Microsoft Delays Recall AI Tool Amid, Housing Authority of the City of Los Angeles Faces Cyberattack: Your Cybersecurity Roundup
Microsoft Delays Recall AI Tool Amid Security Concerns
Microsoft has announced a delay in the release of its AI-powered Recall tool, citing ongoing efforts to enhance its security. Recall, designed to capture and index user interactions with their devices, raised concerns among security experts due to the potential for sensitive data exposure.
To address these concerns, Microsoft has implemented several security measures, including:
- Opt-in Feature: Users will have the option to enable or disable Recall.
- Encrypted Data Storage: Recall data will be stored in encrypted form, ensuring confidentiality.
- VBS Enclave Protection: Sensitive data will be protected within a virtualization-based security enclave, limiting access to authorized users.
- Data Filtering: Certain types of sensitive data, such as credit card numbers and social security numbers, will be excluded from Recall.
- User Control: Users can control which apps and websites are included in Recall, and they can delete specific snapshots or entire history.
While these measures are intended to mitigate security risks, it remains to be seen whether they will be sufficient to address all concerns. As AI technology continues to evolve, it is crucial to prioritize security and privacy to ensure that these tools are used responsibly and ethically.
Critical Flaw in LiteCache Exposes Millions of WordPress Sites
A critical vulnerability in the popular WordPress plugin LiteSpeed Cache has put millions of websites at risk. The flaw, tracked as CVE-2024-50550, allows unauthenticated attackers to gain administrative control over vulnerable sites.
The vulnerability stems from a weak hash check in the plugin’s “role simulation” feature, which enables administrators to crawl their websites from different user perspectives. By exploiting this weakness, attackers can bypass security measures and gain unauthorized access to sensitive information and website functionality.
LiteSpeed Technologies has released a patch for the vulnerability in version 6.5.2 of the plugin. However, millions of websites remain vulnerable due to slow adoption of the patch. Website owners are urged to update their plugins immediately to mitigate the risk of exploitation.
This incident highlights the importance of keeping software and plugins up-to-date with the latest security patches. By neglecting to address vulnerabilities promptly, website owners can expose their sites to severe security risks.
HACLA Faces Another Cyberattack by Cactus Ransomware
The Housing Authority of the City of Los Angeles (HACLA) has been hit by another cyberattack, this time by the Cactus ransomware gang. The attack follows a previous breach by the LockBit ransomware group in 2022.
The Cactus ransomware gang claims to have stolen 891 GB of sensitive data, including personal information, financial documents, and corporate confidential data. The group has already published some of the stolen data on its leak site as proof.
This latest attack highlights the increasing threat posed by ransomware groups to critical infrastructure and public sector organizations. It also underscores the importance of robust cybersecurity measures to protect sensitive information.
HACLA is working with external IT specialists to investigate the incident and mitigate its impact. The organization has assured its residents that it remains committed to providing essential services.
