powered insights on various tasks. However, this addition brings even greater concerns about privacy, as the continuous monitoring of user screens could expose confidential or sensitive information. Ensuring that this data is adequately protected will be critical.

The Evolving Privacy Debate and Microsoft’s Response

The return of Recall has not been without criticism, especially from privacy advocates who argue that the feature remains a potential vulnerability. By continuously taking and storing screenshots, Recall creates a log of user activity that could be exploited if a device is compromised.

Security researchers, including Michael Bargury, have highlighted how Microsoft’s Copilot AI system, which Recall is a part of, could be weaponized for cyberattacks through prompt injections and data exfiltration. These techniques could allow attackers to manipulate the system, extract sensitive data, and even alter key information such as financial details.

While Microsoft has worked to improve Recall’s security, organizations need to stay informed on updates, changes, and vulnerabilities discovered in Recall. The risks associated with AI-powered tools like Recall can be mitigated by regularly conducting security audits against something like the NIST AI RMF Playbook, and employing advanced logging and monitoring solutions to detect suspicious activities early.

Wrap: Balancing Innovation and Security

The Microsoft Recall saga outlines another example of the challenges involved in integrating innovative AI features with user privacy concerns. While Microsoft’s adjustments to Recall, including its enhanced encryption, are steps in the right direction, the privacy debate is not over, yet.

For those looking to bolster their security as AI features like Recall become more prevalent, regular security assessments, logging, and monitoring can help organizations stay ahead of emerging threats and ensure compliance with privacy regulations.

Update: Microsoft Recall Recalled

June 12th, 2024

This article provides an update to our original discussion on the Microsoft Recall feature, updating you on the significant developments since our last coverage on June 6th. The Recall feature has faced extensive criticism concerning privacy and security, leading Microsoft to make crucial adjustments. Here, we dive into the latest updates and recent changes Microsoft has implemented to alleviate these concerns.

Microsoft Recall Under Scrutiny
Microsoft announced significant changes to the Recall feature following widespread criticism. Originally set to be enabled by default, Recall will now be an opt-in feature for users. This change is part of Microsoft’s response to the heavy criticism regarding privacy and data security.

Key Updates to Microsoft Recall

1. Recall to Be Opt-In
Microsoft’s decision to make Recall an opt-in feature marks a significant shift. Users will now have to actively enable the feature, which Microsoft believes will enhance user trust and security.

2. Enhanced Security Measures
To address privacy concerns, Microsoft has introduced several security enhancements for Recall:

  • Biometric Authentication: Users will need to use Windows Hello biometric security to enable Recall.
  • Presence Detection: Recall will require user presence verification to view data.
  • Additional Encryption: Microsoft has implemented further encryption measures to protect stored data.

3. Recall Feature Pulled from Developer Channel
In response to ongoing criticism, Microsoft has temporarily pulled the latest Windows 11 24H2 preview build, the only version that included Recall, from the Windows Insider Program. This move aims to give the company time to refine the feature and address the concerns raised by users and privacy advocates.

Privacy Concerns and Microsoft’s Response
Recall was initially designed to capture periodic screenshots of user activity, stored and analyzed locally on the device. Despite these assurances, privacy experts raised alarms about the potential for misuse, especially if others gained physical access to the device. Microsoft has acknowledged these concerns and emphasized its commitment to user privacy and security.

Public and Expert Reactions
The initial release of Recall received backlash from security researchers, users, and the press. Critics highlighted the potential risks of storing detailed activity logs on devices, which could be exploited by attackers or advertisers. Microsoft’s decision to make Recall an opt-in feature and enhance its security protocols has been seen as a positive step, though skepticism remains.

Future of Recall and Windows 11 24H2
While the Recall feature will be included in the Copilot Plus PCs set to launch on June 18, its broader rollout remains uncertain. Microsoft has paused the release of the 24H2 update but plans to resume it soon, ensuring the feature is thoroughly tested and secure before a wider release.

The Importance of Regular Security Audits
As Microsoft works to improve Recall’s security, it’s crucial for users and organizations to regularly perform security audits of new technologies like Recall. Regular security audits can identify potential vulnerabilities and ensure compliance with industry standards. nGuard offers comprehensive security assessments that help businesses protect their data and systems effectively.

Proper Logging and Monitoring Practices
In addition to regular security audits, implementing proper logging and monitoring is essential for maintaining security. Proper logging helps in tracking user activities and identifying potential security incidents early. Services like nGuard’s Managed Event Collection provide comprehensive  solutions for logging and monitoring, ensuring continuous oversight and quick response to any suspicious activities.

Microsoft’s Commitment to AI Integration
Despite the controversy, Microsoft continues to push forward with its AI integration plans. The Recall feature is part of the larger Copilot Plus initiative, which includes AI-driven capabilities such as advanced photo editing and live transcription. Microsoft’s partnership with OpenAI and its focus on AI innovation remain central to its strategy, even as it navigates the challenges posed by new technologies.

The Microsoft Recall Saga highlights the complexities of integrating advanced AI features into widely used software. By making Recall an opt-in feature and implementing much needed security measures, Microsoft aims to balance innovation with user privacy and trust. As the situation evolves, nGuard will continue updating to see how Microsoft addresses the remaining concerns and rolls out its AI-powered features.

Microsoft’s Windows 11 Recall: Revolution or Privacy Nightmare?

June 6th, 2024

Overview
Microsoft’s latest Windows 11 feature, Recall, has generated substantial controversy in the tech community. This AI-driven tool aims to enhance user productivity by capturing screenshots of active windows every few seconds, allowing users to easily retrieve past information. However, this seemingly innovative feature has raised significant privacy and security concerns among users and experts alike.

Privacy advocates and security experts have voiced concerns over the potential for Recall to inadvertently capture sensitive information, such as passwords, confidential documents, and personal data. Critics argue that the constant screenshot capturing could lead to unintended data exposure and increased risk if a device is compromised. The debate has highlighted the need for stronger privacy controls and transparent data handling practices from Microsoft to address these widespread apprehensions.

Technical Methodologies
Recall operates by taking periodic screenshots of a user’s active window, storing this data on the device for up to three months. These snapshots are analyzed by an on-device Neural Processing Unit (NPU) and an AI model, indexing the data semantically. Users can search their Recall history through natural language queries, making it easy to locate specific information.

The data collected by Recall is encrypted with BitLocker and tied to the user’s Windows account. Microsoft emphasizes that the data remains local and private, not shared with Microsoft or other users on the same device.

Impact Assessment
While Microsoft asserts that Recall is designed with user privacy in mind, critics highlight several vulnerabilities:

  1. Data Exposure: Continuous screenshot capturing can inadvertently include sensitive information such as passwords, confidential documents, and personal photos. For example, if a user is working on a confidential business proposal, screenshots of this document could be captured and stored.  This data, stored locally, is accessible to anyone with device access.
  2. Security Risks: If a device is compromised by malware, the attacker could potentially access the entire Recall database, extracting sensitive information stored in these snapshots.
  3. User Trust: Historical data usage by large corporations has eroded user trust. Despite Microsoft’s assurances of local data storage and encryption, users remain skeptical, particularly in light of past incidents where tech companies have mishandled user data.

Strategic Responses
To mitigate these risks, users and organizations should consider the following strategies:

  1. Disable Recall: Users can manage Recall settings to limit its functionality or disable it entirely. Companies can use group policies to disable Recall across all devices. For detailed instructions, refer to Microsoft’s official Recall settings guide.
  2. Regular Audits: Conduct regular security audits to ensure no sensitive information is inadvertently captured and stored by Recall.
  3. User Training: Educate users on the potential risks of using Recall and best practices for managing their privacy settings.

Forward-Looking Strategies
Looking ahead, Microsoft and users can adopt several strategies to address these concerns:

  1. Enhanced Controls: Microsoft should provide more granular controls for users to manage what information Recall captures and stores.
  2. Transparency: Continuous transparency from Microsoft about how Recall data is handled, stored, and protected is crucial to building user trust.
  3. Integration with Security Solutions: Users should leverage advanced security solutions, such as those offered by nGuard, to monitor and protect data stored by Recall. nGuard’s security assessments and managed event collection services can add an extra layer of security, ensuring that sensitive data remains safe even if captured by Recall. These services help identify vulnerabilities and monitor for suspicious activities, providing comprehensive protection against potential breaches.

Conclusion
While Microsoft’s Recall feature in Windows 11 promises enhanced productivity, it brings significant privacy and security risks. Users and organizations must adopt strategic measures to safeguard their information, ensuring that this innovative tool does not become a gateway for data breaches.

CDK Ransomware Breach: What You Need to Know

What Happened?

Initial Attack Details
On June 19, CDK Global, a major provider of car dealership management software, was struck by a ransomware attack that led to the shutdown of critical systems. This attack forced the company to disable logins and data center operations, creating widespread operational disruptions for its clients.

Second Attack Overview
While attempting to recover from the initial breach, CDK was hit by a second attack later that evening. This subsequent attack exacerbated the situation, leading to further system shutdowns and complicating the recovery efforts.

Impact on CDK Operations
The dual attacks severely impacted CDK’s ability to provide services, leaving many of its 15,000 dealership clients without access to essential software systems. This outage affected a range of functions, from sales and inventory management to customer relationship management (CRM) and service operations.

Timeline of Events

June 19: First Attack
The first attack was discovered on the evening of June 19, prompting CDK to take immediate action by shutting down its systems to prevent further damage.

June 19: Second Attack
Later that same day, CDK faced another cyber incident, leading to additional shutdowns and extending the timeline for system restoration.

Subsequent Days: Restoration Efforts
In the days following the attacks, CDK worked with third-party cybersecurity experts to restore its systems. Despite these efforts, the company announced that full restoration would not be possible until the end of the month.

Immediate Impacts

System Shutdowns
The ransomware attacks forced CDK to shut down most of its systems twice, significantly affecting its operations and those of its dealership clients.

Effects on Dealerships
Dealerships reliant on CDK’s software experienced severe disruptions. Many were unable to access records, complete transactions, handle orders for repairs, or schedule appointments, leading to operational chaos.

Service Disruptions
Service centers and sales departments had to revert to manual processes, using pen and paper to record transactions and manage customer data, which slowed down operations and increased the risk of errors.

Financial and Operational Consequences

Revenue Losses
The outages resulted in significant revenue losses for dealerships, as they struggled to conduct business without their usual software systems.

Operational Setbacks for Dealerships
Dealerships faced operational setbacks, including delays in vehicle sales, service appointments, and inventory management. The inability to use digital systems forced them to adopt inefficient manual processes.

Pen and Paper Workarounds
In the absence of functional digital systems, many dealerships resorted to pen and paper methods to continue operations. This workaround was far from ideal and introduced additional challenges in data reconciliation and record-keeping.

Ransom and Recovery

BlackSuit Ransom Demands
The ransomware group BlackSuit demanded tens of millions of dollars to restore CDK’s systems. Reports indicated that CDK was considering paying the ransom, though the situation remained fluid.

CDK’s Response to Ransomware
CDK’s response involved working with cybersecurity experts to assess the damage and begin the restoration process. The company communicated regularly with its clients, providing updates on the recovery efforts.

Progress in System Restoration
CDK made gradual progress in restoring its systems, bringing a small group of dealerships back online first and planning to phase in additional clients as validation processes were completed.

Ongoing Recovery Efforts

Phased Restoration Process
CDK is adopting a phased approach to restore its services, prioritizing critical systems and gradually bringing additional applications online.

Communication with Dealerships
Throughout the recovery process, CDK is maintaining communication with its clients, offering updates and alternative methods to conduct business.

Challenges in Full Recovery
The complexity of the attacks and the need to ensure system security poses significant challenges for a full recovery. Integration points with OEM systems and third-party partners require careful handling to avoid further disruptions.

Implications for the Auto Industry

Impact on Sales and Service Revenue
The cyberattacks had a notable impact on sales and service revenue for dealerships, with projections showing potential losses for June and the second quarter.

Projections from JD Power and Edmunds
Industry analysts from JD Power and Edmunds projected a decrease in vehicle sales for June, attributing the dip to the CDK outage rather than a lack of consumer demand.

Long-term Industry Effects
The long-term effects of the breach may include increased scrutiny of third-party software providers and a renewed focus on cybersecurity measures within the automotive industry.

Lessons Learned

Importance of Cybersecurity
The CDK breach shows the critical importance of robust cybersecurity practices to protect against ransomware and other cyber threats.

Third-Party Risk Management
Businesses must carefully manage third-party risks, ensuring that vendors adhere to stringent security standards to prevent similar incidents.

Preventative Measures for Dealerships
Dealerships can take proactive steps to enhance their cybersecurity posture, including regular penetration testing, incident response planning, and security best practice gap assessments.

nGuard’s Role in Cybersecurity

Penetration Testing Services
nGuard offers comprehensive penetration testing services to identify vulnerabilities and strengthen defenses against potential cyber threats. Learn more

Cybersecurity Incident Response Services
In the event of a cyber incident, nGuard provides expert incident response services to mitigate damage and restore operations. Learn more

Managed SIEM
nGuard’s Managed SIEM services help monitor and manage security events, providing real-time insights and rapid response capabilities. Learn more

Compliance Gap Assessment
nGuard conducts security best practice compliance gap assessments to ensure businesses meet regulatory requirements and industry standards. Learn more

Conclusion

The CDK Ransomware breach serves as a reminder of the vulnerabilities in our interconnected world. As the auto industry struggles with the fallout, the importance of cybersecurity measures and effective incident response plans cannot be overstated. By leveraging services like those offered by nGuard, businesses can better protect themselves against future threats and ensure a swift recovery in the event of a cyber incident.

FAQs

What is the CDK Ransomware Breach? The CDK Ransomware Breach refers to the cyberattacks on CDK Global, a major provider of dealership management software, which led to system shutdowns and operational disruptions for thousands of car dealerships.

How did the breach affect CDK Global? The breach forced CDK Global to shut down its systems twice, significantly impacting its ability to provide services and causing widespread disruptions for its dealership clients.

What is BlackSuit? BlackSuit is the ransomware group responsible for the cyberattacks on CDK Global. The group demanded tens of millions of dollars in ransom to restore CDK’s systems.

How is CDK responding to the breach? CDK is working with third-party cybersecurity experts to restore its systems. The company has adopted a phased restoration approach and is maintaining communication with its clients.

What are the financial implications for dealerships? The outages have resulted in significant revenue losses for dealerships, as they continued to conduct business using alternative processes and manual documentation.

How can nGuard help prevent such breaches? nGuard provides various cybersecurity services, including penetration testing, incident response, managed SIEM, and compliance gap assessments, to help organizations enhance their security posture and prevent similar breaches.

Executives Targeted: Cybersecurity Scams, Vulnerabilities & Accountability

ys to exploit businesses’ trust in electronic signatures, like using fake DocuSign templates. At the same time, there are new security problems in popular software from Microsoft and Google. Additionally, Microsoft is making sure their top leaders are responsible for keeping the company safe from cyberattacks. In this advisory, we will talk about these issues and how you can implement measures to protect your organization.

Fake DocuSign Templates: A Growing Threat
Scammers are using fake DocuSign templates to trick businesses into giving away sensitive information or making payments. These fake templates look real and can cause significant financial and reputational damage. It’s important to be aware of these scams and take steps to protect your business.

Details:

  • Scam Types: Scammers create fake DocuSign templates that look like real business documents. Common scams include urgent payment requests, fake legal documents, and threats of data breaches.
  • Mitigation Steps: To protect against these scams, implement internal controls, conduct regular social engineering tests, educate employees through security awareness training, verify sender identities, and use DocuSign features like pre-defined signers and custom branding.

Microsoft and Google Zero-Day Vulnerabilities
Both Microsoft and Google have recently fixed zero-day vulnerabilities that were being exploited by attackers. These vulnerabilities allowed attackers to gain control over systems and steal data. It’s crucial to apply the latest security patches to protect your systems.

Details:

  • Microsoft Zero-Day (CVE-2024-30051): This vulnerability in the Windows Desktop Window Manager was used to deliver QakBot malware. It allowed attackers to gain SYSTEM privileges on affected systems.
  • Google Chrome Zero-Day (CVE-2024-4947): This type of confusion bug in the V8 JavaScript engine was actively exploited. It allowed attackers to execute arbitrary code and perform malicious activities.

Recommendations:

  1. Update Software: Apply the latest security patches from Microsoft and Google immediately.
  2. Monitor Systems: Keep an eye on system activity to detect any signs of exploitation. Using a SIEM to collect and correlate logs to detect and respond to active threats.
  3. Vulnerability Scanning: Conduct regular vulnerability scans and all internal and external infrastructure in IT and OT environments.
  4. Educate Users: Inform users about the importance of installing updates promptly and recognizing when software is out of date.

Microsoft to Hold Executives Accountable for Cybersecurity
Microsoft has announced a new initiative to hold its executives accountable for cybersecurity performance. This move ties executive pay to the company’s security metrics, ensuring top leadership prioritizes robust cybersecurity practices. The Secure Future Initiative (SFI), launched last November, has been expanded to affect executive compensation. Part of the compensation for Microsoft’s Senior Leadership Team will be based on meeting security goals and milestones. Microsoft has also made several changes, including appointing Deputy CISOs and improving security governance.

  1. Reason for Change: This decision comes in response to increasing cyber threats and the growing importance of robust cybersecurity measures. Microsoft has been hit with a number of incidents recently which has not helped its reputation. By tying executive pay to security outcomes, Microsoft aims to ensure that its leadership prioritizes and actively manages cybersecurity risks.
  2. Details of the Policy:
    • Performance Metrics: Specific cybersecurity metrics and goals will be set, and the achievement of these goals will directly impact executive bonuses and other forms of compensation.
    • Accountability: This policy aims to foster a culture of accountability at the highest levels of the company, ensuring that senior leaders are directly incentivized to prevent data breaches and other security incidents.
  3. Industry Impact: Microsoft’s approach is likely to influence other companies to adopt similar policies, especially as regulatory pressures and cyber threats continue to escalate. This could set a new standard in the tech industry for how companies manage and prioritize cybersecurity.
  4. Public Statements: Microsoft executives have expressed that this initiative underscores the company’s commitment to security and acknowledges the critical role that leadership plays in safeguarding customer data and company assets.

The recent cybersecurity news highlights the variety and seriousness of threats that companies face today. The increase in fake DocuSign templates shows the need for better user education and strong internal controls. Microsoft and Google’s quick response to serious security flaws shows how important it is to update software on time and monitor systems regularly. Microsoft’s new plan to link executive pay to cybersecurity performance sets a new standard for making leaders responsible for protecting company data. Ultimately, a proactive and informed approach to cybersecurity is essential in managing the challenges of today’s interconnected world.

Chat Icon Chat Close

Learn how nGuard can secure your data

Ready to take the next step? Speak to an nGuard expert and get your questions answered today.

Chat Popup

No thanks, maybe later