New Hak5 Video Highlights Critical Cybersecurity Issues

In the latest video from the @hak5 channel, Ali Diamond discusses several crucial cybersecurity topics. Firstly, he addresses recent security breaches on the Doge website, which was infiltrated twice by different hackers. These web development experts, who chose to remain anonymous, revealed that the Doge site is built on Cloudflare Pages rather than government servers. This setup allowed third parties to write to the site's database, exposing major vulnerabilities. Ali Diamond highlights the negligence in security by the Doge development team, making the entire project particularly chaotic. Another important topic is the discovery of a new zero-day vulnerability in Palo Alto Networks' Panos software. This vulnerability, identified as CVE-20250-0108, allows attackers to bypass authentication and invoke internal PHP scripts. Although this flaw does not permit remote code execution, it exploits specific Apache server configurations to execute files within the Panos system. This vulnerability affects several versions of Panos, and detailed information is available in the full Asset Note report. The video also covers a security update from Apple regarding iPhone cables. Versions iOS 18.3.1 and iPadOS 18.3.1 include a fix for a vulnerability that allowed bypassing the USB restricted mode, a feature introduced in 2018 to prevent USB data transfer on locked devices. While specific details of this attack are vague, Apple acknowledges that it has been exploited in highly sophisticated targeted attacks. Finally, Ali Diamond discusses a supply chain attack involving the popular BoltDB package. A malicious version of this package, hosted on GitHub, allowed remote code execution controlled by a C2 server. This attack was made possible due to the design of the Go module proxy service, which prioritizes caching for performance and availability reasons. Once a module version is cached, it remains accessible even if the original source is later modified. This feature, although beneficial for legitimate uses, was exploited by attackers to persistently distribute malicious code. The malicious package has since been removed and added to the Go vulnerability database. This video underscores the importance of vigilance in computer security and the potentially serious consequences of security vulnerabilities. Companies and developers must be aware of the risks and adopt robust security practices to protect their systems and data. To learn more, watch the full video at the following address: https://www.youtube.com/watch?v=CVGajsTfAoA