Newsletter

open source and cybersecurity news

December 11, 2023

It's 5:05, December 11, 2023. TIme for your cybersecurity and open source headlines

In this Episode:

Marcel Brown: December 11th, 2008. Google releases the first stable, public version of their new web browser, Chrome. By 2013, Chrome had bypassed Microsoft’s Internet Explorer and Mozilla Firefox to become the most popular web browser in the world, and is still considered so today.

Edwin Kwan: Atlassian has issued an email warning customers of four critical vulnerabilities, each rated 9.0 or higher. Confluence, Jira, and Bitbucket servers, as well as companion apps for macOS are affected.

Hillary Coover:  Every piece of content you put online is at risk of being manipulated. Microsoft’s recent cybersecurity research revealed that Russian propagandists employed a deceptive strategy to manipulate at least seven Western celebrities, including Elijah Wood and Priscilla Presley.

Mark Miller: Well, that was a real train wreck, wasn’t it? It looks as if Gemini’s launch video jumped the shark. Let’s take a step back as VP of research Oriol Vinyals responds by getting called out for faking the video.

 

The Stories Behind the Cybersecurity Headlines

 

Edwin Kwan
Critical Vulnerabilities Affect Multiple Atlassian Products

Edwin Kwan, Contributing Journalist, It's 5:05 PodcastAtlassian has issued an email warning customers of four critical vulnerabilities, each rated 9.0 or higher.

This is Edwin Kwan from Sydney, Australia.

Confluence, Jira, and Bitbucket servers, as well as companion apps for macOS are affected. The vulnerabilities, rated at least 9.0 out of 10, include a template injection flaw in Confluence ( CVE-2023-22522), a privileged remote code execution in the Assets Discovery agent, affecting Jira Service Management (CVE-2023-22523), a bypass of blocklist and macOS Gatekeeper on the companion app for Confluence ( CVE-2023-22524), and a remote code execution in the SnakeYAML library, impacting Jira, Bitbucket, and Confluence products ( CVE-2022-1471).

Atlassian advises users to update their products to the recommended fixed versions to address the vulnerabilities. Unfortunately, the email that they sent out contained dead links for some recipients, which led to error pages. Atlassian has apologized for the broken links and advised customers to take immediate action to protect their instances.

Resources
– Bleeping Computer: https://www.bleepingcomputer.com/news/security/atlassian-patches-critical-rce-flaws-across-multiple-products/
– The Register: https://www.theregister.com/2023/12/06/atlassian_four_rce_cves/
– Atlassian: https://confluence.atlassian.com/security/december-2023-security-advisories-overview-1318892103.html

 

Mark Miller
Gemini: A fake it till you make it demo by Google

Mark Miller, Executive Producer, It's 5:05Well, that was a real train wreck, wasn’t it? It looks as if Gemini’s launch video jumped the shark. Did you see it? The one where someone does a bunch of hand gestures and flea circus tricks that the internet just went ape shit over .

Well, let’s take a step back as VP of research Oriol Vinyals responds by getting called out for faking the video. He says, “The video illustrates what the multimodal user experiences built with gemini could look like. We made it to inspire developers.”

Oh, come on Oriol. Come clean. That’s not what it was presented as on rollout. This isn’t anything new in the industry. Vaporware was an expectation when it came to Microsoft rollouts in the beginning. There’s too much at stake to be pulling that rabbit out of the hat at this stage of AI. You have too much visibility and too much clout to pull this kind of marketing stunt.

The AI industry is having a hard enough time with credibility and believability in this early phase. Can you just take a step back and say, “Whoops, we blew it.”, instead of justifying it as a misunderstanding. I’m as excited as anyone about the potential of what’s coming. Let’s make sure that the expectations of what is available now. And what will be available in the future have clear lines of demarcation.

This is Mark Miller, executive producer of It’s 5:05. I’ve got links at the bottom of this segment to the video and other AI resources at 505updates.com.

Resources
– TechCrunch: https://techcrunch-com.cdn.ampproject.org/c/s/techcrunch.com/2023/12/07/googles-best-gemini-demo-was-faked/amp/
– YouTube: Hands-on with Gemini: Interacting with multimodal AI – https://www.youtube.com/watch?v=UIZAiXYceBI

 

Hillary Coover
Russian Deepfake: Celebrities Used in Disinformation Against Ukraine

Hillary Coover, Contributing Journalist, It's 5:05 Podcast

Every piece of content you put online is at risk of being manipulated.

Hi, this is Hillary Coover in Washington, DC.

Microsoft’s recent cybersecurity research revealed that Russian propagandists, associated with Internet trolls aligned with Russia, employed a deceptive strategy to manipulate at least seven Western celebrities, including Elijah Wood and Priscilla Presley.

These celebrities were misled into recording videos supposedly offering support to an individual named Vladimir, who was portrayed as dealing with substance abuse issues. However, the videos were maliciously edited, embellished with emojis, links, and media logos, and then disseminated online. The aim was to create a false narrative suggesting that Ukrainian President Volodymyr Zelensky was grappling with drug and alcohol problems, a narrative previously propagated by Russia.

The deceptive videos recorded through the Cameo app featured celebrities Mike Tyson, Dean Norris, John McKinley, and Kate Flannery. This marks the first known instance of Russian trolls recruiting unwitting American celebrities to produce authentic videos for disinformation purposes. Microsoft emphasizes the adaptability of Russian cyber and influence operators throughout the Ukraine conflict, with this tactic serving as the latest attempt to distort global perceptions of the war. Despite limited online traction, some doctored videos have garnered thousands of views.

The Cameo app, designed for celebrities to generate income by delivering personalized videos to fans, was exploited in this disinformation campaign. Microsoft notes that Russian-linked disinformation actors, identified as Storm1099, initially targeted Western European audiences before shifting focus to the US and Israel, taking advantage of polarization around Gaza conflict and the upcoming 2024 US presidential election. The disinformation efforts include the creation of online news outlets and campaigns to incite on-the-ground demonstrations.

Microsoft concludes that Russia’s influence activities remain robust even after the death of Yevgeny Prigozhin, the head of the Kremlin-backed Internet Research Agency, indicating the country’s continued capacity for prolific and sophisticated malign influence operations.

Resources
– Wall Street Journal: https://www.wsj.com/tech/cybersecurity/actors-recorded-videos-for-vladimir-it-turned-into-russian-propaganda-7ff2ce8e

 

Marcel Brown
This Day, December 11, in Tech History

Marcel Brown, Contributing Journalist, It's 5:05 PodcastThis is Marcel Brown bringing you some technology history for December 10th and 11th.

December 10th, 1993. Video game developer iD Software releases the game DOOM. DOOM is considered one of the most influential titles in video game history, popularizing the first-person shooter genre with its ” deathmatch” multiplayer mode. Its use of graphic violence and quasi-satanic imagery also made the game controversial, which of course, only served to increase DOOM’s popularity.

December 11th, 2008. Google releases the first stable, public version of their new web browser, Chrome. By 2013, Chrome had bypassed Microsoft’s Internet Explorer and Mozilla Firefox to become the most popular web browser in the world, and is still considered so today.

That’s your technology history for today. For more, tune in tomorrow and visit my website, ThisDayInTechHistory.com.

Resources
This Day in Tech History: https://thisdayintechhistory.com/12/11

Contributors:

Comments:

Leave the first comment

Newsletter