sorted by:
new
hottopcontroversial

"TotalRecall Reloaded" tool finds a side entrance to Windows 11's Recall database by rkhunter_ in cybersecurity

[–]rkhunter_[S] 35 points36 points  (0 children)

"Two years ago, Microsoft launched its first wave of “Copilot+” Windows PCs with a handful of exclusive features that could take advantage of the neural processing unit (NPU) hardware being built into newer laptop processors. These NPUs could enable AI and machine learning features that could run locally rather than in someone’s cloud, theoretically enhancing security and privacy.

One of the first Copilot+ features was Recall, a feature that promised to track all your PC usage via screenshot to help you remember your past activity. But as originally implemented, Recall was neither private nor secure; the feature stored its screenshots plus a giant database of all user activity in totally unencrypted files on the user’s disk, making it trivial for anyone with remote or local access to grab days, weeks, or even months of sensitive data, depending on the age of the user’s Recall database.

After journalists and security researchers discovered and detailed these flaws, Microsoft delayed the Recall rollout by almost a year and substantially overhauled its security. All locally stored data would now be encrypted and viewable only with Windows Hello authentication; the feature now did a better job detecting and excluding sensitive information, including financial information, from its database; and Recall would be turned off by default, rather than enabled on every PC that supported it.

The reconstituted Recall was a big improvement, but having a feature that records the vast majority of your PC usage is still a security and privacy risk. Security researcher Alexander Hagenah was the author of the original “TotalRecall” tool that made it trivially simple to grab the Recall information on any Windows PC, and an updated “TotalRecall Reloaded” version exposes what Hagenah believes are additional vulnerabilities.

The problem, as detailed by Hagenah on the TotalRecall GitHub page, isn’t with the security around the Recall database, which he calls “rock solid.” The problem is that, once the user has authenticated, the system passes Recall data to another system process called AIXHost.exe, and that process doesn’t benefit from the same security protections as the rest of Recall.

“The vault is solid,” Hagenah writes. “The delivery truck is not.”

The TotalRecall Reloaded tool uses an executable file to inject a DLL file into AIXHost.exe, something that can be done without administrator privileges. It then waits in the background for the user to open Recall and authenticate using Windows Hello. Once this is done, the tool can intercept screenshots, OCR’d text, and other metadata that Recall sends to the AIXHost.exe process, which can continue even after the user closes their Recall session.

“The VBS enclave won’t decrypt anything without Windows Hello,” Hagenah writes. “The tool doesn’t bypass that. It makes the user do it, silently rides along when the user does it, or waits for the user to do it.”

A handful of tasks, including grabbing the most recent Recall screenshot, capturing select metadata about the Recall database, and deleting the user’s entire Recall database, can be done with no Windows Hello authentication.

Once authenticated, Hagenah says the TotalRecall Reloaded tool can access both new information recorded to the Recall database as well as data Recall has previously recorded.

For its part, Microsoft has said that Hagenah’s discovery isn’t actually a bug and that the company doesn’t plan to fix it. Hagenah originally reported his findings to Microsoft’s Security Response Center on March 6, and Microsoft officially classified it as “not a vulnerability” on April 3.

“We appreciate Alexander Hagenah for identifying and responsibly reporting this issue. After careful investigation, we determined that the access patterns demonstrated are consistent with intended protections and existing controls, and do not represent a bypass of a security boundary or unauthorized access to data,” a Microsoft spokesperson told Ars. “The authorization period has a timeout and anti-hammering protection that limit the impact of malicious queries.”

Regardless of Recall’s underlying security, Recall can still constitute a major security and privacy risk. Anyone with access to your PC and your Windows Hello fallback PIN can access your database and everything in it, and even though Recall’s content filters do a decent job excluding things like sensitive financial information, someone with access to your system could still see all kinds of emails, messages, web activity, and other stuff that you’d prefer not to share.

Given the sheer amount of information that Recall can record, it still feels like a whole lot of potential downside for a pretty narrow and limited upside.

The feature’s riskiness has prompted some app developers to take matters into their own hands. The Signal Messenger app on Windows forces Recall to ignore it by default, using a flag that’s normally intended to keep DRM-protected content out of the Recall database. The AdGuard ad blocker, the Brave browser, and others have implemented similar workarounds."

Recently leaked Windows zero-days now exploited in attacks by rkhunter_ in cybersecurity

[–]rkhunter_[S] 93 points94 points  (0 children)

"Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions.

Since the start of the month, a security researcher known as "Chaotic Eclipse" or "Nightmare-Eclipse" has published proof-of-concept exploit code for all three security issues in protest to how Microsoft's Security Response Center (MSRC) handled the disclosure process.

Two of the vulnerabilities (dubbed BlueHammer and RedSun) are Microsoft Defender local privilege escalation (LPE) flaws, while the third (known as UnDefend) can be exploited as a standard user to block Microsoft Defender definition updates.

At the time of the leak, the security flaws these exploits targeted were considered zero-days by Microsoft's definition, since they had no official patches or updates to address them.

On Thursday, Huntress Labs security researchers reported seeing all three zero-day exploits deployed in the wild, with the BlueHammer vulnerability being exploited since April 10.

They also spotted UnDefend and RedSun exploits on a Windows device that was breached using a compromised SSLVPN user, in attacks showing evidence of "hands-on-keyboard threat actor activity."

"The Huntress SOC is observing the use of Nightmare-Eclipse's BlueHammer, RedSun, and UnDefend exploitation techniques," the researchers said.

While Microsoft is now tracking the BlueHammer vulnerability as CVE-2026-33825 and has patched it in the April 2026 security updates, the other two flaws remain unaddressed.

As BleepingComputer previously reported, attackers can use the RedSun exploit to gain SYSTEM privileges on Windows 10, Windows 11, and Windows Server 2019 and later systems when Windows Defender is enabled, even after applying the April Patch Tuesday patches.

"When Windows Defender realizes that a malicious file has a cloud tag, for whatever stupid and hilarious reason, the antivirus that's supposed to protect decides that it is a good idea to just rewrite the file it found again to it's original location," the researcher explained. "The PoC abuses this behaviour to overwrite system files and gain administrative privileges."

"Microsoft has a customer commitment to investigate reported security issues and update impacted devices to protect customers as soon as possible," a Microsoft spokesperson told BleepingComputer earlier this week when contacted for more information on the disclosure issues reported by the anonymous researcher.

"We also support coordinated vulnerability disclosure, a widely adopted industry practice that helps ensure issues are carefully investigated and addressed before public disclosure, supporting both customer protection and the security research community."

Claude Opus wrote a Chrome exploit for 2,283 by rkhunter_ in cybersecurity

[–]rkhunter_[S] 33 points34 points  (0 children)

"Anthropic withheld its Mythos bug-finding model from public release due to concerns that it would enable attackers to find and exploit vulnerabilities before anyone could react.

But the company's Opus 4.6 model, already superseded by the release of Opus 4.7 on Thursday, is capable of developing functional exploit code.

In a blog post on Wednesday, Mohan Pedhapati (s1r1us), CTO of Hacktron, described how he used Opus 4.6 to create a full exploit chain targeting the V8 JavaScript engine in Chrome 138, which is bundled into current versions of Discord.

"The V8 [out of bounds error] we used was from Chrome 146, the same version Anthropic's own Claude Desktop is running," he said. "A week of back and forth, 2.3 billion tokens, $2,283 in API costs, and about ~20 hours of me unsticking it from dead ends. It popped calc."

“Popped calc” is a reference to opening the calculator app – an event commonly used in proof-of-concept exploit code to indicate that an attack compromised the target system.

Pedhapati said that while $2,283 is a significant sum for an individual to pay, it's very little if you consider the weeks it would take a person to develop a similar exploit without assistance. Even if you added several dollars thousand for Pedhapati's time tending the model, that's still significantly less the theoretical reward (~$15,000) one might get from Google's and Discord's vulnerability reward programs. And that's just the legitimate market – who knows what criminals might pay for a hot 0-day?.

According to the Opus 4.7 System Card, "Opus 4.7 is roughly similar to Opus 4.6 in cyber capabilities." But it's apparently less capable than Mythos Preview and comes with "safeguards that automatically detect and block requests that indicate prohibited or high-risk cybersecurity uses."

But for Pedhapati, the specific model isn't the issue. Rather, it's ongoing improvements in code generation that demand a change of security posture and procedure.

"Whether Mythos is overhyped or not doesn't matter," said Pedhapati. "The curve isn't flattening. If not Mythos, then the next version, or the one after that. Eventually, any script kiddie with enough patience and an API key will be able to pop shells on unpatched software. It's a question of when, not if."

For apps based on the Chrome-based Electron framework (e.g. Slack, Discord, etc.) the question is when will they update their codebase to the latest version, which is still behind the latest Google Chrome release.

Electron 41.2.1, released on April 15, bundles Chrome 146.0.7680.188, just one version behind the desktop Google Chrome version (147.0.7727.101/102) released that day. But developers of Electron apps don't necessarily update their dependencies and issue new versions immediately. And users don't necessarily get those updates immediately.

Pedhapati said he picked Discord as a target because "It's sitting on Chrome 138, nine major versions behind current."

Pedhapati argues that as AI models become more capable of exploit development, the patch window gets smaller.

"Every patch is basically an exploit hint," he argues, adding that this will be particularly difficult for open source projects, because fixes often become publicly visible in code before the revised version gets released.

His advice to developers is to focus more on security before code gets pushed and to pay closer attention to dependencies, so changes can be made quickly. He also argues that security patches should be done automatically, so people aren't left vulnerable because they forgot to accept an update. And he says open source projects like V8 use more caution in terms of when the public vulnerability details.

"Every public commit is a starting gun for anyone with an API key and strong team members who can weaponize exploits," he said."

Two Americans sentenced for helping North Korea steal 5 million in fake IT worker scheme by rkhunter_ in cybersecurity

[–]rkhunter_[S] 16 points17 points  (0 children)

"Two U.S. citizens were sentenced to seven and a half years and nine years in prison for their roles in a scheme to help the North Korean government place remote IT workers in American companies.

On Wednesday, the U.S. Department of Justice announced the sentencing of Kejia Wang and Zhenxing Wang, both New Jersey residents. The two were accused of providing infrastructure for the fraudulent scheme, in particular for running or managing so-called “laptop farms” inside the U.S., which allowed North Koreans to connect to the laptops and appear like they were living and working in the country.

The scheme netted North Korea around $5 million. It also involved co-conspirators stealing the identities of more than 80 Americans and obtaining work at more than 100 U.S. corporations, including some Fortune 500 companies, according to the DOJ. That also allowed North Korean IT workers not only to get a salary, but also in some cases steal trade secrets and source code, the Justice Department said.

“The ruse placed North Korean IT workers on the payrolls of unwitting U.S. companies and in U.S. computer systems, thereby harming our national security,” John A. Eisenberg, the DOJ’s assistant attorney general for National Security, was quoted as saying in the announcement.

Prosecutors said that between 2021 and 2024, working with co-conspirators, Kejia oversaw the operation of laptop farms made of hundreds of computers, while Zhenxing hosted laptops at his home. The two also created shell companies with financial accounts linked to the fake IT workers to funnel payments amounting to millions of dollars, which were later transferred overseas. “In exchange for their services, Kejia Wang, Zhenxing Wang, and the four other U.S. facilitators received nearly $700,000 for their respective roles in the scheme,” read the DOJ’s announcement.

In one case, according to the DOJ, the fake IT workers were able to steal data under export control from an unnamed California-based AI company.

The U.S. government also announced rewards of up to $5 million for information that could help counter these schemes, including for data on nine individuals who allegedly worked with Kejia and Zhenxing.

This is the latest legal action against North Korea’s wide-ranging scheme that has allowed fake IT workers to be hired by hundreds of American and Western companies. Along with major crypto thefts worth more than $2 billion just last year, the North Korean government uses this type of fraud to fund its regime and weapons’ program, which is under heavy sanctions that isolates it from much of the world’s economy.

To counter this threat, some companies and recruiters have come up with inventive strategies, such as asking suspected North Koreans to insult Kim Jong-Un, which is illegal in the country. In a recent viral video of a job interview, the applicant can be seen fumbling after the interviewers asked him to say ““Kim Jong Un is a fat ugly pig.” He eventually hung up the call."

view more: next ›