Newsletter

open source and cybersecurity news

December 13, 2023

It's 5:05, December 13, 2023. TIme for your cybersecurity and open source headlines

In this Episode:

Marcel Brown:  December 16, 2016. After a long delay, Apple finally releases their new wireless earbuds, the Apple AirPods. Within two years, they became Apple’s most popular accessory, and today are some of the most popular and well recognized earbuds in the market.

Edwin Kwan: Meta has announced the rollout of default end-to-end encryption for personal messages and calls on Messenger and Facebook. The rollout will take several months to complete globally, prompting users to set up recovery methods when their chats are upgraded.

Katy Craig: Two years after the infamous Log4j vulnerability came to light, North Korean hackers are still exploiting this flaw in widespread cyberattacks. These attacks fall under the wide-reaching activities of the Lazarus umbrella, a term for the various North Korean government hacking operations.

Hillary Coover: A covert campaign dating back to May 2022 is distorting conversations about Taiwan’s upcoming elections. The Graphika report exposes hundreds of fake social media accounts on Facebook, TikTok, and YouTube. While the perpetrators remain unidentified, the operation favored a pro-China political party in Taiwan, while criticizing its main rival.

 

The Stories Behind the Cybersecurity Headlines

 

Edwin Kwan
Messenger and Facebook: Default End to End Encryption

Edwin Kwan, Contributing Journalist, It's 5:05 PodcastIn a significant update, Meta has announced the rollout of default end-to-end encryption for personal messages and calls on Messenger and Facebook.

This is Edwin Kwan from Sydney, Australia.

This means that private chats and calls across Messenger will now be automatically encrypted by default, enhancing privacy and security. The implementation is based on robust cryptographic principles, including the Signal Protocol and Meta’s own Labyrinth Protocol. The encryption ensures that the content of messages and calls remain protected from the sender’s devices to the receiver’s device, adding an extra layer of security.

Additionally, Meta introduced new features such as message editing within 15 minutes, disappearing messages lasting 24 hours, read receive control, upgraded photo and video features, and enhancements to voice messaging. The rollout will take several months to complete globally, prompting users to set up recovery methods when their chats are upgraded. This move represents the most significant improvements to Messenger since its launch in 2011.

Resources
– Facebook: https://about.fb.com/news/2023/12/default-end-to-end-encryption-on-messenger/
– Hacker News: https://thehackernews.com/2023/12/meta-launches-default-end-to-end.html
– The Record: https://therecord.media/meta-facebook-e2ee-mesaging-rollout
– Bleeping Computer: https://www.bleepingcomputer.com/news/security/meta-rolls-out-default-end-to-end-encryption-on-messenger-facebook/

 

Katy Craig
North Korea’s Lazarus Still Exploiting Log4j

Katy Craig, Contributing Journalist, It's 5:05 PodcastTwo years after the infamous Log4j vulnerability came to light, North Korean hackers are still exploiting this flaw in widespread cyberattacks, underscoring the vulnerability’s longevity and the risks of failing to patch such critical flaws.

This is Katy Craig in San Diego, California.

These attacks fall under the wide-reaching activities of the Lazarus umbrella, a term for the various North Korean government hacking operations. Lazarus is known for a range of cyber activities, from espionage and cryptocurrency thefts to ransomware and supply chain attacks.

Operation Blacksmith, characterized by the use of DLang, a less common programming language, reflects a shift in North Korean cyber strategies. The campaign, observed from March to September 2023, has opportunistically targeted vulnerable global enterprises.

One notable aspect of this operation is the use of remote access trojans, with one employing Telegram bots, and channels for command and control. This operation has some overlap with the Onyx Sleet or Andariel attacks that Microsoft disclosed in October, exploiting a flaw in JetBrains TeamCity server software.

This serves as a stark reminder of the ongoing threat posed by state-sponsored cyber actors and the importance of maintaining robust cybersecurity defenses.

This is Katy Craig. Stay safe out there.

Resources
– Talos Intelligence: https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/

 

Hillary Coover
Covert Campaign Targets Taiwan Elections with Stolen Identities and Disinformation

Hillary Coover, Contributing Journalist, It's 5:05 Podcast

A covert campaign dating back to May 2022 is distorting conversations about Taiwan’s upcoming elections. The Graphika report exposes hundreds of fake social media accounts on Facebook, TikTok, and YouTube.

Hi, this is Hillary Coover in Washington, DC.

The campaign involved around 800 Facebook profiles, 13 Facebook pages, a TikTok account, and a YouTube channel. While the perpetrators remain unidentified, the operation favored a pro-China political party in Taiwan, while criticizing its main rival. The campaign also utilized Chinese language memes and videos, displaying awkward Taiwanese language skills. Graphika warned of an increase in such influence operations as Taiwan’s 2024 election approaches.

A central figure in the operation, the TikTok and YouTube account “Agitate Taiwan” acted as a content hub, sharing videos that criticized the pro-independence party and supported the more China-friendly party in Taiwan. Notably, the campaign used edited profile pictures of real people to obscure the source and mask the inauthentic nature of the accounts.

Most of the content has been removed by tech platforms. YouTube terminated the account, citing policy violations, and Meta expressed appreciation for Graphika’s work, highlighting the collaborative effort to counter deceptive campaigns across platforms. TikTok is investigating the “Agitate Taiwan” account and matter, emphasizing the adherence to community guidelines, prohibiting spam, covert influence operations, and misinformation about electoral processes.

Stay tuned and follow 5:05 updates for updates to this story.

Resources
– Washington Post: https://www.washingtonpost.com/politics/2023/12/13/researchers-identify-campaign-manipulate-online-conversations-about-taiwan-elections/

 

Marcel Brown
This Day, December 13, in Tech History

Marcel Brown, Contributing Journalist, It's 5:05 PodcastThis is Marcel Brown with your technology history for December 13th.

December 13th, 1962. NASA launches the active repeater communication satellite Relay 1 from Cape Canaveral. One of the earliest communication satellites to be launched, Relay 1’s mission was primarily experimental, but it nonetheless was used for some notable events. On November 22, 1963, Relay 1 was the first satellite to broadcast television from the United States to Japan, which happened to be the announcement of the assassination of John F. Kennedy. It was then used in August of 1964 to broadcast the 1964 Summer Olympics from Japan to Europe and the United States relaying the signal with another satellite, Syncom 3. It was the first time two satellites were used in tandem for a television broadcast. Relay 1 was used until February 10, 1965, when a problem with its power system caused the satellite to become non functional.

December 16, 2016. After a long delay, Apple finally releases their new wireless earbuds, the Apple AirPods. Within two years, they became Apple’s most popular accessory, and today are some of the most popular and well recognized earbuds in the market.

That’s your technology history for today. For more, tune in tomorrow and visit my website, thisdayintechhistory. com.

Resources
This Day in Tech History: https://thisdayintechhistory.com/12/13

Contributors:

Comments:

Leave the first comment

Newsletter