U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns

UK data watchdog is investigating Microsoft regarding the new Recall feature in Copilot+ PCs that captures screenshots of the user’s laptop every few seconds. The UK data watchdog, the Information Commissioner’s Office (ICO), is investigating a new feature, called Recall, implemented by Microsoft” Copilot+ PCs that captures screenshots of the user’s laptop every few seconds. […]

Microsoft Zero-Day

UK data watchdog is investigating Microsoft regarding the new Recall feature in Copilot+ PCs that captures screenshots of the user’s laptop every few seconds.

The UK data watchdog, the Information Commissioner’s Office (ICO), is investigating a new feature, called Recall, implemented by Microsoft” Copilot+ PCs that captures screenshots of the user’s laptop every few seconds.

“You can use Recall on Copilot+ PCs to find the content you have viewed on your device. Recall is currently in preview status; during this phase, we will collect customer feedback, develop more controls for enterprise customers to manage and govern Recall data, and improve the overall experience for users.” reads the announcement.

Microsoft explained that the Recall feature will store encrypted snapshots locally on the user’s computer, the feature will be only implemented in forthcoming Copilot+ PCs. Microsoft doesn’t have access to the snapshot.

Privacy advocates fear the potential abuses of the feature and have called it a potential “privacy nightmare”.

The IT giant attempted to downplay the risks for the users, it pointed out that the feature was developed with privacy and security by design and it is an “optional experience.”

Microsoft added that Recall does not take snapshots of certain kinds of content, such as InPrivate web browsing sessions in Microsoft Edge.

Users can manage which snapshots Recall collects, excluding specific apps or websites. They can also pause snapshot collection, clear some or all stored snapshots, or delete all snapshots from their device.

The only way to access Recall data is to gain physical access to the user’s device, unlock it and sign in.

“We are making enquiries with Microsoft to understand the safeguards in place to protect user privacy,” an ICO spokesperson told BBC.

The snapshots could grab users’ passwords with a severe impact on their privacy and security

“[This includes] law enforcement court orders, or even from Microsoft if they change their mind about keeping all this content local and not using it for targeted advertising or training their AIs down the line,” said Jen Caltrider, who leads a privacy team at Mozilla.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Copilot)