Microsoft Teases Windows Recall: Take 3

Microsoft Reveals New AI-Powered Windows Recall with Enhanced Privacy Features

Microsoft has recently showcased a preview of its highly anticipated Windows Recall feature, a tool that aims to provide users with an intelligent way to access snapshots of their PC activity. Initially announced in May, Windows Recall has faced multiple delays and has now re-emerged with added privacy safeguards. The feature captures periodic screenshots of open windows, utilizing on-device artificial intelligence to enable users to search through these snapshots using natural language queries.

However, the journey towards bringing Windows Recall to the public hasn’t been smooth. Security researchers have voiced serious concerns regarding privacy risks, suggesting that the collected data could potentially attract malicious actors. In response to these criticisms, Microsoft has implemented several measures to enhance security. Now, to activate Recall, users must enable BitLocker full-disk encryption, secure boot, and enroll in Windows Hello for access controls, thus bolstering the security of their systems.

During the data capture process, Windows Recall is designed to avoid storing sensitive information such as passwords or credit card details, allowing users to delete screenshots and selectively exclude certain applications and websites from being recorded. The company’s efforts also include updating safeguards against brute-force attacks through mechanisms like anti-hammering and rate limiting. Data remains encrypted locally, and Microsoft has asserted that it does not have access to this information. The latest preview includes a “Click to Do” feature aimed at boosting productivity by suggesting actions based on Recall snapshots.

Currently, this initiative is exclusive to participants in the Windows Insider Program for Developers, specifically for devices powered by Qualcomm’s Snapdragon X Elite and Copilot+ PCs equipped with Windows 11 Insider Preview Build 26120.2415. Broader deployment plans hinge on further feedback gathered through the Insider Program.

In a separate cybersecurity incident, the U.S. Federal Trade Commission has revealed alarming findings regarding the transparency of smart devices’ update policies. In a recent report, it was disclosed that nearly 90% of smart devices surveyed failed to provide clear information about the duration of software update support, leaving consumers vulnerable to security risks. The lack of transparency in policies regarding updates for smart home products such as hearing aids and security cameras raises significant implications for user security and trust.

In legal news, Ping Li, a Florida-based IT professional, was sentenced to four years in prison for his role as an agent for China’s Ministry of State Security. The case highlighted concerns over sensitive data compromises, with Li providing information on individuals targeted by Chinese authorities and leaking cybersecurity training materials from his employer. Significant implications arise from this case for both national security and corporate data protection strategies.

Additionally, in a major collaborative effort, law enforcement agencies in Africa, coordinated by INTERPOL and AFRIPOL, arrested over 1,000 suspects involved in cybercrime, with operations focused on tackling various forms of digital extortion and ransomware attacks. The operation emphasized the scale of cybercrime activity on the continent, causing millions in losses across global victims.

The risk landscape continues to evolve, underscoring the significance of robust cybersecurity frameworks such as the MITRE ATT&CK Matrix. Tactics such as initial access, privilege escalation, and data exfiltration have been reflected in these incidents. Business owners should remain vigilant and adapt their cybersecurity strategies accordingly, recognizing that both technological advancements and criminal tactics are constantly changing.

Source link