Day: January 8, 2025

Meta is replacing its fact-checking program with a “community notes” system, citing a shift in moderation strategy after a “cultural tipping point.”

Meta CEO Mark Zuckerberg announced that the fact-checking program should be ended and replaced with a community-driven system. Zuckerberg cited a shift toward free speech and explained that the new model will be similar to X’s Community Notes.

Meta’s introduced its fact-checking system in 2016, it relied on over 90 certified third-party organizations, including PolitiFact and Factcheck.org, to review posts in 60+ languages.

Meta also announced big changes in content moderation, increasing political content in feeds across Facebook, Instagram, and Threads, impacting billions of users.

Zuckerberg revealed that the election was a key factor for his move, he criticized governments and legacy media for pressuring increased censorship.

“We’re going to get back to our roots and focus on reducing mistakes, simplifying our policies and restoring free expression on our platforms,” said Zuckerberg. “More specifically, here’s what we’re going to do. First, we’re going to get rid of fact checkers and replace them with community notes similar to X, starting in the U.S.”

“The recent elections also feel like a cultural tipping point towards, once again, prioritizing speech,” he said. “So we’re gonna get back to our roots and focus on reducing mistakes, simplifying our policies and restoring free expression on our platforms.”

Zuckerberg admitted that the systems used by the company for content moderation make too many mistakes that potentially impacted millions of people.

The company is committed in using automated moderation systems only to target “high severity violations” and rely on users to report other violations.

“Zuckerberg’s announcement comes as CEOs and business leaders across sectors are currying favor with the incoming administration of President-elect Donald Trump. Meta, along with other tech companies, donated $1 million to Trump’s inaugural fund, and ahead of the election, Zuckerberg praised Trump in an interview with Bloomberg Television without offering an outright endorsement.” reported NBC News. “Ahead of Trump’s inauguration, Meta has reportedly appointed Republican Joel Kaplan to lead its policy team, and on Monday, the company announced that UFC’s Dana White, a long-time supporter of Trump, would join its board.”

Zuckerberg stated Meta will collaborate with the Trump administration to promote global free speech, pushing back against government censorship, including U.S. efforts.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Zuckerberg)

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Oracle WebLogic Server and Mitel MiCollab vulnerabilities, to its Known Exploited Vulnerabilities (KEV) catalog.

Below are the descriptions for the vulnerabilities added to the catalog:

CVE-2020-2883 (CVSS score 9.8) is a vulnerability in Oracle WebLogic Server (versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0). An unauthenticated attacker with network access via IIOP, T3 can exploit the issue to compromise Oracle WebLogic Server.

“This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability.” reported the advisory published by ZDI. “The specific flaw exists within the handling of the T3 protocol. Crafted data in a T3 protocol message can trigger the deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process.”

CVE-2024-41713 (CVSS score 9.8) is a Path Traversal Vulnerability in Mitel MiCollab (up to 9.8 SP1 FP2). Mitel MiCollab has a NuPoint Unified Messaging vulnerability enabling unauthenticated path traversal attacks, risking data and configuration integrity.

“A path traversal vulnerability, CVE-2024-41713, in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit of this vulnerability could allow an attacker to gain unauthorized access, with potential impacts to the confidentiality, integrity, and availability of the system. This vulnerability is exploitable without authentication.” reads the advisory. “If the vulnerability is successfully exploited, an attacker could gain unauthenticated access to provisioning information including non-sensitive user and network information and perform unauthorized administrative actions on the MiCollab Server. The vulnerability severity is rated as critical. “

CVE-2024-55550 (CVSS score 9.8) is a Path Traversal Vulnerability in Mitel MiCollab (up to 9.8 SP2). The vulnerability allows authenticated admin attackers to read local files. Exploitation is limited to non-sensitive data.

“A path traversal vulnerability, CVE-2024-55550, in Mitel MiCollab could allow an authenticated attacker with administrative privilege to conduct a local file read within the system due to insufficient input sanitization.” reads the advisory.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this vulnerability by January 28, 2025.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA Known Exploited Vulnerabilities catalog)