New Hak5 Video: Cybersecurity Updates and Personal News from Alli Diamond

In this new video from @hak5, Alli Diamond presents the May 12, 2025 episode of Threatwire, covering several crucial topics in cybersecurity. The first point discussed is the announcement from the CISA (Cybersecurity and Infrastructure Security Agency) about its new strategy for sharing cybersecurity alerts. Initially, CISA planned to adopt a "social media first" approach, publishing alerts on social media rather than on their official website. This decision aimed to make information more accessible and draw attention to critical threats. However, this initiative sparked a strong reaction from the cybersecurity community, which expressed concerns about the reliability and security of government social media accounts, citing past incidents such as the hacking of the SEC's Twitter account in January 2024. In response to these concerns, CISA quickly backtracked and decided to reevaluate its information-sharing strategy. Another major topic covered in the video is the recent security breach at Coinbase. On May 14, 2025, Coinbase filed a Form 8K with the SEC to disclose a data breach. Malicious actors obtained sensitive information by paying contractors or employees to collect internal data. Coinbase immediately took steps to enhance fraud monitoring and alert potentially affected customers. Rather than giving in to the $20 million ransom demand, Coinbase allocated this amount as a reward for any information leading to the arrest and conviction of the attackers. This transparency and responsiveness demonstrate Coinbase's commitment to protecting its users and combating cyber threats. The video also addresses the issue of weak passwords and their persistent use in production systems. Spec Ops published new research on commonly used passwords to attack FTP ports. The most common passwords observed were "admin" and "root," highlighting the need to strengthen password security practices. The use of weak passwords exposes systems to "password spraying" attacks, where attackers attempt to access accounts using common passwords. Finally, Alli Diamond clarifies her personal situation, explaining that she was recently laid off from her full-time job as a back-end software engineer. She specifies that Hack5 and Threatwire are side projects and that cybersecurity is a passion for her. She documents her job search online and encourages viewers to follow her progress on her social media. In conclusion, this video provides an in-depth look at current cybersecurity challenges, communication strategies of government agencies, and best practices for securing computer systems. It highlights the importance of transparency, responsiveness, and continuous education in the field of cybersecurity.