353: Apple Chip Flaw Leaks Encryption Keys! (UNPATCHABLE?!)

This week on Technado, Daniel and Sophie kick off Rapid Fire with some highlights from Pwn2Own Vancouver. Then, we jump into a novel cred-harvesting phishing campaign, CozyBear's latest attack on German politicos, and a special Pork Chop Sandwiches segment: millions of hotel door locks are impacted by a 36-year-old flaw. We wrap up the Rapid Fire with the Nemesis Market takedown, yet another update on CISA's Ivanti troubles, and the "unpatchable" exploit affecting Apple M-series chips.

In another Python-focused Deep Dive, Daniel takes us through a supply chain cyberattack that's impacting thousands of GitHub users and developers. To close the segment, we take a quick look at a new Loop DoS attack that targets app-layer protocols.

Want to keep reading? Check out the articles the Technado crew covered this week!

Rapid Fire:

Pwn2Own https://www.zerodayinitiative.com/blog/2024/3/21/pwn2own-vancouver-2024-day-two-results
Conversation Overflow Attack https://www.darkreading.com/cloud-security/conversation-overflow-cyberattacks-bypass-ai-security
CozyBear Phishing for Dinner https://www.theregister.com/2024/03/23/russia_cozy_bear_german_politicians_phishing/
Unsaflok Flaw https://www.bleepingcomputer.com/news/security/unsaflok-flaw-can-let-hackers-unlock-millions-of-hotel-doors/
Nemesis Takedown https://www.bitdefender.com/blog/hotforsecurity/german-authorities-take-down-darknet-marketplace-nemesis-market/
CISA Ivanti Notice https://www.crn.com/news/security/2024/cisa-urges-patching-for-critical-ivanti-vulnerability?itc=refresh
Apple M-Series Vulnerability https://www.itpro.com/security/a-vulnerability-in-apple-m-series-chips-could-expose-encryption-keys-and-harm-performance-and-the-flaw-is-unpatchable

Deep Dive:

GitHub Python Supply Chain Attack https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/
Loop DoS Summary https://cispa.de/en/loop-dos
Loop DoS Advisory https://cispa.saarland/group/rossow/Loop-DoS