Cyber Security Headlines Microsoft Recall updates, Russian orgs deal with networking software updates, SSL.com certificate issuance vulnerability
16 snips
Apr 23, 2025 Microsoft is recalling the Copilot Plus feature due to major security flaws. Meanwhile, Russian organizations are facing targeted attacks through deceptive updates masquerading as security tools. SSL.com is racing to address a vulnerability in its certificate issuance process, highlighting ongoing threats in the digital landscape. The podcast also discusses a surge in ransomware attacks impacting over 100 victims and the need for stronger cybersecurity measures to combat increasingly sophisticated global cyber scams.
AI Snips
Chapters
Transcript
Episode notes
Microsoft Copilot Privacy Flaws Fixed
- Microsoft's Copilot Plus PC feature initially had serious security flaws like default enabled screenshot capture and unencrypted sensitive data storage.
- The updated version improves privacy with encryption, opt-in activation, and filtering of sensitive data.
Backdoor Masquerades as Software Update
- Kaspersky discovered a backdoor attack on Russian organizations disguised as updates for secure networking software, VipNet.
- Attackers used archives containing malicious loaders and encrypted payloads to connect backdoors to command servers for data theft.
SSL.com Certificate Issuance Flaw
- SSL.com vulnerability allowed misissuance of certificates for major domains by exploiting DNS record creation.
- The flaw was exploited to issue certificates without proper domain ownership verification before being revoked.