0:00

Cyber Security today is brought to you

0:02

by the generous support of our sponsor

0:04

boasts around security. You. Can get

0:06

their twenty Twenty Four State of Cyber

0:08

Security were to support at both Iran

0:10

security.com and is a link you can

0:12

follow in the show. Notes: Security.

0:17

Controversy over a new Microsoft

0:19

tool and new open source

0:22

threat Intelligence service and more.

0:24

wagon. The Cyber Security Today

0:26

is Monday, May twenty seventh.

0:29

Twenty funny for I'm Howard

0:31

Solomon, contributing reporter on Cyber

0:33

Security for Tech News day.com.

0:39

It's Memorial Day in the

0:41

Us to Us listeners. Thanks.

0:44

For tuning in and I hope you're having

0:46

a great weekend. As.

0:48

You can tell by my voice I was

0:50

a bit under the weather when this podcast

0:53

was recorded. There's.

0:55

Controversy about a proposed Windows

0:57

tool Microsoft announced last week.

0:59

It's. Called recall. It's.

1:02

An option for computers using

1:04

Microsoft Copilot a I chat

1:06

bot. It takes periodic snapshots

1:08

of users screens so they

1:10

can recall or search for

1:13

something that they might have

1:15

seen but can't remember where.

1:17

As outlined in an article by Dark

1:20

Reading. Recall. Stores

1:22

data encrypted on individuals

1:24

pcs, Windows, Administrators

1:26

can disable recall in a

1:29

group or mobile Device management

1:31

policy. Although. The data

1:33

is encrypted. The risk he that

1:35

information stored by recall will be

1:38

a target for hackers because it

1:40

could save screenshots of passwords and

1:42

other sensitive data. On

1:44

the other hand, many I T

1:47

administrators already use I T behavior

1:49

or monitoring applications that also kept

1:52

your keystrokes and other actions of

1:54

employees. That. Could also be found

1:56

by hackers. Those. Applications

1:58

however. me. Have better security

2:01

than recall. I. D

2:03

Administrators or have to think

2:05

carefully about using recall. The.

2:09

Open Source Security Foundation has

2:11

started an Open Source Threat

2:14

Intelligence mailing list for developers.

2:17

Called. Siren. It's.

2:19

A secure environment for sharing

2:21

tactics, techniques, procedures, and indicators

2:24

of compromise. List

2:26

members will get email notifications about

2:29

emerging threats which may be relevant

2:31

to software projects that use open

2:33

source components. Your. Highness

2:35

All rest of the Sands Institute

2:38

notes that the best threat intelligence

2:40

comes from appears in your area

2:42

as interest and not from commercial

2:45

threat intel sources. I.

2:48

T Administrators who oversee courtroom

2:50

technologies should note the following:

2:53

A serious vulnerability has been

2:56

sound in Justice. Eady Solutions

2:58

Digital Audio Visual Recording Software.

3:02

According. To researchers at Rapid seven.

3:04

You need to be on version

3:07

Eight Point three aid of a

3:09

J A vs as you are.

3:12

An earlier version has been compromised

3:14

with malware. Beware.

3:17

Of Sake anti virus website set

3:20

up by Crux. According

3:22

to researchers that collects there are

3:24

phoney web sites pretending to be

3:26

a vast did defender. Malware

3:28

bytes and collects. The

3:30

goal is to trek consumers into

3:32

downloading what they think is free

3:35

or trial security software. Instead.

3:38

They install malware that

3:40

records keystrokes that uses

3:42

hunters like passwords. Copies.

3:44

Data installs a coin miner, or

3:47

does other nasty things. Unfortunately,

3:49

the internet has no way of

3:51

presenting threat actors from creating look

3:53

alike web sites using a company's

3:55

name unless the company has previously

3:57

registered the U R L. So.

4:00

Oh. Don't be fooled if

4:02

you get an email or text message purporting

4:05

to be from any brand name from. And

4:07

if you're using a search engine

4:10

to find a don't automatically click

4:12

on the first return, especially if

4:14

it's labeled sponsored or advertisement. Always.

4:17

Double check on links before clicking

4:20

on them. And. Also, beware

4:22

of sake web sites offering the

4:24

new Windows version of the Ark

4:27

browser. Researchers. That

4:29

malware bytes say victims Using their search

4:31

engine and looking for the Ark browser

4:33

may be tracked if they click on

4:35

the first link they see. Sake!

4:38

Returns list the real

4:40

art browsers website. But.

4:43

What victims click on is not

4:45

that you Rl. It's a

4:47

sake, you are al within the ad.

4:50

Again, if a search result is tagged,

4:52

sponsored or advertiser, he could be a

4:55

phony. In.

4:57

January voters in New Hampshire received

4:59

automated phone calls that sounded like

5:01

President Biden telling them there was

5:04

no need to vote in the

5:06

state's primary election. The.

5:08

Man behind the scam was

5:10

charged last week with sell

5:12

any voter suppression and misdemeanor impersonating

5:14

a candidate. On. Top

5:17

of that, the Federal Communications Commission

5:19

has recommended he pay a six

5:21

million dollar sign. The.

5:23

Telecom Company than actually transmitted the

5:26

phone calls has also been charged

5:28

by the Fcc with violating regulations.

5:32

And finally, Google has issued another

5:34

security update this month for the

5:36

Chrome browser. Windows, And

5:38

Mac users who beyond a version that

5:41

starts with one twenty five. And

5:43

Nz in one, one, three. That's

5:47

it for now. Links to

5:49

details about news mentioned in

5:51

this podcast episode or in

5:53

the text version Ad Tech

5:55

News day.com Follow Cyber Security

5:57

Today on Apple Podcasts the

5:59

modify for at Us to

6:01

your flash briefing on your

6:03

smart speaker. Thanks

6:06

for listening. I'm Howard Solomon.