Security, Windows TCO, and Microsoft Surveillance Gone Out of Control
-
Bruce Schneier ☛ Ultralytics Supply-Chain Attack
Last week, we saw a supply-chain attack against the Ultralytics Hey Hi (AI) library on Microsoft's proprietary prison GitHub.
-
Windows TCO
-
Security Week ☛ Microsoft MFA Bypassed via AuthQuake Attack
Non-human identity management firm Oasis Security has disclosed the details of an attack that allowed its researchers to bypass Microsoft’s multi-factor authentication (MFA) implementation.
-
Rhode Island ☛ Governor McKee Issues Update on Cybersecurity Breach of RIBridges System | Governor's Office, State of Rhode Island
On December 13, 2024, the State was informed by its vendor, Deloitte, that there was a major security threat to the RIBridges system. In response, we have proactively taken the system offline so that the State and Deloitte can work to address the threat and restore the system as quickly as possible. Additionally, Deloitte confirmed that there is a high probability that a cybercriminal has obtained files with personally identifiable information from RIBridges.
-
India Times ☛ Cyberattack in Rhode Island: Sensitive data breach, [intruders] demand ransom
The security breach impacted users of state government assistance programmes, including:
Medicaid
Supplemental Nutrition Assistance Program (SNAP)
Temporary Assistance for Needy Families (TANF)
Child Care Assistance Program (CCAP)
Health coverage via HealthSource RI
Rhode Island Works (RIW)
Long-Term Services and Supports (LTSS)
General Public Assistance (GPA) Program.
The breach potentially affects anyone who has applied for or received benefits through these programmes since 2016.
-
Gannett ☛ RI computer network cyberattack forces shutdown of public benefits system
Deloitte, the information technology vendor that built and runs the computer system known as RIBridges and UHIP, first alerted the state and police about a potential attack on Dec. 5. On Tuesday, the attackers sent the vendor screenshots showing personal data files.
McKee said the decision to shut down the system and the HealthyRhode.ri.gov website came late Friday afternoon after Deloitte discovered that dangerous malware was embedded in the RIBridges computer code.
-
TechCrunch ☛ Rhode Island says personal data likely breached in social services cyberattack
According to an update from Governor Dan McKee’s office, the attack [breached] RIBridges, which Rhode Island residents use to apply for and access programs such as Medicaid and the Supplemental Nutrition Assistance Program (SNAP).
The attack also [breached] the Healthsource RI insurance marketplace. McKee’s office said “any individual who has received or applied for health coverage and/or health and human services programs or benefits could be impacted by this leak.”
The information accessed by the cyberattackers could include names, addresses, dates of birth, Social Security numbers, and banking information.
-
VOA News ☛ [Intruders] demand ransom from Rhode Islanders after data breach
In what Rhode Island officials described as extortion, the [intruders] threatened to release the stolen information unless they were paid an undisclosed amount of money.
The breached data affects people who use the state's government assistance programs and includes the Supplemental Nutrition Assistance Program, or SNAP, Temporary Assistance for Needy Families and healthcare purchased through the state's HealthSource RI, Governor Dan McKee announced on Friday.
-
Surveillance
-
Tom's Hardware ☛ Microsoft Recall screenshots credit cards and Social Security numbers, even with the "sensitive information" filter enabled
Microsoft’s Recall feature recently made its way back to Windows Insiders after having been pulled from test builds back in June, due to security and privacy concerns. The new version of Recall encrypts the screens it captures and, by default, it has a “Filter sensitive information,” setting enabled, which is supposed to prevent it from recording any app or website that is showing credit card numbers, social security numbers, or other important financial / personal info. In my tests, however, this filter only worked in some situations (on two e-commerce sites), leaving a gaping hole in the protection it promises.
-
PC World ☛ Classic Outlook gets an official 'death date' as users are urged to switch
More recently, Microsoft has started pushing users in that direction even harder. According to Windows Latest, business-oriented Microsoft 365 users are being urged to switch from classic Outlook to the new Outlook app, despite it lacking several features from the legacy app.
-
Pivot to AI ☛ Windows AI Copilot+ Recall stores screenshots of sensitive data, regardless of ‘sensitive information’ filter
Recall is a feature for Microsoft’s AI-enabled Copilot+ PCs that takes continuous screenshots of everything you do on your AI PC, scans the text, and lets you search it with an LLM.
The text is stored locally, but sent off to Microsoft’s LLM. The UK Information Commissioner’s Office launched an investigation into Recall. This was enough for Microsoft to pull Recall from test builds in June.
-
-