1 hr 9 min
353: Apple Chip Flaw Leaks Encryption Keys! (UNPATCHABLE?!) Technado
-
- Technology
This week on Technado, Daniel and Sophie kick off Rapid Fire with some highlights from Pwn2Own Vancouver. Then, we jump into a novel cred-harvesting phishing campaign, CozyBear's latest attack on German politicos, and a special Pork Chop Sandwiches segment: millions of hotel door locks are impacted by a 36-year-old flaw. We wrap up the Rapid Fire with the Nemesis Market takedown, yet another update on CISA's Ivanti troubles, and the "unpatchable" exploit affecting Apple M-series chips.
In another Python-focused Deep Dive, Daniel takes us through a supply chain cyberattack that's impacting thousands of GitHub users and developers. To close the segment, we take a quick look at a new Loop DoS attack that targets app-layer protocols.
Want to keep reading? Check out the articles the Technado crew covered this week!
Rapid Fire:
Pwn2Own https://www.zerodayinitiative.com/blog/2024/3/21/pwn2own-vancouver-2024-day-two-resultsConversation Overflow Attack https://www.darkreading.com/cloud-security/conversation-overflow-cyberattacks-bypass-ai-securityCozyBear Phishing for Dinner https://www.theregister.com/2024/03/23/russia_cozy_bear_german_politicians_phishing/Unsaflok Flaw https://www.bleepingcomputer.com/news/security/unsaflok-flaw-can-let-hackers-unlock-millions-of-hotel-doors/Nemesis Takedown https://www.bitdefender.com/blog/hotforsecurity/german-authorities-take-down-darknet-marketplace-nemesis-market/CISA Ivanti Notice https://www.crn.com/news/security/2024/cisa-urges-patching-for-critical-ivanti-vulnerability?itc=refreshApple M-Series Vulnerability https://www.itpro.com/security/a-vulnerability-in-apple-m-series-chips-could-expose-encryption-keys-and-harm-performance-and-the-flaw-is-unpatchable
Deep Dive:
GitHub Python Supply Chain Attack https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/Loop DoS Summary https://cispa.de/en/loop-dosLoop DoS Advisory https://cispa.saarland/group/rossow/Loop-DoS
This week on Technado, Daniel and Sophie kick off Rapid Fire with some highlights from Pwn2Own Vancouver. Then, we jump into a novel cred-harvesting phishing campaign, CozyBear's latest attack on German politicos, and a special Pork Chop Sandwiches segment: millions of hotel door locks are impacted by a 36-year-old flaw. We wrap up the Rapid Fire with the Nemesis Market takedown, yet another update on CISA's Ivanti troubles, and the "unpatchable" exploit affecting Apple M-series chips.
In another Python-focused Deep Dive, Daniel takes us through a supply chain cyberattack that's impacting thousands of GitHub users and developers. To close the segment, we take a quick look at a new Loop DoS attack that targets app-layer protocols.
Want to keep reading? Check out the articles the Technado crew covered this week!
Rapid Fire:
Pwn2Own https://www.zerodayinitiative.com/blog/2024/3/21/pwn2own-vancouver-2024-day-two-resultsConversation Overflow Attack https://www.darkreading.com/cloud-security/conversation-overflow-cyberattacks-bypass-ai-securityCozyBear Phishing for Dinner https://www.theregister.com/2024/03/23/russia_cozy_bear_german_politicians_phishing/Unsaflok Flaw https://www.bleepingcomputer.com/news/security/unsaflok-flaw-can-let-hackers-unlock-millions-of-hotel-doors/Nemesis Takedown https://www.bitdefender.com/blog/hotforsecurity/german-authorities-take-down-darknet-marketplace-nemesis-market/CISA Ivanti Notice https://www.crn.com/news/security/2024/cisa-urges-patching-for-critical-ivanti-vulnerability?itc=refreshApple M-Series Vulnerability https://www.itpro.com/security/a-vulnerability-in-apple-m-series-chips-could-expose-encryption-keys-and-harm-performance-and-the-flaw-is-unpatchable
Deep Dive:
GitHub Python Supply Chain Attack https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/Loop DoS Summary https://cispa.de/en/loop-dosLoop DoS Advisory https://cispa.saarland/group/rossow/Loop-DoS
1 hr 9 min