Nope. Don't like that.Peeping BotEven after a revamp, Microsoft's AI-powered "Recall" tool, which quietly takes snapshots of your screen every few seconds, is still capturing your sensitive information.As an investigation by Tom's Hardware found, the Windows feature routinely captured credit card numbers, social security numbers, and other financial and personal data that was onscreen even when the new "filter sensitive information" setting was enabled.Ideally, this filter, which is now on by default, is supposed to prevent snapshots from being taken when such information is being displayed. But there are clearly still some glitches."When I entered a credit card number and a random username / password into a Windows Notepad window, Recall captured it, despite the fact that I had text such as 'Capital One Visa' right next to the numbers," wrote Avram Piltch, Tom's editor-in-chief."Similarly, when I filled out a loan application PDF in Microsoft Edge, entering a social security number, name and DOB, Recall captured that." The issue persisted when Piltch used his real information.Talking ShopAccording to Tom's testing, Microsoft's new feature only worked reliably when credit card info was being entered into online stores (specifically Pimoroni and Adafruit). That's good but not nearly good enough."What my experiment proves is that it's pretty much impossible for Microsoft's AI filter to identify every situation where sensitive information is on screen and avoid capturing it," Piltch wrote."My examples were designed to test the filter, but they're not fringe cases. Real people do put sensitive personal information into PDF forms," he added. "They write things down or copy and paste them into text files and then key them into websites that don't look like typical shopping sites."Unpopular DemandRecall was initially announced in May, when the plan was for it to be debuted in the first crop of "Copilot+ PCs," Microsoft's new line of AI-laden Windows 11 laptops. In theory, Recall is a nice idea: if you forgot something you looked at earlier, you can open the app and look at a visual history of your computer usage.But its launch was quickly reversed amidst overwhelming backlash to what many saw as a massive privacy risk not to mention a potential surveillance tool being woven into their operating system (a gripe with which longtime Windows users are by now very familiar). These fears were deepened when security researchers discovered that the tool's screenshots were unencrypted and could easily be hacked.So instead, Microsoft decided that the AI feature would only be made available to those part of its Windows Insider Program, before pulling it entirely. In effect: Recall got recalled.Roughly half a year later, it's now available again for certain Insiders with a Copilot PC running the correct hardware. While the screenshots are encrypted this time, it seems that its privacy measures are deficient overall if it's still screenshotting your social security number.For Microsoft to reassure people with a "filter sensitive information" setting that clearly doesn't work, then, is downright irresponsible though of course, Recall is a work in progress.Share This Article

A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan.Cybersecurity company Securonix, which is tracking the activity under the name FLUX#CONSOLE, said it likely starts with a phishing email link or attachment, although it said it couldn't obtain the original email used to launch the attack."One of the more notable aspects of the campaign is how the threat actors leverage MSC (Microsoft Common Console Document) files to deploy a dual-purpose loader and dropper to deliver further malicious payloads," security researchers Den Iuzvyk and Tim Peck said.It's worth noting that the abuse of specially crafted management saved console (MSC) files to execute malicious code has been codenamed GrimResource by Elastic Security Labs.The starting point is a file with double extensions (.pdf.msc) that masquerades as a PDF file (if the setting to display file extensions is disabled) and is designed to execute an embedded JavaScript code when launched using the Microsoft Management Console (MMC).This code, in turn, is responsible for retrieving and displaying a decoy file, while also covertly loading a DLL file ("DismCore.dll") in the background. One such document used in the campaign is named "Tax Reductions, Rebates and Credits 2024," which is a legitimate document associated with Pakistan's Federal Board of Revenue (FBR)."In addition to delivering the payload from an embedded and obfuscated string, the .MSC file is able to execute additional code by reaching out to a remote HTML file which also accomplishes the same goal," the researchers said, adding that persistence is established using scheduled tasks.The main payload is a backdoor capable of setting up contact with a remote server and executing commands sent by it to exfiltrate data from compromised systems. Securonix said the attack was disrupted 24 hours after initial infection.It's currently not clear who is behind the malware campaign, although the threat actor known as Patchwork has been previously observed using a similar tax-related document from FBR in early December 2023."From the highly obfuscated JavaScript used in the initial stages to the deeply concealed malware code within the DLL, the entire attack chain exemplifies the complexities of detecting and analyzing contemporary malicious code," the researchers said."Another notable aspect of this campaign is the exploitation of MSC files as a potential evolution of the classic LNK file which has been popular with threat actors over the past few years. Like LNK files, they also allow for the execution of malicious code while blending into legitimate Windows administrative workflows."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Even the best companies with the most advanced tools can still get hacked. It's a frustrating reality: you've invested in the right solutions, trained your team, and strengthened your defenses. But breaches still happen.So, what's going wrong? The truth is, that attackers are constantly finding new ways to slip through cracks that often go unnoticedeven in well-prepared organizations. The good news? These cracks can be found and fixedif you know where to look.Join John Paul Cunningham, CISO at Silverfort, for a must-attend webinar that uncovers why breaches still happen and how to close the gaps in your security. John Paul will break down complex ideas into clear, actionable steps to help you protect your company.This webinar isn't about more toolsit's about seeing the risks you've missed and learning practical ways to address them before attackers take advantage.What You'll Learn:In this webinar, you'll discover:Why breaches still happen: How attackers bypass even strong security measures.What you might be missing: Hidden vulnerabilities that often go unnoticed.How to fix blind spots: Simple ways to find and address overlooked risks.Aligning security with business goals: How to get leadership buy-in and make security a priority.Why You Should AttendIf you're a cybersecurity professional, a leader, or anyone concerned about protecting your organization, this session will help you:Understand where modern attacks are coming from.Spot common gaps in your defenses and address them.Get clear, actionable steps to improve security right away.Don't wait until a breach exposes what you missed. Join us for this free, insightful session to strengthen your defenses.Register Now It's Free!Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.

The Irish Data Protection Commission (DPC) says the Facebook parent failed to report and document a 2018 breach that impacted 29 million users, including 3 million in the European Union.

During a keynote at last weeks Forrester Security & Risk Summit in Baltimore, the research firm presented energy management and industrial automation company Schneider Electric with the Security & Risk Enterprise Leadership Award. Stephanie Balaouras, vice president and group director at Forrester, led a discussion with Mansur Abilkasimov, Schneider Electrics deputy CISO & chief product security officer, and bestowed this years honor.Balaouras noted that the judges, a group of Forrester analysts, voted unanimously to choose Schneider Electric. Barclays was the first recipient of the award in 2023. Schneider Electrics ability to integrate security, privacy, and risk management across the enterprise stood out as a factor in being chosen, according to Balaouras.We wanted to recognize organizations that have figured out how to take these functions, embed them across the enterprise, and actually use them as a driver of business, use them to drive business success and drive results, and improve the organization's reputation for trust with customers, employees, and partners, Balaouras told the audience.A Holistic Approach to Security and TrustSchneider Electric is a company that develops everything from DC chargers to safety instrumented systems. It maintains a holistic approach to energy and management in which security, privacy, and risk do not exist in silos.Related:Carrying out an integrated strategy is a challenge for a company like Schneider Electric given its wide footprint in infrastructure, distribution centers, and factories filled with industrial machines. Abilkasimov told the audience that nobody can achieve 100% visibility, but gaining this visibility as part of risk management is a key challenge for the organization.In his keynote, Abilkasimov stressed that product security is not an afterthought and is integrated in the holistic vision of a products life cycle. In a security by design or security by operations strategy, the manufacturing teams are responsible for security by design as well as security by operation, he said.The company received the award because of its implementation of a Trust Charter that incorporates ethics, safety, cybersecurity, and governance as well as a Trust Center, which addresses the requests of customers and stakeholders in security and data protection.Trust Charter is a document that embodies all our principles and tenants for code of conduct, from AI to cybersecurity, from ethics and compliance to price, from safety to quality, Abilkasimov explained in the keynote.Related:Abilkasimov and his team also organize a Trust Month in which they lead discussions around cybersecurity with employees and partners around trust.Cyber is one of the pillars of this trust, he said.Trust is important for both cybersecurity and talent retention. Forrester recognized Schneider Electric for its ability to find talent for cybersecurity roles in operational technology (OT). according to Balaouras.Companies that are trusted, they earn and retain customers, Balaouras told the audience. They earn and retain the best talent. And what weve also found is customers are actually more willing to share sensitive data with trusted companies and even embrace emerging tech, where in other situations, they would have skepticism or fear of engaging with that emerging tech.Schneider Electric Tackles Third-Party RiskIn his keynote remarks, Abilkasimov described Schneider Electrics approach to managing risk from the companys 52,000 suppliers, which includes suppliers for Internet of Things components and regular IT as well as service providers. He explained that companies must prioritize which suppliers to work with on a security assessment.Its impossible to cover all of the suppliers with a cybersecurity or third-party security program, so sometimes you need to choose your battle, Abilkasimov told InformationWeek after the session.Related:Schneider Electric has added 5,000 suppliers to its third-party cybersecurity program. It started with the 300 most critical IT suppliers, and the company will grow the program further, according to Abilkasimov.We work with those companies on cyber, crisis simulations, partnerships, C-level connections, and continuous monitoring through threat intelligence or cybersecurity scoring platforms, Abilkasimov said in our interview. He added, Be it an IoT supplier or simple product security component supplier, they all go through this process.In Forresters Security Survey 2024, 28% of breaches stemmed from a software supply chain attack. Also, in another Forrester report, What 2023s Most Notable Breaches Mean for Tech Execs, third-party vulnerabilities were the top cause of breaches in 2023 and comprised 23% of all breaches.How Forrester Chooses Its Security Leadership Award WinnersForrester had opened nominations for the award on May 1. Balaouras said the evaluation process is similar to a security maturity assessment. Companies must show metrics or KPIs that prove ROI, and they should exhibit how they approach security by design and privacy by design.We talk about their overall approach to embedding security, privacy and risk management across the enterprise not as discrete functions, but how they embed it across the enterprise, Balaouras told InformationWeek after the session.Balaouras stressed that Forrester doesnt handpick the winners. We put out the award and put out the criteria, and we invite companies and organizations from the public sector to look at them and nominate themselves, she said. Barclays received the award in 2023 for maintaining trust and transparency in its universal banking operations and for its human risk behavior metrics that revamped the companys security culture. A key factor in Schneider Electrics success in managing security and risk is making trust concrete, according to Balaouras.When I compare Barclays to Schneider Electric, I think one thing they had in common was executive-level commitment to security, privacy, and risk management as critical features of building trust, Balaouras said. Both organizations from top to bottom really had buy-in.She continued, When I look at Schneider, they put trust front and center, and they had operationalized it. What was truly unique at Barclays last year was they had really extensive security awareness and training for a large financial institution. They had really mapped out all the complex matrices, all the different stakeholders who work together.Balaouras also noted Schneider Electrics Cyber Risk Register and how the company integrates it in the organization to make people accountable. The cybersecurity team manages the register to track potential threats, such as those that may come from third parties.When it comes to the cybersecurity side, it always comes back to the risk register, Abilkasimov said.

The end of the year usually means its time to celebrate all the good things this past year has given us. Awards season and the Oscar race are already ramping up, which means those of us who havent managed to see absolutely everything of quality have a lot of catching up to do before 2024 officially closes. But it also means, for all the haters out there, that its also time to celebrate the best of the worst, and theres no streaming service more fun to do that with than Netflix, of course.Because Netflix releases so much content every year, theres bound to be some bad mixed in with the good. And there are plenty of good Netflix features from 2024, dont get us wrong, but sometimes all we want to do is remember the dumb stuff. And theres been some truly dumb stuff.The year kicked off with a supremely boring effort from Kevin Hart to maximize on the current secret agent/heist movie craze, and didnt get any better from there. From a forgettable high fantasy action movie starring Millie Bobby Brown and a CGI dragon to a passionless relationship drama that wanted to feel much more salacious than it was to a hilariously bad horror movie based on a true story of demonic possession to a movie that posited that Jennifer Lopez could befriend an artificially intelligent robot, Netflix truly had something for everyone this year, though it wasnt always something everyoneor anyonewould like.Come with us down this blessedly short memory lane while we describe to you everything terrible we watched in 2024, so you dont have to.The Worst Netflix Movies of 2024Netflix released a lot of movies this year. Some were great! These were not. Gallery Credit: Emma StefanskyREAD MORE: TheWorst Blockbusters of 2024Get our free mobile appThe Worst Blockbusters of 2024Bigger is not always better at the movies, as these bad 2024 blockbusters prove.

Blueyis moving from streaming TV to movie theaters.The wildly popular kids animated series from Australia will get its first big-screen release, according to a press release from Disney and BBC Studios.Per the press release the Blueyfilm willcontinue the adventures of Bluey, a lovable, inexhaustible, blue heeler dog, who lives with her Mum, Dad and her little sister, Bingo.The creator of theBlueyTV series, Joe Brumm, is writing and directing the film. The voices from theBlueyshow, including David McCormack as Blueys dad Bandit and Melanie Zanetti as Blueys mom Chilli, will reprise their roles in the film.DisneyDisneyloading...READ MORE: The Best 25 Childrens TV Shows EverIn the statement, Brumm had this to say about the news:Ive always thought Bluey deserved a theatrical movie. I want this to be an experiential event for the whole family to enjoy together.Blueydebuted on Australian TV in the fall of 2018. Disney acquired the rights to distribute the show in American in the summer of 2019, and before long it was one of their most popular kids shows on Disney Junior as well on their Disney+ streaming service.The show has become popular not only with smaller children but also with their parents, thanks to its colorful animation, warm sense of humor, and realistic portrayals of childhood imagination and the struggles of everyday parenthood. How the relatively mundane drama and stories of the show wherestoriestypically only last seven minutes will translate to the scale of a feature film is a goodquestion.TheBlueymovie is expected to premiere in 2027. If your kids are fans of the show now, by the time it hits theaters, they might have aged out of it by then. Heck, by that point aBluey movie might be a nostalgic treat for them.Sign up for Disney+ here.Get our free mobile appThe Best Movies to Show to Kids to Get Them Hooked on MoviesWant to your children to love film as much as you do? Start them here.Filed Under: Bluey, Disney, Disney PlusCategories: TV News

About softstoryAt softstory, we're revolutionizing influencer marketing through authentic storytelling. We partner with leading global brands and content creators to craft engaging narratives that transcend traditional advertising. Our innovative approach delivers measurable impact while creating genuine connections between brands and audiences.We punch above our weight, operating our team seamlessly across eight countries. We're growing fast and actively expanding our talented team of marketing, creative, and tech professionals who share our passion for authentic storytelling.Position: Team Lead, Campaign ManagementLocation: Remote (Global, Full-time)Department: Campaign ManagementThe OpportunityWe're seeking a dynamic Team Lead to drive our campaign management operations and shape the future of influencer marketing. In this role, you'll lead a talented team of campaign specialists, overseeing our content creator partnerships, while working closely with our brand managers to deliver exceptional results for our world-class brand partners.Key ResponsibilitiesTeam Leadership & DevelopmentBuild and mentor a high-performing team of campaign managers through regular coaching and performance feedbackConduct strategic daily team meetings and weekly one-on-one sessionsSet and track individual and team KPIsImplement and optimize workflow processes to maximize team efficiencyCampaign Strategy & ExecutionPartner with brand managers to develop and execute comprehensive campaign strategiesOversee budget allocation and management across multiple campaignsDrive campaign optimization to exceed client KPIsManage outreach communications and maintain quality control of client interactionsExecutive Partnership & ReportingProvide regular performance updates to C-level managementAnalyze and report on key metrics including campaign success rates, ROI, and profit marginsIdentify trends and opportunities for business growthContribute to strategic planning and revenue optimizationRequired QualificationsProven track record of managing successful marketing campaignsStrong analytical mindset with data-driven decision-making abilitiesExcellent interpersonal and communication skillsPreferred QualificationsExperience in team management and salesExperience in influencer marketing or content creator partnershipsHistory of exceeding sales and performance targetsBachelor's degree in Marketing, Business, Communications, or related fieldWhy softstory?Opportunity to shape the future of influencer marketingRemote-first culture with flexible work arrangements and generous, fixed PTOProfessional development and growth opportunitiesCollaborative, creative work environment Related Jobs See more Sales and Marketing jobs

Hey there!Codeless is a content production company that combines strategy, SEO, writing, design, and video. We produce hundreds of long-form articles and product tutorial videos each month for some of the biggest SaaS, service, and affiliate brands and we're looking to add depth to our writer bench.We're looking for committed freelance writers with a wide range of technical knowledge and experience in areas including:APIs and SDKs: for building chat and activity feed applications.User Experience (UX) design principlesMobile app developmentBackend Development: server-side programming, database management, and cloud services.SAP and IT ManagementProgramming Languages: like JavaScript, Python, Kotlin, and SwiftFrameworks and Libraries: such as React, React Native, and Node.js and how to integrate these with APIsReal-Time Technologies: including WebSocketsAI and Machine Learning: integrating large language models (LLMs) into applications using APIs from providers like OpenAI.Data Models for Marketing, performance marketing, and marketing data dashboardsNode.js and serverless architecturesAbility to write clear, concise technical content for tutorials, implementation guides, and case studies.Things to note:If you're hired, we'll provide you with a clear writing process, support documentation for every client, and an awesome editorial team.Were a virtual, remote company. There are no official work hours or vacation days. As long as you hit deadlines, you can work wherever/whenever you want.We're pretty flexible and casual, but we only accept high quality work. We dont micromanage, so you need to be a responsible self-starter and fast learner with a high level of attention to detail. Related Jobs See more All Other Remote jobs

Towana Looney, a 53-year-old woman from Alabama, has become the third living person to receive a kidney transplant from a gene-edited pig. Looney, who donated one of her kidneys to her mother back in 1999, developed kidney failure several years later following a pregnancy complication that caused high blood pressure. She started dialysis treatment in December of 2016 and was put on a waiting list for a kidney transplant soon after, in early 2017. But it was difficult to find a match. So Looneys doctors recommended the experimental pig organ as an alternative. After eight years on the waiting list, Looney was authorized to receive the kidney under the US Food and Drug Administrations expanded access program, which allows people with serious or life-threatening conditions to try experimental treatments. The pig in question was developed by Revivicor, a United Therapeutics company. The companys technique involves making 10 gene edits to a pig cell. The edits are made to prevent too much organ growth, curb inflammation, and, importantly, stop the recipients immune system from rejecting the organ. The edited pig cell is then placed into a pig egg cell that has had its nucleus removed, and the egg is transferred to the uterus of a sow, which eventually gives birth to a gene-edited piglet. JOE CARROTTA FOR NYU LANGONE HEALTH In theory, once the piglet has grown, its organs can be used for human transplantation. Pig organs are similar in size to human ones, after all. A few years ago, David Bennett Sr. became the first person to receive a heart transplant from such a pig. He died two months after the operation, and the heart was later found to have been infected with a pig virus. Richard Slayman was the first person to get a gene-edited pig kidney, which he received in early 2024. He died two months after his surgery, although the hospital treating him said in a statement that it had no indication that it was the result of his recent transplant. In April, Lisa Pisano was reported to be the second person to receive such an organ. Pisano also received a heart pump alongside her kidney transplant. Her kidney failed because of an inadequate blood supply and was removed the following month. She died in July. Looney received her pig kidney during a seven-hour operation that took place at NYU Langone Health in New York City on November 25. The surgery was led by Jayme Locke of the US Health Resources & Services Administration and Robert Montgomery of the NYU Langone Transplant Institute. Looney was discharged from the hospital 11 days after her surgery, to an apartment in New York City. Shell stay in New York for another three months so she can check in with doctors at the hospital for evaluations. Its a blessing, Looney said in a statement. I feel like Ive been given another chance at life. I cannot wait to be able to travel again and spend more quality time with my family and grandchildren. Looneys doctors are hopeful that her kidney will last longer than those of her predecessors. For a start, Looney was in better health to begin withshe had chronic kidney disease and required dialysis, but unlike previous recipients, she was not close to death, Montgomery said in a briefing. He and his colleagues plan to start clinical trials within the next year. There is a huge unmet need for organs. In the US alone, there more than 100,000 people are waiting for one, and 17 people on the waiting list die every day. Researchers hope that gene-edited animals might provide a new source of organs for such individuals. Revivicor isnt the only company working on this. Rival company eGenesis, which has a different approach to gene editing, has used CRISPR to create pigs with around 70 gene edits. Transplant is one of the few therapies that can cure a complex disease overnight, yet there are too few organs to provide a cure for all in need, Locke said in a statement. The thought that we may now have a solution to the organ shortage crisis for others who have languished on our waiting lists invokes the most welcome of feelings: pure joy! Today, Looney is the only person living with a pig organ. I am full of energy. I got an appetite Ive never had in eight years, she said at a briefing. I can put my hand on this kidney and feel it buzzing. This story has been updated with additional information after a press briefing.