New Hak5 Video: Alli Diamond Discusses Critical Cybersecurity Topics

In this new video from @hak5, Alli Diamond presents several crucial topics related to cybersecurity, including recent vulnerabilities, DDoS attacks, and interesting technological news. Firstly, Alli Diamond discusses a serious vulnerability discovered by Garma Rambo in the low-level interprocess communication mechanism of Darwin notifications on iOS. Rambo found that these notifications, although limited in terms of transferred data, can interfere with system operations. For example, they can ignore Wi-Fi, ignore system gestures, and force the display of incorrect statuses on the Dynamic Island. Rambo created an iOS widget called "very evil notify" that could effectively "soft brick" an iOS device, requiring a restoration from a backup. Apple fixed this flaw in iOS and iPadOS 18.3 and rewarded Rambo with a $17,500 bounty. Next, Alli Diamond addresses the threat posed by Salt Typhoon, a Chinese cybercriminal group that accessed American infrastructures and telecommunications providers' systems. The FBI and CISA confirmed that Salt Typhoon stole call logs, private communications, and other sensitive information. The FBI is offering a $10 million reward for any information on the individuals behind this campaign. The video then moves on to Cloudflare's DDoS statistics for 2024. Cloudflare handled 21.3 million DDoS attacks, a 358% increase from the previous year. The first quarter of 2025 saw 20.5 million attacks, of which 16.8 million were network layer attacks. Among these attacks, 700 incidents exceeded 1 terabit per second or 1 billion packets per second. Cloudflare also mitigated a record DDoS attack of 5.8 terabits per second. Alli Diamond also mentions a new vulnerability in the Linux kernel, specifically in the IO_uring interface. This interface, designed for efficient asynchronous I/O operations, uses circular buffers shared between user space and the kernel. However, this design creates a vulnerability that attackers can exploit to execute arbitrary commands without triggering security alerts. Google has already disabled IO_uring by default on Android and Chrome OS to mitigate this risk. Finally, Alli Diamond shares her enthusiasm for Linux adoption, inspired by a video from PewDiePie. She emphasizes that while Linux offers many advantages, new users must be aware of vulnerabilities and the efforts required to keep the system up-to-date. In conclusion, this video provides a comprehensive overview of current challenges and advancements in cybersecurity, highlighting the importance of vigilance and continuous system updates to protect against emerging threats.