Claude Desktop, Gootloader, Microsoft Windows, Microsoft BitLocker
Risk 1: Medium
Issue: Researchers have discovered that Claude Desktop from Anthropic has significantly minimized security walls from local data, web-based data, and their applications. Using poorly worded prompts, Claude is able to locate data locally on your machine and share it with others online. More so, there is little to no sanitization on prompt presentation, meaning that prompts are not vetting prior to execution. In a nutshell, leveraging Claude Desktop is presenting large concerns over privacy and access to data locally and on the cloud.
Resolution: Users should hold off using Claude Desktop until a more stable, secure version is available.
Risk 2: Medium
Issue: An existing piece of malware known as Gootloader is regaining popularity. We had briefly talked about this one previously a while ago but wanted to highlight it again as its usage has drastically increased. Gootloader conducts what is known as SEO poisoning. SEO stands for Search Engine Optimization and is used to move certain sites to the top of search results or provide improved placement. So what is happening? Malicious websites are being created and then improper SEO is being implemented to guide traffic. This is similar to phishing attacks, but through SEO instead of e-mail or websites. People search, receive incorrect SEO/search results, and then invertedly get directly to a malicious site with malware.
Resolution: This is a really scary one because it requires proactive response from users. To stay protected:
Double-check all search results to determine accuracy
Review search results but go directly to intended website instead of clicking on search result links
Minimize use of QR code scanning or AI tools for searching as they may not be able to detect
Implement website scanner tools that will review links prior to clicking to ensure accuracy
Risk 3: Low
Issue: There is a bug on the recent Microsoft Windows updates that will reboot a Windows machine into BitLocker Recovery Mode. BitLocker is the drive encryption software from Microsoft. The reboot may be randomly triggered during an update.
Resolution: If a user gets hit with a reboot, the recovery screen will appear. The user should enter their recovery passcode to continue and enter into Windows normally. Users should NOT continue moving forward with recovery.
Risk 4: High (Advance Warning)
Issue: Microsoft is going to be sunsetting Microsoft Defender Application Guard (MDAG) within Office beginning in 2026. MDAG is the tool that opens your unknown or unrecognized office files in a protected manner on your computer. Since this is linked to an individual set of applications, Microsoft is going to migrate to Windows Defender Application Control (WDAC) that it will be using moving forward to try and secure these unknown files.
Resolution: Please be aware about this change so when some wording changes or the way your unknown files open changes, you are aware.
Secondly, with this shift, there is an increased potential that files may be stored locally prior to being secured through WDAC. It is also recommended that users ensure that they have a current and valid enterprise-grade security solution.
Financial Guardians is a proud member of InCite, the recently launched online community exclusively for tax professionals, bookkeepers, and accountants. InCite members receive a 30% discount.
Financial Guardians has partnered with the California Society of Tax Consultants to provide a 30% access discount as well as many other offers. More info can be found at www.cstcsociety.org
