Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Security Feature. Show all posts

Windows 11’s Recall feature is Now Ready For Release, Microsoft Claims

 

Microsoft has released an update regarding the Recall feature in Windows 11, which has been on hold for some time owing to security and privacy concerns. The document also details when Microsoft intends to move forward with the feature and roll it out to Copilot+ PCs. 

Microsoft said in a statement that the intention is to launch Recall on CoPilot+ laptops in November, with a number of protections in place to ensure that the feature is safe enough, as explained in a separate blog post. So, what are these measures supposed to appease the critics of Recall - a supercharged AI-powered search in Windows 11 that uses regular screenshots ('snapshots' as Microsoft calls them) of the activity on your PC - as it was originally intended? 

One of the most significant changes is that, as Microsoft had previously informed us, Recall will only be available with permission, rather than being enabled by default as it was when the function was first introduced. 

“During the set-up experience for Copilot+ PCs, users are given a clear option whether to opt-in to saving snapshots using Recall. If a user doesn’t proactively choose to turn it on, it will be off, and snapshots will not be taken or saved,” Microsoft noted. 

Additionally, as Microsoft has stated, snapshots and other Recall-related data would be fully permitted, and Windows Hello login will be required to access the service. In other words, you'll need to check in through Hello to prove that you're the one using Recall (not someone else on your PC). 

Furthermore, Recall will use a secure environment known as a Virtualization-based Security Enclave, or VBS Enclave, which is a fully secure virtual computer isolated from the Windows 11 system that can only be accessed by the user via a decryption key (given with the Windows Hello sign-in).

David Weston, who wrote Microsoft’s blog post and is VP of Enterprise and OS Security, explained to Windows Central: “All of the sensitive Recall processes, so screenshots, screenshot processing, vector database, are now in a VBS Enclave. We basically took Recall and put it in a virtual machine [VM], so even administrative users are not able to interact in that VM or run any code or see any data.”

Similarly, Microsoft cannot access your Recall data. And, as the software giant has already stated, all of this data is stored locally on your machine; none of it is sent to the cloud. This is why Recall is only available on Copilot+ PCs - it requires a strong NPU for acceleration and local processing to function properly. 

Finally, Microsoft addresses a previous issue about Recall storing images of, say, your online banking site and perhaps sensitive financial information - the tool now filters out things like passwords and credit card numbers.

Google: Gmail Users Warned of a Security Flaw in its New Feature


Google has recently issued a warning to its 1.8 billion Gmail users following a security flaw that was discovered in one of its latest security functions.

The feature, Gmail checkmark system was introduced to assist users distinguish between certified businesses and organizations and legitimate emails from potential scammers. This is made possible through a blue checkmark, included in the function.

However, threat actors were able to take advantage of this feature, raising questions about the general security of Gmail.

Chris Plummer, a cybersecurity expert, found that cybercriminals could deceive Gmail into thinking their bogus businesses were real. This way, they shattered the trust Gmail users were supposed to have in the checkmark system.

"The sender found a way to dupe @gmail's authoritative stamp of approval, which end users are going to trust. This message went from a Facebook account to a UK netblock, to O365, to me. Nothing about this is legit," says Plummer.

Prior to these findings, Google dismissed the claims, calling this to be “intended behavior.” But after the issue gained a significant response following Plummer’s tweet related to the flaw, Google finally acknowledged the error.

Later, Google admitted its mistake and conducted a proper investigation into the matter. The flaw’s security was acknowledged, with Google labeling it as a ‘P1’ fix, which indicates it to be in the topmost priority status.

"After taking a closer look we realized that this indeed doesn't seem like a generic SPF vulnerability. Thus we are reopening this and the appropriate team is taking a closer look at what is going on […] We apologize again for the confusion and we understand our initial response might have been frustrating, thank you so much for pressing on for us to take a closer look at this! We'll keep you posted with our assessment and the direction that this issue takes," Google said in a statement.

Google’s warning serves as a caution to online users that security features too are vulnerable to flaws, regardless of how much advancement they may attain. Thus it is important to have a vigilant outlook on the ‘safety’ features. Users must also be careful when involving themselves with email communication.  

Kill Switch: Your VPN is Useless Without This Essential Security Feature

 

Kill switch has turned out an essential security feature for VPN. If your virtual private network does not have a kill switch, internet users might have to look for a new VPN provider. 

In the instance, one’s VPN connection drops for any reason, a kill switch will immediately shut down the user’s internet connection. Thus, playing the role of a crucial VPN security feature, the kill switch ensures that the user data does not leak outside the VPN tunnel or be exposed online unencrypted – that may turn dangerous in many situations. 

Using a VPN, the user’s internet traffic is routed to a secure server at a location of his choice over an encrypted tunnel.  

Eventually, the user’s IP address will change to that of the server he is connecting to. This process not only allows access to geo-restricted content but also hides the user’s original IP address and internet traffic from ISP, government agencies, threat actors, and anyone who might be a threat to their online data.  

Why do VPN disconnections occur? 


Since no technology is error-free, even the best VPNs can have connection drops time and again. VPN disconnection happens for several reasons, some of which are listed below:  

• The user is using a weak or congested Wi-Fi connection — like a public Wi-Fi hotspot in a coffee shop, hotel, or airport. • User is switching to a different Wi-Fi network or switching from Wi-Fi to mobile data. • The computer goes to sleep. • An antivirus program or firewall on your computer is interfering with your VPN connection (in this case, make sure to whitelist your VPN software). • User is jumping from one VPN server to another, or they are frequently switching from one server to another, exceeding their VPN provider’s concurrent connection limit. • They use the OpenVPN UDP protocol, which is less stable than the TCP protocol (switch to TCP if you notice your VPN dropping). • The VPN server they are connecting to is down. • VPN app crashes.  

What if your VPN disconnects without a kill switch? 


In case a user’s VPN disconnects without enabling a kill switch, this will leave the internet connection active, exposing the user’s true IP address and web traffic the moment the disconnection continues unencrypted. 

As a result, the user’s online activities will be exposed, compromising any sensitive personal data one may have been accessing while connected to the VPN. A user can as well compromise his true location based on the exposed IP address. 

This could be problematic if the user is using VPN to access geographically restricted content and for professionals who use a VPN for crucial privacy needs. Using kill switch reduces the risk of such situations. 


How does a VPN kill switch operates? 


A VPN kill switch, when enabled continuously monitors the user’s VPN connection and scans for any change in his IP address or the status of one’s network. The kill switch will engage and block access to the internet connection in an instant if it detects any change in either. 

After the user reconnects to the VPN or the VPN tunnel reestablishes automatically, the kill switch will then allow the internet to reconnect, while still continuously monitoring the VPN connection.

Microsoft Office 365 users will now be able to view their quarantined phishing messages

 

Microsoft Office 365 will now let users view their phishing messages that are automatically screened by Exchange Online Protection (EOP) filter. 



Through this new venture, users will now be able to reclaim that had been unwittingly marked as spam or phishing by EOP. (EOP- a cloud-based filtering service that scans messages and restricts malicious emails like spams, phishing emails, malware attachments from reaching to the end-user) 

"We understand that managing false positives is important to ensuring an email is delivered appropriately, and in the past, end-users weren't granted access to the quarantine to view messages," Microsoft debriefs on the new feature.

However, the new feature will be available as "read-only" access but the user can request a particular message to be dropped in the inbox that might have been accidentally quarantined. This new Office 365 ATP Request Release feature will be available to all users with the Advanced Threat Protection plan this month. 

Office also released a similar feature not too long ago - Application Guard which opens all files from unsafe locations in a secluded sandbox. This isolated sandbox doesn't allow malicious files to corrupt the device and software by not letting the file download any data, file, or extension from the attacker's server. 

Upcoming ATP security features and tools- 

Office 365 is alluding to enhance their security in the third quarter of the year with various new security features in the charts- 

  •  Improving Office 365 ATP Threat Explorer 
To elevate it's distinguishing ability to sort between malicious, spam, or phishing emails.

  •  Disable default email forwarding to external recipients
In order to prevent data theft and "automated malicious content blocking" to all users despite their custom settings.

  •  More transparency through email pathways-
Office ATP users would get more information on the route incoming emails take through Office's EOP (Exchange Online Protection) filtering system and they would know more about the "effectiveness of any security configuration changes" according to bleepingcomputer.com.

  •  New Configuration Analyzer 
This new feature is suspected to release in Q3 and would make it easier to compare your security policies settings efficacy to Office's recommended settings.