New Hak5 Video Addresses Critical Cybersecurity Topics
In this new video from the @hak5 channel, several crucial cybersecurity topics are addressed. Firstly, the video clarifies a recent rumor about a leak of 16 billion passwords. Contrary to what some media outlets reported, this leak is not new. In reality, it is a compilation of old datasets from malware such as info stealers and other older leaks. This clarification is important as it helps to dispel unnecessary panic and restore the facts. Another crucial point addressed in the video is the addition of a new vulnerability, CVE-2023-0386, to the catalog of known exploited vulnerabilities by CISA. This vulnerability, which allows privilege escalation in the overlay FS subsystem of the Linux kernel, was initially reported in 2023. It enables a local user to elevate their privileges on the system by exploiting poor management of properties in the Linux kernel. Although this vulnerability is old, its addition to the catalog means it is still being exploited in the wild, posing a threat to many groups. All federal civilian executive branch agencies are required to remediate this vulnerability by a given date, which also serves as a good practice for non-governmental companies. The video also addresses a recurring issue with Google ads. Recent research from Malware Bytes Labs shows that malicious actors are using Google ads to deceive users. By embedding values in query parameters, they can force the display of false information on legitimate sites. This technique, known as a search parameter injection attack, allows scammers to create malicious URLs that integrate fake phone numbers into the legitimate search features of sites. Once the user calls this number, they are subjected to a classic phone scam process. The responsibility for protecting against these attacks falls on the targeted websites, which must implement protections against malicious query parameter injections. In conclusion, this video provides a valuable overview of current cybersecurity threats and the measures to protect against them. It emphasizes the importance of verifying information and remaining vigilant against new threats. To learn more, watch the full video at the following address: https://www.youtube.com/watch?v=3lhWK6JSMzg