- Microsoft Recall Raises Cybersecurity, Privacy Concerns
- LockBit Black ransomware bot spreads 'millions of messages'
- U.S. health agency allocates $50 million for hospital cyber defenses
- IT Nation Secure 2024: What to expect
- Check Point VPN vulnerability exposed by remote access attack
ChannelE2E's sister site MSSP Alert provides news, analysis, insights and everything service providers need to know about cybersecurity. Every week we bring you the top content from the site to help you navigate the challenges of delivering cybersecurity to your end users. This week we take a look at new Microsoft AI technologies that are raising serious cybersecurity and privacy concerns.
Microsoft Recall Raises Cybersecurity, Privacy Concerns
Microsoft may have done itself a disservice with a new AI-like feature built into its upcoming Copilot+ PC that takes screenshots of users' activity every few seconds but doesn't redact passwords or financial account numbers.
Even sensitive work emails could potentially be viewed through Recall: When you log on to your bank's website, for example, your account numbers, balances, statements and transactions are recorded in Recall's on-board database.
Microsoft announced Recall at its recent Build conference as part of a new lineup of AI-enabled Windows PCs due for release in June.
The company said the Recall tool is meant to give users the ability to “find content they've viewed on their devices.” It's exclusive to the Copilot+ PC release. The tech giant is currently rolling out Recall in preview mode to gather customer feedback, develop additional controls for enterprise customers, and improve the user experience.
Read the full story here.
LockBit Black ransomware bot spreads 'millions of messages'
Proofpoint and other cybersecurity researchers have identified a phishing campaign consisting of “millions of messages” containing Lockbit Black (3.0) ransomware being distributed by the Phorpiex botnet.
Phorpiex is one of the oldest bots, first seen around 2011, and has morphed several times from being a worm spread by removable USB drives and instant messaging apps to a ransomware-as-a-service model delivering more dangerous payloads.
Since 2018, this botnet has been observed conducting data exfiltration and ransomware distribution operations.
Proofpoint said it began tracking the mass messages on April 24, 2024, and this was the first time researchers had observed such a large number of LockBit Black samples.
Read the full story here.
U.S. health agency allocates $50 million for hospital cyber defenses
The Department of Health and Human Services (HHS) has allocated about $50 million for a special project to protect hospitals from cyberattackers.
According to HHS, the Universal Patching and Remediation for Autonomous Defense (UPGRADE) program aims to protect medical device systems and networks and deploy solutions at scale. The program is administered by the Department of Health's Advanced Research Projects Agency (ARPA-H).
The UPGRADE platform will be designed to assess and fix potential vulnerabilities, no easy feat in a system dominated by hundreds of internet-connected devices, officials said. Still, the project's main goal is to detect threats, automatically procure or develop patches, test them and deploy them in the hospital environment.
“UPGRADE reduces the time from detection of a device vulnerability to deployment of a secure, automated patch to just days, providing confidence to hospital staff and peace of mind to the people receiving their care,” said ARPA-H Director Renee Wegrzyn.
Read the full story here.
IT Nation Secure 2024: What to expect
Cybersecurity-focused MSPs and channel-friendly vendors will come together at the ConnectWise security conference, IT Nation Secure 2024, taking place June 3-5 in Orlando, Florida.
MSSP Alert will also be there: as MSPs become increasingly important as the front line of security for SMBs, service providers are placing even more focus on this critical area of the technology stack, and this event is designed for these organizations.
The ConnectWise IT Nation Secure agenda is structured around three learning blocks:
- Unlock the secrets to building a profitable cybersecurity practice
- Transform your cybersecurity business with cutting-edge strategies
- Enhance your cybersecurity expertise with leading best practices
Read the full story here.
Check Point VPN vulnerability exposed by remote access attack
Check Point Software Technologies identified the vulnerability affecting a “small number of customers” on its VPN remote access networks and has subsequently released a fix.
According to a May 28 blog post from Check Point, the vulnerability could allow attackers to read certain information on internet-connecting gateways where remote access VPN or mobile access is enabled.
“As we warned on May 27, the attacks we have seen to date focus on remote access scenarios using outdated local accounts that use password-only authentication, which is not recommended,” Check Point said. “Within hours of this attack occurring, Check Point released an easy-to-implement solution that prevents attacks that exploit this vulnerability. To ensure security, customers should follow these steps and deploy the provided solution.”
Check Point said it was working with affected customers to remedy the situation, adding that its networks were not affected by the vulnerability.
Read the full story here.
