Zuckerberg Says He Regrets Not Being More Outspoken About ‘Government Pressure’

In a letter to the House Judiciary Committee, Meta CEO Mark Zuckerberg expressed regret for not being more vocal about “government pressure” to censor COVID-19-related content. He also acknowledged that Meta shouldn’t have demoted a New York Post story about President Biden’s family before the 2020 election. The Hill reports: Zuckerberg said senior Biden administration officials “repeatedly pressured” Meta, the parent company of Facebook and Instagram, to “censor” content in 2021. “I believe the government pressure was wrong, and I regret that we were not more outspoken,” he wrote to House Judiciary Chair Jim Jordan (R-Ohio). “Like I said to our teams at the time, I feel strongly that we should not compromise our content standards due to pressure from any Administration in either direction — and we’re ready to push back if something like this happens again,” Zuckerberg added.

The Meta CEO also said the company “shouldn’t have demoted” a New York Post story about corruption allegations involving President Biden’s family ahead of the 2020 election while waiting for fact-checkers to review it. The social media company has since updated its policies and processes, including no longer demoting content in the U.S. while waiting for fact-checkers, he noted. Zuckerberg also said in Monday’s letter that he does not plan to make contributions to local jurisdictions to support election infrastructure this cycle, like he did during the 2020 election.

The contributions, which were “designed to be non-partisan,” were accused of being unfairly distributed between left-leaning and right-leaning areas and labeled “Zuckerbucks” by Republicans. “Still, despite the analyses I’ve seen showing otherwise, I know that some people believe this work benefited one party over the other,” Zuckerberg said. “My goal is to be neutral and not play a role one way or another — or to even appear to be playing a role.” House Judiciary Republicans touted the letter as a “big win for free speech,” writing on X: “Mark Zuckerberg just admitted three things: 1. Biden-Harris Admin ‘pressured’ Facebook to censor Americans. 2. Facebook censored Americans. 3. Facebook throttled the Hunter Biden laptop story.”

“Mark Zuckerberg also tells the Judiciary Committee that he won’t spend money this election cycle. That’s right, no more Zuck-bucks. Huge win for election integrity,” it added.

Read more of this story at Slashdot.

Telegram CEO Pavel Durov’s Arrest Upends Kremlin Military Communications

Telegram founder and CEO Pavel Durov was arrested Saturday night by French authorities on allegations that his social media platform was being used for child pornography, drug trafficking and organized crime. The move sparked debate over free speech worldwide from prominent anti-censorship figures including Elon Musk, Robert F. Kennedy. Jr. and Edward Snowden. However, “the immediate freakout came from Russia,” reports Politico. “That’s because Telegram is widely used by the Russian military for battlefield communications thanks to problems with rolling out its own secure comms system. It’s also the primary vehicle for pro-war military bloggers and media — as well as millions of ordinary Russians.” From the report: “They practically detained the head of communication of the Russian army,” Russian military blogger channel Povernutie na Z Voine said in a Telegram statement. The blog site Dva Mayora said that Russian specialists are working on an alternative to Telegram, but that the Russian army’s Main Communications Directorate has “not shown any real interest” in getting such a system to Russian troops. The site said Durov’s arrest may actually speed up the development of an independent comms system. Alarmed Russian policymakers are calling for Durov’s release.

“[Durov’s] arrest may have political grounds and be a tool for gaining access to the personal information of Telegram users,” the Deputy Speaker of the Russian Duma Vladislav Davankov said in a Telegram statement. “This cannot be allowed. If the French authorities refuse to release Pavel Durov from custody, I propose making every effort to move him to the UAE or the Russian Federation. With his consent, of course.” Their worry is that Durov may hand over encryption keys to the French authorities, allowing access to the platform and any communications that users thought was encrypted.

French President Emmanuel Macron said Monday that the arrest of Durov was “in no way a political decision.” The Russian embassy has demanded that it get access to Durov, but the Kremlin has so far not issued a statement on the arrest. “Before saying anything, we should wait for the situation to become clearer,” said Kremlin spokesperson Dmitry Peskov. However, officials and law enforcement agencies were instructed to clear all their communication from Telegram, the pro-Kremlin channel Baza reported. “Everyone who is used to using the platform for sensitive conversations/conversations should delete those conversations right now and not do it again,” Kremlin propagandist Margarita Simonyan said in a Telegram post. “Durov has been shut down to get the keys. And he’s going to give them.”

Read more of this story at Slashdot.

Hackers Have Found an Entirely New Way To Backdoor Into Microsoft Windows

A university in Taiwan was breached with “a previously unseen backdoor (Backdoor.Msupedge) utilizing an infrequently seen technique,” Symantec reports.

The most notable feature of this backdoor is that it communicates with a command-and-control server via DNS traffic… The code for the DNS tunneling tool is based on the publicly available dnscat2 tool. It receives commands by performing name resolution… Msupedge not only receives commands via DNS traffic but also uses the resolved IP address of the C&C server (ctl.msedeapi[.]net) as a command. The third octet of the resolved IP address is a switch case. The behavior of the backdoor will change based on the value of the third octet of the resolved IP address minus seven…

The initial intrusion was likely through the exploit of a recently patched PHP vulnerability (CVE-2024-4577). The vulnerability is a CGI argument injection flaw affecting all versions of PHP installed on the Windows operating system. Successful exploitation of the vulnerability can lead to remote code execution.
Symantec has seen multiple threat actors scanning for vulnerable systems in recent weeks. To date, we have found no evidence allowing us to attribute this threat and the motive behind the attack remains unknown.

More from The Record:
Compared to more obvious methods like HTTP or HTTPS tunneling, this technique can be harder to detect because DNS traffic is generally considered benign and is often overlooked by security tools.
Earlier in June, researchers discovered a campaign by suspected Chinese state-sponsored hackers, known as RedJuliett, targeting dozens of organizations in Taiwan, including universities, state agencies, electronics manufacturers, and religious organizations. Like many other Chinese threat actors, the group likely targeted vulnerabilities in internet-facing devices such as firewalls and enterprise VPNs for initial access because these devices often have limited visibility and security solutions, researchers said.
Additional coverage at The Hacker News.

Thanks to Slashdot reader joshuark for sharing the article.

Read more of this story at Slashdot.