Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/112617734794694036">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 15-Jun-2024 09:12:00 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20251103133701.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/112616471324439933" rel="in-reply-to">in reply to</a></div></section><article><p>This is pretty good - detecting Microsoft Recall misuse for data exfil. <a href="https://youtu.be/SV9-dn-5uEY?si=jVz9sC4A2wKxeiBt" rel="nofollow noreferrer">https://youtu.be/SV9-dn-5uEY?si=jVz9sC4A2wKxeiBt</a></p><p>I tested this against the latest release of Recall and both TotalRecall and these detections still work. </p><p>Obviously Recall may well alter before it hits Insider preview channel, nobody needs to rush out detections yet. </p><p>Btw all through this saga, Microsoft Defender never triggered Recall specific alerts for me. Sophos did.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3241545#notice-6402020">In conversation</a><time datetime="2024-06-15T09:12:00+09:00" title="Saturday, 15-Jun-2024 09:12:00 JST">Saturday, 15-Jun-2024 09:12:00 JST</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/112617734794694036" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/112617734794694036">permalink</a><h4>Attachments</h4><ol><li><article><header><img height="128" width="128" src="https://gnusocial.jp/thumbnail/2785502?w=128&amp;h=128"><h5><a href="https://www.youtube.com/watch?si=jVz9sC4A2wKxeiBtI&amp;v=SV9-dn-5uEY&amp;feature=youtu.be">Microsoft Recall: Detecting Abuse | Threat SnapShot</a></h5><div> from <span>SnapAttack</span></div></header><div>You've probably heard of Microsoft's new Recall feature by now. It's a info stealer's dream come true. There has been a lot of information release about how ...</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 15-Jun-2024 09:12:00 JST Kevin Beaumont
in reply to
This is pretty good - detecting Microsoft Recall misuse for data exfil. https://youtu.be/SV9-dn-5uEY?si=jVz9sC4A2wKxeiBt
I tested this against the latest release of Recall and both TotalRecall and these detections still work.
Obviously Recall may well alter before it hits Insider preview channel, nobody needs to rush out detections yet.
Btw all through this saga, Microsoft Defender never triggered Recall specific alerts for me. Sophos did.
In conversationSaturday, 15-Jun-2024 09:12:00 JST from cyberplace.socialpermalink
Attachments
1. Microsoft Recall: Detecting Abuse | Threat SnapShot
  from SnapAttack
  You've probably heard of Microsoft's new Recall feature by now. It's a info stealer's dream come true. There has been a lot of information release about how ...

Public

Embed Notice

HTML Code

Corresponding Notice