New Hak5 Video: Cybersecurity and Hacking Updates

In the latest video from the @hak5 channel, Ali Diamond covers several crucial topics related to cybersecurity and hacking. Among the points discussed are phishing attempts on YouTube, security vulnerabilities, and controversial encryption laws in France and the UK. Ali begins with an important warning for YouTube content creators. Cybercriminals are using AI-generated videos featuring YouTube's CEO, Neil Mohan, to trick creators into revealing their passwords. These fake videos discuss changes in the platform's monetization, a topic of particular concern to major YouTubers. The links in these phishing emails lead to fraudulent pages asking users to log in to "confirm" the new conditions of the YouTube Partner Program. Ali advises always verifying directly on the platform rather than clicking on links in suspicious emails. Next, Ali discusses Red Hat's announcement that it has been named the "CNA of Last Resort." This means Red Hat now has the authority to override decisions made by other CNAs (CVE Numbering Authorities) regarding the publication of vulnerabilities. This new responsibility strengthens Red Hat's role in managing security vulnerabilities. The video also covers a recent security update from Google for Android. This update fixes three zero-day vulnerabilities used by digital forensics companies to unlock Android phones. Amnesty International discovered that these flaws were being used by Serbian authorities to monitor protesters. This situation raises ethical questions about the use of vulnerabilities by legitimate entities. Ali shares a surprising anecdote about a friend of the channel, Tiberias, who encountered difficulties transferring a Windows 10 license to Windows 11. After many hours on the phone with Microsoft support, an assistant ended up using an open-source hacking script to activate the new version of Windows, which is quite ironic. Microsoft has also published a blog about a new malvertising campaign using GitHub as a payload distribution site. This attack, which began in December 2024, affected nearly a million devices. The attackers used illegal streaming sites with iframe redirections to GitHub repositories containing malicious payloads. Once downloaded, these payloads collected system information and sent it as base 64 encoded URLs. Microsoft provided recommendations to mitigate this attack. Finally, Ali discusses recent encryption laws in France and the UK. France has proposed a law requiring tech companies to provide decrypted information within 72 hours of a request, with fines up to 1.5 million euros for non-compliance. This law also allows the use of spyware for remote surveillance of devices. Meanwhile, the UK has asked Apple to create a backdoor to access encrypted data on iCloud, leading Apple to file a legal complaint. Ali concludes by inviting viewers to share their thoughts on these topics in the comments and to prepare for the upcoming Defcon conferences, which celebrate the 20th anniversary of Hak5.