Ever since Microsoft first introduced its Arm-based Copilot Plus laptops in June, I’ve been wondering when we might see Copilot Plus features appear on desktop PCs. Six months on, it’s clear we’re about to see mini PCs that deliver the AI performance required for features like Recall, Click To Do, and AI-powered image generation and editing in Windows 11. These mini PCs might even help Microsoft compete with Apple’s latest Mac Mini.
Technology
Massive data breach exposes 800,000 insurance customers' personal information
Over the past few months, we’ve seen a wave of data breaches affecting millions of people, from health care giants to government contractors and more. This latest incident is yet another in a long line of alarming breaches. Now, the insurance administrative services company Landmark Admin has warned that a data breach from a May cyberattack impacted over 800,000 individuals.
Landmark Admin has partnered with some of the largest insurance carriers in the U.S., including American Monumental Life Insurance Company, Pellerin Life Insurance Company and American Benefit Life Insurance Company.
Through these partnerships, millions of policyholders and their sensitive information, such as names, Social Security numbers, driver’s license numbers and passport numbers, could be at risk of exposure, further amplifying the potential impact of this breach.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
A woman working on her laptop (Kurt “CyberGuy” Knutsson)
What you need to know
In a report to the Maine attorney general’s office, Landmark revealed it spotted unusual activity in its systems May 13, 2024, prompting it to disconnect affected systems and block remote access to its network (via Bleeping Computer).
Landmark brought in a specialized third-party cybersecurity team to help secure its systems and run a thorough investigation to understand the extent of the breach. But while they were looking into it, the hackers managed to break back into Landmark’s system June 17, 2024.
The cybersecurity team’s findings showed data was both encrypted and stolen from Landmark’s systems. According to the investigation, hackers may have gained unauthorized access to the personal details of impacted individuals, which could include full name, address, Social Security number, tax ID, driver’s license or state-issued ID number, passport number, bank details, medical info, health insurance policy number, date of birth and details about life and annuity policies.
Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)
MASSIVE DATA BREACH EXPOSES 3 MILLION AMERICANS’ PERSONAL INFORMATION TO CYBERCRIMINALS
What is Landmark doing after data breach?
Landmark is offering free identity theft protection services for those affected by the data breach. It’s also notifying everyone whose personal information may have been in its systems during the breach. Individual notices will be sent by U.S. first-class mail, going out in batches as they identify potentially affected individuals. The first wave of letters was sent Oct. 23, 2024.
CLICK HERE FOR MORE U.S. NEWS
Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)
WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM
9 ways to protect yourself from data breaches
1. Enable two-factor authentication: Activate two-factor authentication (2FA) for an extra layer of security on all your important accounts, including email, banking and social media. Two-factor authentication requires you to provide a second piece of information, such as a code sent to your phone, in addition to your password when logging in. This makes it significantly harder for hackers to access your accounts, even if they have your password. Enabling 2FA can greatly reduce the risk of unauthorized access and protect your sensitive data.
2. Monitor your accounts and transactions: You should check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, immediately report it to the service provider or authorities. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.
3. Contact your bank and credit card companies: Landmark hackers obtained your bank and credit card information, which they could use to make purchases or withdrawals without your consent. You should inform your bank and credit card companies of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges and issue new cards for you.
You should also contact one of the three major credit reporting agencies (Equifax, Experian or TransUnion) and request a fraud alert to be placed on your credit file. This will make it more difficult for identity thieves to open new accounts in your name without verification. You can even freeze your credit if need be.
4. Use personal data removal services: In light of these ongoing data breaches, protecting personal data has become essential. One proactive step is to consider personal data removal services, which specialize in continuously monitoring and removing your information from various online databases and websites. These services employ advanced tools and techniques to identify and eliminate your data from people search sites, data brokers and other platforms where your information might be exposed. By using a data removal service, you can minimize the risk of identity theft and fraud, especially after a data breach. Additionally, these services often provide ongoing monitoring and alerts, keeping you informed of any new instances of your data appearing online and taking immediate action to remove it. Check out my top picks for data removal services here.
5. Have strong antivirus software: As cyberthreats grow in frequency and sophistication, strong antivirus software is also crucial to fend off malware and phishing scams, both of which could expose your sensitive information if left unguarded.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.
6. Use strong, unique passwords: Secure access to your accounts is paramount. Using strong, unique passwords for each account is an effective barrier against unauthorized access, especially when data breaches place your information at heightened risk. Avoid reusing passwords across multiple accounts. A strong password typically has a mix of uppercase, lowercase, numbers and special characters and is at least 12 characters long. Consider using a password manager to help generate and store complex passwords securely.
7. Keep your software updated: Outdated software can have vulnerabilities that hackers exploit. Ensure your operating systems, apps and browsers are updated to the latest versions to close any security gaps.
8. Limit sharing of personal information online: Be mindful about sharing personal information on social media or other platforms, as hackers can use this data in phishing schemes. Make sure to adjust privacy settings on your social media accounts so only trusted friends can view your profile information.
9. Avoid public Wi-Fi for sensitive transactions: Public Wi-Fi networks are often less secure and can be vulnerable to hackers. When accessing sensitive accounts, use a VPN or wait until you’re on a trusted, secure network. For best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices
WINDOWS FLAW LETS HACKERS SNEAK INTO YOUR PC OVER WI-FI
Kurt’s key takeaway
The Landmark data breach is just one of several data breaches I’ve covered this year. While it’s still unclear what type of cyberattack hackers used to break into the insurance company’s systems, one thing is certain – they accessed sensitive data. Even more concerning is that hackers got into Landmark’s system not once but twice, hinting at some major cybersecurity gaps. If you think you may have been affected, stay vigilant and follow good cybersecurity practices.
Do you think companies are investing enough in their cybersecurity infrastructure? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover
Follow Kurt on his social channels
Answers to the most asked CyberGuy questions:
New from Kurt:
Try CyberGuy’s new games (crosswords, word searches, trivia and more!)
Copyright 2024 CyberGuy.com. All rights reserved.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25603516/asusnucaipc.jpg "Microsoft’s mini AI PCs are on the way")
Asus became the first PC manufacturer to announce a mini PC that’s Copilot Plus capable in September. It then revealed the full specs of its upcoming NUC 14 Pro AI last month, ahead of the Consumer Electronics Show (CES) that kicks off next week. Asus’ mini PC even has a Copilot button on the front and is almost identical to the size of Apple’s latest Mac Mini.
The timing of Asus’ spec drop came on the same day that Taiwanese company Geekom revealed three new mini PCs that it will showcase at CES. Geekom is releasing a mini PC with AMD’s Strix Point CPUs inside and one with Qualcomm’s Snapdragon X Elite processor, meaning both will be Copilot Plus compatible. The third model is powered by Intel’s unannounced Arrow Lake-H laptop processors, which are unlikely to have an NPU sufficient enough to be Copilot Plus compatible.
I’m going to be paying close attention to CES next week to see if there are any other Windows OEMs that are ready to launch Copilot Plus mini PCs. CES is usually a launch point for Microsoft’s latest laptop or tablet initiatives, and last year the company convinced OEMs to put a Copilot key on their laptop keyboards. Asus wouldn’t be adding a Copilot button on the front of its own mini PC without Microsoft’s involvement, so I wonder how many other PC makers Microsoft has been working with to add dedicated Copilot buttons.
Geekom’s mention of Qualcomm chips inside its mini PC means we’ll start to see Qualcomm’s latest chips venture beyond laptops for the first time. Qualcomm was supposed to ship its mini PC Snapdragon Dev Kit in June alongside Copilot Plus laptops, but it ended up canceling it months later after issues with manufacturing the device. Qualcomm has also teased that its Snapdragon X Elite chips could appear in mini PCs or even all-in-one PCs, so perhaps we’ll see some Copilot Plus all-in-one PCs next week, too.
I’m still waiting to see when we might get Copilot Plus features on traditional powerful desktop PCs. Intel’s latest Core Ultra desktop CPU arrived in October with an NPU inside, but it wasn’t capable enough to hit the 40 TOPS requirement that Microsoft mandates for Copilot Plus features. We’re going to have to wait until next-gen desktop CPUs from Intel and AMD arrive to see if more capable NPUs are a priority for chipmakers. Until then, mini PCs and all-in-one PCs that use laptop processors are going to be the only way to get Copilot Plus features in a desktop PC form factor.
While Copilot Plus features remain limited to Windows PCs, that doesn’t mean that we won’t see the main Copilot assistant appear on more devices. I’ve heard from multiple sources familiar with Microsoft’s plans that the company is keen to get Copilot on devices beyond just PCs, phones, and tablets.
We might well see Copilot appear on some unexpected hardware at CES next week, just as Microsoft has also been hinting about its ambitions for dedicated AI hardware in recent months. Windows chief Pavan Davuluri admitted in an October Notepad interview that the power of modern AI models “will free up the ability to innovate in hardware and come out with purpose-built hardware.”
Davuluri stopped short of detailing what dedicated AI hardware would look like for Microsoft, but weeks later Yusuf Mehdi, executive vice president and consumer chief marketing officer at Microsoft, dropped some additional hints in an underreported interview with YouTuber Austin Evans.
“These devices that see the world, that you wear on your body, on your person, I think that those combined with AI will be very valuable,” said Mehdi in late October. “It can do image recognition, it can talk to you about what’s going on. I think that’s a fascinating place that we’ll go.”
Later in the interview Mehdi also describes wearable health-related devices as exciting and “a big opportunity” for the future. Microsoft then confirmed last month that Microsoft AI CEO Mustafa Suleyman has hired multiple former colleagues to help run a new AI health unit. It’s hard to imagine Microsoft venturing into fitness wearables again after the Microsoft Band was scrapped in 2016, but I could definitely see the company wanting to partner with device manufacturers and offer up AI-powered health services for these types of devices.
Either way, 2025 won’t see Microsoft slow down with its ambition to get Copilot on all the screens we look at every day.
The pad:
- 2024 was a big year for Windows on Arm. While Microsoft has been pushing the “year of the AI PC” throughout 2024, I think it was a bigger moment for Windows on Arm. Copilot Plus PCs ushered in some really solid improvements in performance, compatibility, and battery life for Windows on Arm this year. I still can’t quite believe I’m using an Arm-powered Windows laptop every day.
- A weird Windows 11 bug won’t let some people install any security updates. Another month and another weird Windows bug. Microsoft is now warning Windows 11 users that if you’ve manually installed the OS recently, there’s an odd bug where you might not get future security updates. It largely impacts USB installers that were created using the October and November release patches, so businesses will be impacted the most. The workaround requires a full rebuild right now, though, and Microsoft says it’s working on a permanent fix.
- Lenovo has a special gaming handheld event next week with Valve and Microsoft. Leaks have suggested Lenovo is about to announce its first SteamOS handheld gaming PC. Now Lenovo has revealed a “future of gaming handhelds” event at CES next week that will include Valve as well as Microsoft’s VP of next generation, Jason Ronald. It looks like Microsoft and Valve might be about to go head to head over the future of handheld gaming — something I wrote about in a previous Notepad issue. Ronald’s attendance is particularly interesting given he was previously the vice president of Xbox gaming devices and ecosystem. I understand Ronald has been involved in Microsoft’s next-gen Xbox plans for quite some time now, but it’s curious that Microsoft picked this particular event to confirm Ronald’s new title. I’m sure I’ll have a lot more to say about this mysterious Lenovo event in next week’s Notepad.
- Microsoft is testing live translation on Intel and AMD Copilot Plus PCs. Microsoft has started previewing its live translation feature for Windows Insiders in the Dev Channel. Live translation was initially limited to Qualcomm-powered Copilot Plus PCs, but Microsoft is starting to bring more of these Windows AI features to AMD- and Intel-powered Copilot Plus PCs.
- Microsoft and OpenAI’s partnership hinges on the AGI question. A new report from The Information claims that Microsoft and OpenAI’s wrangling over the terms of their partnership could involve the definition of artificial general intelligence (AGI) as a moment when $100 billion is returned in profits. AGI has always been the point at which Microsoft’s deal with OpenAI would end, so a high-profit milestone will certainly complicate OpenAI’s efforts to declare AGI and end its contract with Microsoft given it’s still struggling with profits. Separately, Microsoft thinks core pieces are still missing from AGI, so the debate over when it’s likely to be declared will continue for quite some time.
- Microsoft kills off Skype credits and phone numbers in favor of subscriptions. Skype has been struggling to keep up with the popularity of WhatsApp, Messenger, Zoom, and many other VoIP services in recent years. Now, Microsoft has quietly ended the sale of new Skype credits and the phone number features for Skype in favor of subscriptions instead. Skype Credit was a way to use a pay-as-you-go plan for making calls with Skype, but you’ll now need a subscription to use this functionality.
- Microsoft warns Phone Link won’t show “sensitive” Android 15 notifications. A new Android 15 privacy feature that categorizes notifications like 2FA codes as sensitive is causing some issues for Microsoft’s Phone Link feature in Windows. You can turn off the enhanced notifications in Android 15 to work around the issue, but Windows should still show sensitive notifications on Android devices where Phone Link was preinstalled on the device.
- The Xbox Sebile controller is still on the way. During the FTC v. Microsoft case in 2023 a huge amount of unannounced Xbox hardware was leaked, including a new Xbox controller codenamed Sebile. While the controller was supposed to originally debut in 2024, Microsoft appears to now be holding it back for its next-gen console instead. Windows Central reports that a new patent details Sebile’s new haptic motors that are spread throughout the controller. Sebile will also support direct Wi-Fi connectivity to Xbox Cloud Gaming, much like Google’s Stadia controller.
- GitHub now has a free tier for Copilot in VS Code. Microsoft-owned GitHub was the first to start using the Copilot branding for a paid AI coding assistant in 2021. GitHub is now offering a free version of GitHub Copilot in VS Code. It includes 2,000 code completions and 50 chat messages per month, and is available for the 150 million developers using GitHub. It also includes the choice between using Anthropic’s Claude 3.5 Sonnet or OpenAI’s GPT-4o model to ask coding questions, explain code, or let the AI models find bugs in your code.
- Microsoft is working on adding non-OpenAI models to its Microsoft 365 Copilot. Microsoft is reportedly working on adding third-party AI models to its Microsoft 365 Copilot soon. Reuters reports that Microsoft is looking at other models to reduce costs of the AI assistant in Office apps and lessen its dependence on OpenAI. I wouldn’t be surprised if this involved Microsoft’s own AI models, but the company could also follow GitHub’s move to support models from Anthropic and Google.
Thanks for subscribing and reading to the very end. I’ll be reflecting on Microsoft’s 50-year history in Notepad later this year, so if there’s a particular period of time you’re interested in hearing more about,please get in touch: notepad@theverge.com.
If you’ve heard about any of Microsoft’s other secret projects, you can also reach me via email at notepad@theverge.com or speak to me confidentially on the Signal messaging app, where I’m tomwarren.01. I’m also tomwarren on Telegram, if you’d prefer to chat there.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25334823/STK466_ELECTION_2024_CVirginia_D.jpg "US sanctions Russian group over AI-generated election disinformation")
The US has issued sanctions on organizations in Russia and Iran for attempting to interfere with the 2024 presidential election. The Treasury Department said on Tuesday that the groups tried to “stoke socio-political tensions” and influence voters.
One group, the Moscow-based Center for Geopolitical Expertise, has ties to Russia’s Main Intelligence Directorate (GRU), and built a server to host its own AI tools “to avoid foreign web-hosting services that would block their activity.” The organization then used these tools to “quickly create disinformation” that it spread across dozens of fake online news outlets, while also providing US-based companies with money to maintain its AI server and operate a network of “at least 100 websites” used in its campaign.
Additionally, the Russian organization manipulated a video to “produce baseless accusations concerning a 2024 vice presidential candidate”. In October, the US accused Russia of creating a video that attempted to smear Vice President Kamala Harris’s running mate, Tim Walz.
The Treasury Department also sanctioned the Cognitive Design Production Center, a subsidiary of Iran’s Islamic Revolutionary Guard Corps (IRGC), for planning to interfere with the election “since at least 2023.” In the weeks leading up to the election, the US Department of Justice indicted Iranian nationals accused of waging a cyberattack against President-elect Donald Trump’s campaign, while OpenAI reported banning ChatGPT accounts linked to an Iranian influence operation.
“The Governments of Iran and Russia have targeted our election processes and institutions and sought to divide the American people through targeted disinformation campaigns,” Bradley Smith, the Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, said in the press release.
/cdn.vox-cdn.com/uploads/chorus_asset/file/23262657/VRG_Illo_STK001_B_Sala_Hacker.jpg "US soldier arrested after allegedly posting hacked Trump and Harris call logs")
The United States has arrested a US Army soldier and charged him with being part of a hacking scheme to sell and distribute stolen phone records. An indictment alleges that 20-year-old Cameron John Wagenius knowingly sold “confidential phone records” over online forums and other communications platforms last November.
The indictment doesn’t detail the hacked material, but KrebsOnSecurity reports that Wagenius appears to be connected to a series of high-profile data breaches linked to the online alias “Kiberphant0m.” Kiberphant0m claimed to have hacked 15 telecom firms and was working with the person allegedly behind the Snowflake data breaches to sell the stolen information.
In November, Kiberphant0m posted what they claimed were AT&T call logs for President-elect Donald Trump and Vice President Kamala Harris. It’s not clear if the data was genuine, but AT&T did suffer a major theft of customer data as part of the Snowflake account breaches last year. In 2023, the hacker is also alleged to have sold “remote access credentials for a major U.S. defense contractor,” according to Krebs.
Krebs reports that Wagenius worked on communications at an Army base in South Korea. After the alleged leak of Trump and Harris data, Krebs did a deep dive into Kiberphant0m’s online communications and identified that they were likely a US soldier. In this latest report, Krebs spoke with Wagenius’ mother, who confirmed his connection to the alleged Snowflake hacker.
Cybersecurity experts reportedly received harassment for trying to track down Kiberphant0m’s identity, leading to this incredible quote from Allison Nixon, the lead researcher at cybersecurity firm Unit 221B, who was part of the work. “Anonymously extorting the President and VP as a member of the military is a bad idea,” Nixon told Krebs, “but it’s an even worse idea to harass people who specialize in de-anonymizing cybercriminals.”
New Hampshire3 minutes ago
Pet squirrels and racoons? N.H. lawmakers say some may be OK – The Boston Globe
New Jersey7 minutes ago
Woman that drove her car into N.J. emergency room called police for help earlier the same day
New Mexico8 minutes ago
Enchanted Winter Holidays In Northern New Mexico
North Carolina11 minutes ago
Ranked Choice Voting would be good for North Carolina • NC Newsline
North Dakota18 minutes ago
Ranked: Top 5 Largest High Schools In North Dakota
Colorado2 years ago
Colorado Rockies game no. 116 thread: Zac Gallen vs José Ureña
Videos1 year ago
Why Marjorie Taylor Greene was ‘kicked out’ of the Freedom Caucus according to Rep. Buck
Midwest3 years ago
See it: Tesla crashes into Columbus convention center at 70 mph
South2 years ago
Fox News Politics: Georgia the whole day through
South3 years ago
Death of missing Oregon girl found in stream ruled homicide
News2 hours ago
Video: Several Injured in Shooting Outside Queens Event Space
Politics3 hours ago
Mike Johnson gets public GOP Senate support ahead of tight House speaker vote
World3 hours ago
Musk calls for jailed UK far-right activist to be released
News3 hours ago
Trump falsely links New Orleans terror attack to migrants after erroneous Fox News report | CNN Business
News10 hours ago
New Orleans Attacker Evaded a Security System Under Repair
-
/cdn.vox-cdn.com/uploads/chorus_asset/file/25672934/Metaphor_Key_Art_Horizontal.png "There’s a reason Metaphor: ReFantanzio’s battle music sounds as cool as it does")
Technology1 week agoThere’s a reason Metaphor: ReFantanzio’s battle music sounds as cool as it does
-
News1 week agoFrance’s new premier selects Eric Lombard as finance minister
-
Business1 week agoOn a quest for global domination, Chinese EV makers are upending Thailand's auto industry
-
Health5 days agoNew Year life lessons from country star: 'Never forget where you came from'
-
/cdn.vox-cdn.com/uploads/chorus_asset/file/24982514/Quest_3_dock.jpg "Meta’s ‘software update issue’ has been breaking Quest headsets for weeks")
Technology5 days agoMeta’s ‘software update issue’ has been breaking Quest headsets for weeks
-
World1 week agoPassenger plane crashes in Kazakhstan: Emergencies ministry
-
Politics1 week agoIt's official: Biden signs new law, designates bald eagle as 'national bird'
-
Politics7 days ago'Politics is bad for business.' Why Disney's Bob Iger is trying to avoid hot buttons