Microsoft Recall snapshots can be easily grabbed with TotalRecall tool


Microsoft’s Recall feature has been criticized heavily by pretty much everyone since it was announced last month.

Now, researchers have demonstrated the risks by creating a tool that can find, extract, and display everything Recall has stored on a device. For those unaware, Recall is a feature within what Microsoft is calling its “Copilot+ PCs,” a reference to the AI assistant and companion which the company released in late 2023.

Read more…
Source: Malwarebytes Labs


Sign up for our Newsletter


Related:

  • Patched WinRAR Bug Still Under Active Attack – Thanks to No Auto-Updates

    March 15, 2019

    Various cyber criminal groups and individual hackers are still exploiting a recently patched critical code execution vulnerability in WinRAR, a popular Windows file compression application with 500 million users worldwide. Why? Because the WinRAR software doesn’t have an auto-update feature, which, unfortunately, leaves millions of its users vulnerable to cyber attacks. The critical vulnerability (CVE-2018-20250) that was patched ...

  • The fourth horseman: CVE-2019-0797 vulnerability

    March 13, 2019

    The new zero-day in the Windows OS exploited in targeted attacks In February 2019, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. We reported it to Microsoft on February 22, 2019. ...

  • Yatron Ransomware Plans to Spread Using EternalBlue NSA Exploits

    March 12, 2019

    A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computer on a network. This ransomware will also attempt to delete encrypted files if a payment has not been made in 72 hours. BleepingComputer was first notified about the Yatron RaaS by a security ...

  • New SLUB Backdoor Uses GitHub, Communicates via Slack

    March 7, 2019

    We recently came across a previously unknown malware that piqued our interest in multiple ways. For starters, we discovered it being spread via watering hole attacks, a technique that involves an attacker compromising a website before adding code to it so visitors are redirected to the infecting code. In this case, each visitor is redirected only ...

  • Google reveals Chrome zero-day under active attacks

    March 6, 2019

    Google revealed yesterday that a patch for Chrome last week was actually a fix for a zero-day that was under active attacks. The attacks exploited CVE-2019-5786, a security flaw and the only patch included in the Chrome 72.0.3626.121 version, released last Friday, March 1, 2019. According to an update to its original announcement and a tweet from Google Chrome’s security lead, ...

  • Hide yo’ kids, hide yo’ clouds: Zerodium offering big bucks for cloud zero-days

    March 5, 2019

    Exploit vendor Zerodium announced today plans to pay a whopping $500,000 for zero-days in popular cloud technologies like Microsoft’s Hyper-V and (Dell) VMware’s vSphere. Both Hyper-V and vSphere are what experts call virtualization software, also called hypervisors –software that lets a single “host” server create and run one or more virtual “guest” operating systems. Virtualization software is ...