In today’s episode of the 2-Minute Drill, Drex covers critical cybersecurity updates. Discover the latest on the FBI’s release of over 7,000 decryption keys for victims of the LockBit ransomware. Learn about Microsoft’s controversial Windows Recall feature, now set to off by default due to security risks. Finally, delve into groundbreaking research from Cornell University, where a team of GPT-4 bots autonomously hacked websites and networks, showcasing unprecedented efficiency in exploiting zero-day vulnerabilities. Stay informed and stay secure with these essential updates.
Remember, Stay a little paranoid.
Subscribe: https://www.thisweekhealth.com/subscribe/
Linkedin: https://www.linkedin.com/company/ThisWeekHealth
Twitter: https://twitter.com/thisweekhealth
Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer - https://www.alexslemonade.org/mypage/3173454
Hey everyone, I'm Drex, and this is The Two Minute Drill, where we do at least three stories, at least two times a week, all part of one great community, the 229 Cyber Risk community, here at This Week Health. Of course, you know ORDR is the exclusive sponsor of The Two Minute Drill. ORDR's cyber asset attack surface management product, called Chasm, is available now in the AWS Marketplace.
It's a great way to find and eliminate blind spots, and Find out more at thisweekhealth. com slash order. That's O R D R thisweekhealth. com slash order. Thanks for joining me today. Here's some stuff you might want to know about. If your organization has been hit by LockBit ransomware and you're still trying to unscrew some of those encrypted files, you're in luck.
The FBI and international partners who dismantled the LockBit operation back in February continue to comb through the data they've seized and now have over 7, 000 decryption keys available to anyone who needs them. They've reached out to the LockBit victims they know of, but if you want to try the keys on encrypted files you may still be trying to recover, reach out to the FBI Internet Crime Complaint Center for more information.
Just because the FBI dealt LockBit a blow, just know that they're not out of the cyber thug business yet. As recently as last month, the gang claimed responsibility for an attack on a Canadian pharmacy chain. A Microsoft CoPilot feature that's coming with CoPilot Plus PCs, a new family of laptops, has something called Windows Recall included.
The product, Windows Recall, has been widely panned as a major security risk and now has been set to off by default. A major change from a more convoluted opt out option originally offered. Recall is an AI feature that allows Windows users to search across time for anything they've done in the past.
Photos or links or messages. If you've looked at it, the item can be recalled. It works by taking snapshots of your screen every five seconds and then storing and analyzing them on your local machine. And when you have a question about something you've looked up, you can't remember? Recall is there to help.
Unfortunately, recall was shown to have some pretty major security issues. There's details in the story at ThisWeekHealth. com, but in the end, Microsoft has made the feature off by default. All of this is happening on the heels of direction from Microsoft's CEO to the entire company to prioritize security in all of its products.
And finally, researchers at Cornell University were able to build a project team of GPT 4 bots to autonomously hack websites and networks. They optimized the LLM agents, subdividing their work with one of the agents acting as the project manager, while others did more specialized or complex tasks. When a task became too complicated, the project manager was able to spawn additional agents on its own.
Using real world zero day vulnerabilities as part of the test, the new collection of agents was 4. 5 times more efficient at building an exploit for a zero day than any one GPT working alone. So we got that going for us. Thanks as always to our partner Order, the exclusive sponsor of the two minute drill.
Order can help with security hygiene by identifying assets with vulnerabilities, missing security controls. or out of date software. Check out ThisWeekHealth. com slash order for more information. And that's it for today's two minute drill. Thanks for listening. Stay a little paranoid. I'll see you around campus.