This is your easyDNS #AxisOfEasy Briefing for the week of January 6th  2025 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey and Len the Lengend click here.

In this issue: 

• Telegram’s Data Sharing Surges After CEO’s Arrest
• Meta Ends Fact-Checking Partnerships, Sparking Backlash
• Ransomware Group Cicada3301 Strikes French Peugeot Dealership
• Meta Plans AI-Generated User Accounts for Facebook and Instagram
• The Mask APT Returns with Advanced Multi-Platform Malware
• DPCDSB Cybersecurity  Incident
  
  

Elsewhere Online:

Telegram’s Data Sharing Surges After CEO’s Arrest

In late August 2024, Telegram’s CEO Pavel Durov, a Russian-born entrepreneur, was arrested in France and released on a $5 million bond. Following his detention, Telegram drastically shifted its data-sharing policy. While the company had only responded to 14 U.S. government data requests by September, that number soared to 900 by year-end, affecting over 2,200 users.

Telegram, previously strict about sharing data solely in terrorism cases, began cooperating on fraud and cybercrime investigations. Transparency reports now detail requests, with the following report expected in April. Senior cyber-threat researcher Callie Guenther noted this shift as a response to government pressure, saying, “This development is expected to prompt many cybercriminals to migrate to alternative platforms.”

The policy change reflects a broader trend of governments pushing tech companies to prioritize security over privacy. While experts anticipate short-term gains for law enforcement, they warn of increased fragmentation in cybercrime ecosystems, which can complicate investigations. Balancing security with privacy remains a critical challenge in the evolving landscape of online threats.

Read: https://www.darkreading.com/cybersecurity-operations/sharing-telegram-user-data-surged-after-ceo-arrest

Meta Ends Fact-Checking Partnerships, Sparking Backlash

In January 2025, Meta surprised its fact-checking partners by ending their collaborations on Facebook, Instagram, and Threads. The company plans to replace these partnerships with a Community Notes system, similar to the one on X. Many partners, including Alan Duke of Lead Stories, expressed shock, saying, “We heard the news just like everyone else. No advance notice.”

Meta’s decision has left fact-checkers scrambling to address funding gaps. Some, like Jesse Stiller of Check Your Fact, fear for their future. Others, like Kristin Roberts of Gannett Media, emphasized their commitment to unbiased journalism, stating, “Truth and facts serve everyone—not the right or the left.”

Critics argue this shift caters to political pressures and undermines trust. Emmanuel Vincent of Science Feedback warned that a crowdsourced model without expert input could fail on complex topics. Neil Brown of the Poynter Institute added, “Facts are not censorship. Fact-checkers never censored anything.”

Meta CEO Mark Zuckerberg has been accused of aligning with political interests, including promoting ties with the incoming administration. Despite the backlash, the company has yet to address concerns about the program’s effectiveness or fairness.

Read: https://www.wired.com/story/metas-fact-checking-partners-blindsided/

Ransomware Group Cicada3301 Strikes French Peugeot Dealership

On December 8, 2024, the U.S. Treasury Department discovered a significant cyberattack by a Chinese state-sponsored group. Hackers accessed employee workstations and classified documents using a stolen security key from third-party provider BeyondTrust. Treasury confirmed the breach in a letter to lawmakers, attributing it to an Advanced Persistent Threat (APT) actor from China.

Assistant Treasury Secretary Aditi Hardikar stated that the compromised system was taken offline, and there is no evidence of ongoing access. The breach’s full impact, including the number of affected systems and documents, remains unclear.

Chinese Foreign Ministry spokesperson Mao Ning dismissed the accusations as “unwarranted and groundless.” She reiterated, “China opposes all forms of hacking.”

This incident adds to recent concerns about Chinese-linked hacking groups targeting U.S. critical infrastructure, such as Volt Typhoon. In response, the Biden administration is working on stricter cybersecurity policies. Treasury is collaborating with the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) to address the breach and strengthen defenses.

Read: https://therecord.media/beijing-hackers-penetrated-treasury-systems

Meta Plans AI-Generated User Accounts for Facebook and Instagram

Meta is set to launch AI-generated user accounts on Facebook and Instagram. Announced by Connor Hayes, Vice President for Product, Generative AI, this move aims to increase user engagement by allowing AI bots to interact like actual users. These accounts will have profiles, bios, and photos and can like, share, and create content.

While this innovation could enhance platform activity, experts worry about its potential downsides. Misinformation risks are a top concern, as AI-generated accounts may spread false information. Additionally, critics fear the quality of AI-generated content might lack human creativity, leading to a less engaging experience for users.

Despite these concerns, Meta is committed to its plan, seeing it as a strategy to stay competitive with platforms like TikTok and X. The initiative builds on Meta’s previous introduction of AI characters in 2023, initially available only in the U.S.

Whether this move enhances or harms user experience remains to be seen. As Meta rolls out these features, the social media landscape may witness significant interaction and changes in content creation.

Read: https://www.timesnownews.com/technology-science/meta-to-introduce-ai-user-accounts-on-facebook-and-instagram-heres-what-we-know-article-116887199

The Mask APT Returns with Advanced Multi-Platform Malware

Apple has agreed to pay $95 million to settle a lawsuit accusing its Siri voice assistant of privacy violations. The preliminary settlement, filed in an Oakland, California court, requires approval from U.S. District Judge Jeffrey White.

Plaintiffs claimed Siri unintentionally recorded private conversations and shared them with third parties, including advertisers. Examples included ads triggered by private discussions about sneakers, restaurants, and medical treatments. One plaintiff said, “I received ads for surgery after discussing it privately with my doctor.”

The lawsuit covers Siri-enabled devices from September 2014 to December 2024. Eligible users, including iPhones and Apple Watches, may receive up to $20 per device.

Apple denied any wrongdoing but chose to settle. The settlement fund also allocates $28.5 million for legal fees and $1.1 million for expenses. The company and its lawyers declined to comment on the case.

This settlement highlights ongoing privacy concerns with voice assistants. As voice technology evolves, users are increasingly vigilant about protecting their data.

Read: https://thehackernews.com/2024/12/the-mask-apt-resurfaces-with.html

DPCDSB Cybersecurity  Incident

The Peel District School Board (PDSB) reported a cybersecurity incident that encrypted certain files and systems but did not affect online classes or virtual learning environments. While the board’s website was offline, PDSB assured families there is no evidence of personal or sensitive information being compromised and expressed confidence in restoring affected systems. Remote classes continue without disruption as the board works to resume normal operations.

In response, PDSB’s Learning Technology Support Services teams took immediate steps to isolate the incident and engaged a cybersecurity firm and Peel Police Cyber Security Services to investigate and remediate the situation. The board has committed to notifying individuals if the investigation uncovers any risks to personal or sensitive information and is maintaining transparency with the community throughout the recovery process.

Read: https://www.cbc.ca/news/canada/toronto/peel-district-school-board-cyber-attack-1.5892821

Elsewhere Online:

Veracode Strengthens Defense Against Malicious Code with Phylum Acquisition
Read: https://www.securityweek.com/veracode-targets-malicious-code-threats-with-phylum-acquisition/

FireScam Malware Tricks Android Users with Fake Telegram Premium App
Read: https://latesthackingnews.com/2025/01/07/firescam-android-malware-lures-victims-by-posing-as-telegram-premium-app/

Data Breach at MyGiftCardSupply Sparks Concerns Over Digital ID Safety
Read: https://reclaimthenet.org/us-gift-card-retailer-data-breach-kyc-id-documents-exposed

New PhishWP Plugin Exploits WordPress to Steal Payment Data
Read: https://hackread.com/phishwp-plugin-russian-hacker-forum-phishing-sites/

New DoubleClickjacking Attack Bypasses Clickjacking Defenses
Read: https://latesthackingnews.com/2025/01/07/new-doubleclickjacking-attack-bypasses-existing-security-measures/