353: Apple Chip Flaw Leaks Encryption Keys! (UNPATCHABLE?!)

Episode 353 March 28, 2024 01:09:27
353: Apple Chip Flaw Leaks Encryption Keys! (UNPATCHABLE?!)
Technado
353: Apple Chip Flaw Leaks Encryption Keys! (UNPATCHABLE?!)

Mar 28 2024 | 01:09:27

/

Show Notes

This week on Technado, Daniel and Sophie kick off Rapid Fire with some highlights from Pwn2Own Vancouver. Then, we jump into a novel cred-harvesting phishing campaign, CozyBear's latest attack on German politicos, and a special Pork Chop Sandwiches segment: millions of hotel door locks are impacted by a 36-year-old flaw. We wrap up the Rapid Fire with the Nemesis Market takedown, yet another update on CISA's Ivanti troubles, and the "unpatchable" exploit affecting Apple M-series chips.

In another Python-focused Deep Dive, Daniel takes us through a supply chain cyberattack that's impacting thousands of GitHub users and developers. To close the segment, we take a quick look at a new Loop DoS attack that targets app-layer protocols.

Want to keep reading? Check out the articles the Technado crew covered this week!

Rapid Fire:

Pwn2Own https://www.zerodayinitiative.com/blog/2024/3/21/pwn2own-vancouver-2024-day-two-results
Conversation Overflow Attack https://www.darkreading.com/cloud-security/conversation-overflow-cyberattacks-bypass-ai-security
CozyBear Phishing for Dinner https://www.theregister.com/2024/03/23/russia_cozy_bear_german_politicians_phishing/
Unsaflok Flaw https://www.bleepingcomputer.com/news/security/unsaflok-flaw-can-let-hackers-unlock-millions-of-hotel-doors/
Nemesis Takedown https://www.bitdefender.com/blog/hotforsecurity/german-authorities-take-down-darknet-marketplace-nemesis-market/
CISA Ivanti Notice https://www.crn.com/news/security/2024/cisa-urges-patching-for-critical-ivanti-vulnerability?itc=refresh
Apple M-Series Vulnerability https://www.itpro.com/security/a-vulnerability-in-apple-m-series-chips-could-expose-encryption-keys-and-harm-performance-and-the-flaw-is-unpatchable

Deep Dive:

GitHub Python Supply Chain Attack https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/
Loop DoS Summary https://cispa.de/en/loop-dos
Loop DoS Advisory https://cispa.saarland/group/rossow/Loop-DoS

View Full Transcript

Episode Transcript

[00:00:04] Speaker A: You're listening to Technado. Welcome, and thanks for joining us for this week's tech NATO. I'm Sophie Goodwin, one of your hosts here. And just a reminder, before we jump in, I want to remind you that ACI learning is the lovely sponsor of Technado and also the folks behind it pro. You can use that code, Technado 30, for a discount on your it pro membership. And that is, of course, what my good friend Daniel and I do in our day jobs. We have a lot of fun teaching those courses. Cybersecurity, it, you name it, we have a whole lot of fun. So don't forget to use that code if you haven't already. [00:00:32] Speaker B: I mean, why leave free money on the table, right? [00:00:34] Speaker A: Exactly. I mean, basically, we're just giving it away. Just giving it away at that point. I mean, we've got the logo up there. You know, we've got. We've got hints we're dropping. Yeah, but Daniel, you know, I know we've got a lot that we're going to try to get into this week. We have, like, our rapid fire stuff, and a lot of times it's hard to narrow it down. So I'm sure you spent part of the weekend looking at the news and seeing what kind of stuff we could pull. But did you have a good weekend? Did you have fun? [00:00:55] Speaker B: I did have a good weekend. I. You know, I. I'm a voracious movie watcher. [00:01:00] Speaker A: You are? [00:01:00] Speaker B: I watch a lot of movies and television. I consume that media quite a bit. I watched a divergent this weekend, something I missed, apparently, when it came out, the book series. I'm assuming that's because I wasn't a 14 year old girl. [00:01:14] Speaker A: You are not exactly the target audience for that. No? No. How'd you like it? [00:01:19] Speaker B: It was all right. Yeah, it was all right. I mean, it was a movie. It was. You know, I'm probably. Like I said, I'm probably a little too old for that. Even though I have this weird thing about me. That one. I start watching a movie, I don't stop, even if I don't like it. [00:01:34] Speaker A: You're not a quitter. [00:01:35] Speaker B: So this comes about from the movie unforgiven, when the movie unforgiving came. This is Kevin Costner, Clint Eastwood. Okay. My brother, it comes out. He says, you gotta see unforgiven. It's an amazing film. [00:01:48] Speaker A: Unforgiven. [00:01:49] Speaker B: I can't believe, if you haven't seen this movie, I'm going to be very upset. [00:01:52] Speaker A: I have not. This is new to me. [00:01:54] Speaker B: Big Eastwood fan. I'm watching unforgiven. And for those of you. Spoiler, I don't know if I want to do spoiler. Yeah, I guess. Spoiler alerts. It's been around a while, so you just got to get over it at the end of the movie. Like, everyone's dead. Morgan Freeman's dead. They've, like, posting his body as like, a billboard for don't come to this town. Right? Like, the kid. He's a big coward, apparently. And, you know, Clint Eastwood's had the crap kicked out of him six ways from Sunday. And it's just, and I'm like, I can't stand watching this. This is so bad. And I shut it off. What I didn't know was, was that's when the movie gets really good and makes all that, like, frustration worthwhile. And my brother's like, what do you mean you shut it off? I was like, yeah, it was so crap. He goes, no, you have to watch the end. So. And he was right. I rewatched it, watched the end. It was now it's one of my favorite films of all time. It was that good. So now I. I don't care how bad I don't like it. I watch until the end just in case it's good. Fortunately, divergent didn't, like, suck me in as, you know, like, unforgiven did. [00:03:05] Speaker A: But it didn't pay off for you. Well, yeah, I mean, it's. It is definitely a very, it's in the same genre as, like, hunger games and stuff like that, where it's. It's dystopian. And it's definitely geared more towards young adults and probably more specifically young adult girls. I remember reading it and it's, you know, yeah, you got a female protagonist. [00:03:20] Speaker B: And it's nothing wrong with having a. [00:03:21] Speaker A: Target audience, being you are an adult man. So I could see why I was. [00:03:25] Speaker B: Like, oh, yeah, I've seen this movie before. [00:03:28] Speaker A: Right, exactly. [00:03:28] Speaker B: When I was 14. [00:03:29] Speaker A: But yeah, as a 14 year old watching it, I was, oh, this is new to me, you know, and I think I was her for, like, I went to a conference. Not a conference, one of those conventions. [00:03:37] Speaker B: Yeah. [00:03:38] Speaker A: Like a knockoff comic con. Because I lived in central Florida and we didn't have a lot to do there. And I think I dressed as Tris from divergent. Yeah. Which is easy. Just wear all black. Get like a fake bird tattoo on your collar. Barn, or you're good. [00:03:50] Speaker B: Boom. [00:03:50] Speaker A: So, yeah, it was very easy and it was very appropriate. It was very like, you wear a leather jacket. You're all covered. So my mom was like, you can be Tris. That's fine. You're dressing like a nun. You can be Tris. That's totally fine. Um, so. But I. But I did enjoy it at the time. I can see why, though, it wouldn't be top of your list. But I'm glad you gave it a chance. [00:04:06] Speaker B: Yeah, I did. [00:04:06] Speaker A: I appreciate that you're willing to step outside your. [00:04:09] Speaker B: I'll watch the rest of it because I think there's another one, right? Isn't there's two more. Two more. [00:04:12] Speaker A: Yeah. [00:04:13] Speaker B: There you go. I'll watch. Just. [00:04:14] Speaker A: Yeah, that's right. [00:04:15] Speaker B: You have just to round it out. [00:04:16] Speaker A: You never read the books, so it won't. It won't be. [00:04:18] Speaker B: I never learned to read. [00:04:19] Speaker A: That's true. That's a really good point. And I know you're sensitive about that, so I'll try not to bring that up. [00:04:23] Speaker B: Thanks for kicking that wound open. [00:04:25] Speaker A: Yeah. So instead of having Daniel read the articles, we just, you know, we narrated them to him. [00:04:29] Speaker B: There's lots of pictures. [00:04:30] Speaker A: Yeah, we kind of broke it down for him, as we're going to do for you in just a moment. There are some pictures, some fun visuals for these, so we'll go ahead and jump in. If you're new here, we do a rapid fire segment where you run through some of the top stories this week, kind of give our lukewarm takes on the stories, and then we'll take a quick break, come back for a deep dive segment later in the show, so you won't want to miss that. Daniel, are you ready to rapid fire? [00:04:50] Speaker B: Let's do it. [00:04:51] Speaker A: All right, so this first one we've got, if you didn't know, PwN to own Vancouver, has been going on, and we have the results. A lot of stuff happened in both days. There was a Tesla exploit, an exploit hitting chrome and edge. And the way these work, I guess, is people go in and they purposefully try to find these bugs and exploits, and then you get money. Like the organizations pay. [00:05:08] Speaker B: You get big money. [00:05:09] Speaker A: Yeah. Like, I think they paid out over a million dollars at the end of the day, or they were close to it. [00:05:14] Speaker B: It's usually right around that there. And then someone, usually for. I know the last year, somebody won a Tesla. I'm not sure about the year before, and I don't think it's usually, like a model S or model P or. It's not the plaid version of anything. It's. It's the base, but still, that's a nice ride. I mean, that's. That's. No, that's nothing to sneeze at. [00:05:35] Speaker A: Oh, sure. [00:05:35] Speaker B: Right. But I thought it'd be kind of fun to just kind of see what vulnerabilities they discovered. And let's run through those real quick. So day one. Let's see here. We got anything good? Code execute the text again. Adobe reader. That's the first 150 grand for that one they got, but it was an RCE attack, so. Code execution, API restriction, bypass, command injection bug. Yeah. You got 50 G's and five master of PWN points. I'm not, I'm not 100% familiar with how they work their point system or anything like that, but. [00:06:09] Speaker A: Yeah, they had like a leaderboard. Yeah. So I guess. But I don't know if that means like, oh, if you've got the most points, you get like an additional cast prize or if it's like a bragging rights. [00:06:16] Speaker B: Right. Yeah, I'm, again, I'm. Even though I've been into hacking for a while, I've only ever tertiarily, kind of watched pone to own, so I'm not. But it has become more interesting to me here as a. So I'm gonna figure it all out. What else we got here? We got a $30,000.01 for a windows eleven talk to. Yeah. Oh, gotta love that. Talk to. Race. [00:06:36] Speaker A: Talk to. Yeah. [00:06:37] Speaker B: Man, that gets you every time. Weren't they, oh, and then. [00:06:39] Speaker A: Oh, so they've got successes and they list the failures as well. They were unable to get their exploit of Microsoft Sharepoint working within the time allotted, so they had one going. [00:06:46] Speaker B: So it's time sensitive. [00:06:47] Speaker A: That's interesting. I guess they'd have to be. Cause otherwise they could be like, oh, just give me three weeks. [00:06:50] Speaker B: Yeah, it's a six day attack. [00:06:52] Speaker A: And then bring me my money. [00:06:53] Speaker B: Just gotta wait for it. It's gonna happen. [00:06:55] Speaker A: Mail a check to my home. [00:06:56] Speaker B: We actually started the attack six days ago so it could finish today. [00:07:00] Speaker A: It's called planning. [00:07:01] Speaker B: Right. Planning for the future. That's all we give this. [00:07:03] Speaker A: But the next one, the Google Chrome web browser one, that one. They were able to execute $60,000 for that one. [00:07:08] Speaker B: Nice. It kind of looks like the use after free bug. Okay. Yeah, so that's, that's always fun. Yeah. [00:07:15] Speaker A: And then let's see. Escape VMware workstation 130,030 and 13 master pawn points. [00:07:23] Speaker B: This is a big deal. So it's against Windows. Right. You get system access, which is basically completely like you. You have pwned that hard? It is. It is your box at that point. So use after free and a heap based buffer overflow to escape vmware workstation and then execute. So it's like a chained attack. This was a big deal. That's a. That's a massive well for 100k. [00:07:47] Speaker A: Good for you. Congratulations. This is interesting. [00:07:51] Speaker B: The. [00:07:51] Speaker A: There's a bug collision. They were able to execute an attack, but the bug was already known. But you still get money for it. [00:07:55] Speaker B: Hey, gotta love that. [00:07:56] Speaker A: Get ten grand even though the bugs already out there. But you were able to carry something else. [00:08:00] Speaker B: Anybody that's done a bug bounty knows, like, they get, oh, this is duplicate. Duplicate, you know, and you don't get anything. Yeah, right. You get a letter that tells you you found a duplicate. At least here you're getting ten g's for your. [00:08:10] Speaker A: Oh, yeah. For your time. Yeah. [00:08:12] Speaker B: Still very impressive, though. [00:08:13] Speaker A: This one combined two bugs for 90,000. [00:08:16] Speaker B: For that 190 grand. Another one against Windows use after free to escape the guest os and execute code s system on the host OS. So this one's against virtual virtualbox from Oracle and chaining that into windows. Man, these people are smart. [00:08:34] Speaker A: Looks like somebody did win a Tesla. This next one said 200,020 master of PWn points and a new Tesla model three for. They used a single integer overflow to exploit the Tesla ECU with vehicle can bus control. I'm not familiar with that term. [00:08:49] Speaker B: So can bus is kind of like the system that the car speaks. Oh, okay, that's. That's. That's the. The language in which all these new cars kind of work on with their electronics and. And specifically their computer systems. [00:09:07] Speaker A: This might have been the team that did that last year. It says here, uh, syn active was the team. And in addition to the money, they won that Tesla model three, and it's their second. So they may have been the same team that I know. Somebody won one last year. [00:09:19] Speaker B: Yeah, I guess. [00:09:20] Speaker A: If it's a team, do you just divide up use of the car, you just like, you get it on Tuesday, or they'll. [00:09:24] Speaker B: And split the money. Yeah, or if one of them takes their winnings and say, I'll buy you out, you know, get the car? [00:09:29] Speaker A: That's true. [00:09:30] Speaker B: Yeah. [00:09:30] Speaker A: You can miss Tesla model three. Nothing to sneeze at. [00:09:33] Speaker B: Let's see, what else. Let's kind of run out of time here because we got more. Oracle virtualbox one for 20 grand, apple Safari browser for 60 grand. What else we got here? [00:09:45] Speaker A: Double tap exploit on chrome. [00:09:47] Speaker B: Yeah, another virtual band, man update. Virtualbox by the way, because the good news about this is they're going to take all these exploits and create patches for them. That's the whole purpose of PWN to own, is to get these high level exploit developers to come in, figure out some very. So that never makes it to the, to the public market because too many people out there finding zero days as it is and using them for nefarious purposes. Did you check out day two at all? [00:10:12] Speaker A: A couple of the interesting ones from day two, there were, I believe, two for Mozilla Firefox and they were zero days. So they were able to, they got 100,000 for those. [00:10:20] Speaker B: Nice. [00:10:21] Speaker A: And. Oh, jeez, they've got it. Look, I think the vendors have, what, a 90 day period after these are discovered to fix them? That's like one of the terms. But yeah, the missile Firefox ones were the ones that stood out to me because I am a Firefox user. [00:10:35] Speaker B: I am also a Firefox user. So, yeah, after I read these articles, I'm like, do I have any updates waiting? Let me. [00:10:43] Speaker A: No kidding. [00:10:43] Speaker B: Let me go ahead and hit that update now button. Right. [00:10:46] Speaker A: That's part of Technato. You just don't see it during the break. [00:10:48] Speaker B: Absolutely. [00:10:49] Speaker A: Uh, other than that, though, eleven, some. [00:10:52] Speaker B: Of the standard stuff. Obviously, it's the big dogs that are out there that, that are paying for these. So you should always keep an eye on what's going on. Pone to own, just to see, a, it's kind of cool to see those payouts b, see how crafty these hackers are to come up with these exploits. [00:11:07] Speaker A: Yeah. [00:11:07] Speaker B: And then see what do I need to be on the lookout for as far as my tech stack and keeping it updated. So always cool to see Pondo and. [00:11:15] Speaker A: Stuff and full of bug collisions. The only other one that stood out was the first docker desktop escape at Pondone. It's the first time they've had somebody do that at that, at that conference or at that festival. So $60,000.06 master pun points. It's really not, not a bad haul for a lot of these people. And looking at the leaderboard, I think the top person ended up pulling home 200k. So that's, hey, congratulations and doing it for a good cause. Absolutely. You're revealing these bugs awesome. But yes, we do have quite a few other things to get through. But that was a, that was a big event going on. So wanted to talk about that this next one. Conversation. Overflow cyber attacks bypass AI security to target executives. So credential stealing emails are getting passed the artificial intelligence email security controls and they're, they're doing this by, it's seemingly benign emails, but they're cloaking malicious payloads. But that is kind of what a phishing email is. It seems benign and yeah, but this. [00:12:03] Speaker B: Is kind of a fun and interesting, crafty way. I always look for something crafty, right? If it's, if it's like, oh, the run of the mill. Yeah, we've seen that, we've heard that. But when you see things like this, so what they're doing is they've got your email, right? Your normal phishing. It's, it's built to look like a fish, right? [00:12:23] Speaker A: Sure. [00:12:24] Speaker B: Or to be whatever. You know, if you're using Adobe reader, then we highly recommend you this. Or we're from the Facebook team or we're from whatever, right. Pick your fish. But AI has gotten really good at going, that's a fish, right? So they build in AI technologies and ML technologies into your AV, EDR, XDR systems to kind of go, I don't like what I'm seeing here. That's going to go in the garbage or in your spam folder or whatever the case is. Right. So hackers, as they do, they get crafty. So what do they do is they are, and that's why this is called conversation overflow. They put into the body of the message a conversation that you and I cannot see. [00:13:11] Speaker A: It's just like white text. [00:13:12] Speaker B: It's white text on white background, right. So it's there. The machine sees it as it looks at the email and it's just like conversation fodder. Like almost like Laura mipsum. Yeah, but in the, in the style of a real conversation, like use an LLM to generate, hey, make me a conversation between two people that would be in the vein of x, y and z topics. And then the other machine, when it gets it and looks at to see if it's malicious, goes, well, this obviously a conversation they've been having. This, this is legitimate. I need to forward it along. So it's bypassing the checks to keep it from getting into your inbox. And it's getting into your inbox, therefore more likely for someone to click on it, follow the fish and do the fish thing. So that's why I thought this was interesting conversation overflow. [00:13:58] Speaker A: And then I guess once they're, once they're past those security measures and it's okay, this looks like known good communication, so go for it. Then they can use that same thread to continue to send, hey, we need you to re authenticate. We need you to change your password and use it for other stuff. [00:14:10] Speaker B: Exactly. [00:14:11] Speaker A: Yikes. And this is something that, I mean, unless you were really looking for it, I guess if you get an email from somebody that's unfamiliar to you, you should always be double checking that because that happens, right? [00:14:20] Speaker B: Yeah. No, people just accept it like it's God's truth. [00:14:23] Speaker A: People just click links. It's crazy. But who's going to think to highlight the email and be like, there's some white text here, or, you know, I don't know. Would it show up that way if you were. [00:14:31] Speaker B: It might not even show up. It might be like commented out or anything like that. So it doesn't actually fill up your, like, where you get a long scrollable page or whatever. [00:14:37] Speaker A: Yeah. That's kind of scary. [00:14:39] Speaker B: Yeah. [00:14:39] Speaker A: Well, I haven't gotten any super long blank emails in a while, so hopefully this is not something. I doubt I would be a target for something like this. [00:14:44] Speaker B: But everyone's a target. That's true for everything. [00:14:46] Speaker A: You never know. [00:14:47] Speaker B: There is not like. Well, I wouldn't. You wouldn't target me? Yes. [00:14:51] Speaker A: You would steal a car. [00:14:51] Speaker B: They are targeting you and your mom and your dad and your brother and your aunt that lives down the street and her cousins friend from the gym. Like everybody is a target. [00:15:01] Speaker A: Yeah. Sounds like a conspiracy. But it is true. There was somebody in this article that said, when I find these, usually they're targeting upper management and executives, but now seeing it more often and in different environment. Different environments. So keep an eye out for that. You never want to fall victim to something like that. Uh, use of QR codes has jumped up in malicious emails. So, you know, you can use AI to fight those threats, but it's not always going to get the job done. You're always. You're always going to need the human touch. [00:15:25] Speaker B: Exactly. So, yeah. [00:15:26] Speaker A: So we'll go ahead and move on. I'm very excited about this next one, in part because it's part of one of my favorite segments, do Ramey Faso Latino. So do. Yeah, it was pretty good. It was pretty good. [00:15:38] Speaker B: Yeah, it was good. [00:15:38] Speaker A: I've been working on my voice actor. [00:15:39] Speaker B: So I'm really excited about this one because I forgot to read the article. [00:15:42] Speaker A: Well, take your time. So. [00:15:44] Speaker B: Yeah, no, what I meant to say was, is I wanted Sophia to have plenty of time to discuss this because this is an article she was very interested in having on the show. [00:15:52] Speaker A: If I had written the title for this article, I would have said, like, cozy bear goes fishing for dinner. Because what? This is a russian of cyber spies. Really cozy bear. You might be familiar with it. I'm familiar with it. I have a cozy bear action figure. That is a true statement. I got this at black hat 2023. So last year came in a cool box. I got this from crowdstrike and I was very proud of it. It's the one thing I brought home from swag. No, you had to, like, win it. You had to do, you had to go talk to like four people for like 20 minutes each and get like a trading card from them and then turn in the trading cards to get one of the figurines. I probably spent like 2 hours at that booth and it's. I mean, it's a booth. It's a giant. Giant. [00:16:29] Speaker B: It's massive. Yeah. [00:16:31] Speaker A: Damned if I wasn't gonna get this. [00:16:32] Speaker B: You were bringing that home. [00:16:33] Speaker A: It's been sitting on my desk. [00:16:34] Speaker B: Tell me about the service. [00:16:35] Speaker A: Anyway, yes, cozy bear. So wanted to show that, but yeah, so also known as apt 29 midnight blizzard. What they're doing is phishing german politicians or political parties with emails that look like dinner invites, but they are phishing emails. Crazy how, you know, nobody's immune to this. Right. [00:16:50] Speaker B: That's a clever fish, though, I think. [00:16:52] Speaker A: Sure. [00:16:53] Speaker B: Because this is a common way in which politicians kind of network with each other is through, you know, dinners and speaking events. [00:17:02] Speaker A: Yeah, absolutely. And I guess I would be curious to know. So they're using something called wine loader. It's a backdoor. And they, I mean, they've dubbed it wine loader. That's the name they give their malware. So that's, that's, it's not the first time they've used that, but supposedly this is the first time that this specific group has targeted political parties and been linked to that. I thought this was something that they did consistently, that political parties or political entities were one of their targets. So I guess maybe I had that wrong. [00:17:24] Speaker B: Um, yeah, I'd have to look into, like, their history to verify that. I mean, I'm sure the register did all their fact checking and 100%, you. [00:17:33] Speaker A: Know, gospel of Paul, nobody ever makes mistakes. [00:17:36] Speaker B: No. Or writes articles that they need to retract information from. [00:17:41] Speaker A: So if you, if you got an email like this, if you were one of these german politicos getting an email like this, it would look like, oh, I've got this invitation. Uh, you're trying to click on a link that confirms that you're up for those cocktails and it will link you to a hijacked cozy, bear controlled website, waterfor voiceless.org, which downloads a zip file marks to then open the archive and its context contents would then execute that program, infecting the pc with that. [00:18:03] Speaker B: Do you know why they do a zip file? Almost invariably, people always open them so because if you do, like just the exe, unzipped, uncompressed, the browsers even go, hey, you're downloading an exe. [00:18:15] Speaker A: It's kind of sus. [00:18:16] Speaker B: And that's some sketchy stuff to do. Stuff to do on the Internet. Probably not a good idea. It's going to start tattling on it and say, and make people go, oh, I didn't know that was a sketchy thing to do. It's like you're downloading things from the Internet. It's a sketchy thing to do. I don't care if it's a zip file. And I should complain about zip files, honestly, I should complain about anything you download. Are you sure? Are you sure? Sure. Are you sure that you're sure that you're sure that you know that this is legit? Because I have it on good authority that sometimes it's not. And that goes sideways quickly. [00:18:48] Speaker A: Yeah, you really got a double, triple, quadruple check that stuff. So if you are a german political watching this, and you received an email invite for a dinner, a CDU dinner on March 1, it's not real. Do not click the email. [00:19:00] Speaker B: So I. Fun fact, I have set up, for the purposes of opening email, a sandbox. Oh, that's. And that's where I open my emails. Oh, I do not open them on my production store. [00:19:11] Speaker A: Explain why none of my attacks are landing. [00:19:12] Speaker B: I mean, it might land, but it's gonna be on a nothing burger. [00:19:16] Speaker A: That's true. [00:19:18] Speaker B: You got. And you got nothing. Because then I just. So, and I keep it snapshotted. So I just revert after everything. So anything that did get is now gone. [00:19:28] Speaker A: Oh, see, this is why I've got like a built in mentor here that I get to just learn just by observation. It's great. [00:19:35] Speaker B: That's right. I had, the protestant work ethic is not dead with me. I do the hard thing the hard. [00:19:41] Speaker A: Way and thank God for it. [00:19:43] Speaker B: For the purposes of being safe, he's. [00:19:45] Speaker A: Keeping that culture alive single handedly, probably. German politicals are not our target audience here. But in case you are. Hey, now, you know, this next one, though, might be a little bit more of concern to you. There is a flaw. They're calling it the unsafe lock flaw can let hackers unlock millions of hotel doors. So this is something that I think this is unique because you missed. [00:20:03] Speaker B: This was a segment. [00:20:04] Speaker A: Oh, it is a segment. You're right. What's the segment? [00:20:07] Speaker B: Pork chop sandwiches. Pork chop sandwiches. Pork chop sandwiches. [00:20:17] Speaker A: Just letting it so good. This just didn't hear, like, pork chop sandwiches. And then I forgot. [00:20:22] Speaker B: Cause this is, this is my Internet history. Like, I remember when it came out, which is where this comes from. Right. It was me and Todd. [00:20:28] Speaker A: I didn't mean to skip it. We don't get to do pork chop sandwiches very often. I'm glad you caught that. [00:20:31] Speaker B: Only a pork chop. Because you're like, what the, what the. [00:20:35] Speaker A: That is, that is basically you can do what with what? Now this is vulnerabilities that were just disclosed recently that impact 3 million safe lock, electronic frid locks. [00:20:44] Speaker B: RFID. [00:20:45] Speaker A: RFID locks, excuse me. In 13,000 hotels and homes worldwide. So if you can forge a pair of key cards, you can get access. And this is interesting because these findings were first disclosed privately to the manufacturer a couple years ago, which makes sense. Which makes sense. [00:20:58] Speaker B: That's a smart move, right? [00:21:00] Speaker A: You don't want to just be like, hey, guess what? [00:21:02] Speaker B: You can get into the hotel rooms. Yeah. [00:21:04] Speaker A: Just check into whatever hotel room. Yeah. This is just recently, they're publicly disclosing this now. Um, and there's no specific instance where they can say, oh, we know this has been exploited in the wild, but technically, the window that this exploit has been available is upwards 36 years. So the odds, you know, of something happened. [00:21:24] Speaker B: What does that tell you about that industry? They don't do a lot of updating to their system. [00:21:29] Speaker A: Yeah. [00:21:29] Speaker B: Right. In their mind, it's not broke, so don't fix it. What's the like, I'd have to retool, have to re engineer and everything like that. So this is why IoT has historically gotten such a bad rap, right, is because they build something and it works. What's the problem? You bought a product, it does what it says it's supposed to do. Yeah, but you didn't like. And then updates when, when, and then, you know, and now I'm just vulnerable and you get the idea, right. So that, that's the problem is when we just kind of set it and forget it, Ron Popeel style, that gives the, the hackers out there time, then that's, that's their greatest asset, is the time it takes to find the flaws and then exploit them. And they're not, they're running a red flag up to, you know, sometimes they do because they sell stuff on the dark web, like, hey, I'll show you how to access hotel rooms, get buck wild and start pilfering the pockets. Anybody that's in a hotel or, you know, installing bugs or you could be, I'm sure, like, I would. I would not be surprised to know or to find out if, like, we had the ability to find the cell. That nation states have known about this for years, and their spies are utilizing this to gain access into people's rooms, plant bugs, access laptops, mobile devices, things of that nature that you think are safe because they're in your room and have been. And now they're like, son of a, we gotta come up with something new. [00:22:47] Speaker A: I mean, you could really go down a rabbit hole with. With what would be. Cause you're breaking into a room at that point. It, on the tame end of it, people could be just breaking in and stealing stuff. Yeah, you could. You know, I don't know if I'm in a hotel room and somebody's breaking into my room, I'm concerned for my safety. But then, yeah, absolutely. On a bigger scale, nation state type stuff, you know, spies and planning bugs. And this was something that, when it was first reported, the only reason that they were able to discover this, there was a private hacking event in Las Vegas. And this team of researchers got invited. And it was basically you're competing to find vulnerabilities in a hotel room and any devices in there. They focused on the door, the lock, naturally, right? [00:23:18] Speaker B: Yep. [00:23:19] Speaker A: And that's the only reason they were able to find the flaws, because they went to this event so good that it was discovered in a controlled environment. [00:23:24] Speaker B: Seems like we should have more of these. Like, hey, can you find some flaws hacking event style? [00:23:28] Speaker A: What do they call that? When you, when you, like, go in and purposefully try to find flaws, but you're a good guy. [00:23:34] Speaker B: It's basically just a bug bounty. [00:23:36] Speaker A: Would that be a form of pen testing? [00:23:38] Speaker B: No, I'm not necessarily. So a pen test is a specific thing where you're like, hey, you've got a week long engagement. We're probably going to do assumed breach. So you're going to, you're going to run a vulnerability scan. You're going to check to see what those vulnerabilities are, and then you're going to test for exploitation of said vulnerabilities. You have very small amount of time to make that happen. So you're trying to get as many vulnerabilities as you can verified. You write a report, you turn that in, right with mitigations as well. So this is more like we want to know. This is security research. We want people that are smart, that know these systems. Come in, we're going to pay you if you find flaws. So that's why it's more of like a bug bounty, responsible disclosure kind of idea. I think most people call this like a bug bounty. Okay. [00:24:24] Speaker A: Okay. Interesting. I'm glad we clarified then. Cause I, you know, it's good, it's always good to learn. Uh, but yeah, if you're willing, if you got a couple hundred dollars and a couple key cards, you're willing to carry out that attack, you could probably, uh, get into several million rooms. So good that they're taking care of this, hopefully. They've already kind of worked on fixing this since it's been a couple of years and they're just not publicly disclosing this. [00:24:42] Speaker B: Absolutely. [00:24:44] Speaker A: That was interesting. All right, we'll have to see if Daniel's got any more voices for us. Uh, this next one's interesting. Comes to us from Bitdefender. German authorities take down darknet marketplace, nemesis markets. [00:24:55] Speaker B: We're all about the Germans today. We are. [00:24:57] Speaker A: Yeah. Weird coincidence. We didn't do that on purpose. [00:24:59] Speaker B: It just. [00:25:00] Speaker A: Yeah, I don't know, it's a german holiday or something. [00:25:01] Speaker B: That's right. I don't know what's going on for Oktoberfest, I guess, but this is on. [00:25:05] Speaker A: The other side of it. There's german politicos maybe opening some, opening some emails they shouldn't have on this end of it. German authorities seizing some server infrastructure of this darknet marketplace and shutting that down. Hey, good to see, good to see. This is on the good side of it, right? Not really. Behind bars. No arrests have been made, but, um, they confiscated close to €100,000 in cryptocurrency. They're just still investigating. No arrests have yet been made. [00:25:27] Speaker B: I wonder what they do with that money. [00:25:28] Speaker A: Yeah, do you think they just take it as a donation to the department? [00:25:31] Speaker B: Like, I think eventually, yeah, that probably becomes like state money that they allocate for. Like maybe the law enforcement agency that did all the work, it goes to them and then they can, you know, buy new equipment or whatever the case is, invest in training, whatever. [00:25:46] Speaker A: Right. Because if this was stuff that, you know, oh, it's 90,000 €94,000 in cryptocurrency that was paid to them to carry out illegal stuff that was going on. Well, you're not going to return it to the people that paid it. [00:25:55] Speaker B: Yeah, and it sure as heck doesn't go well. We'll offset that from the taxpayer, right? [00:26:00] Speaker A: No, no, no. [00:26:01] Speaker B: You keep paying them taxes now because money is Germany. [00:26:04] Speaker A: Maybe it's different. I don't know. I'm not familiar with how. How the German, you know, political system works. I'm not as. As well versed in that. Um, so, yeah, a lot, a lot of different crimes that were going on here. You know, drug trafficking and things like that. Um, as well as probably some. Some worse stuff. Not just narcotics, but fraudulently obtained data and goods as well as ransomware, phishing distributed denial service attacks. [00:26:26] Speaker B: Don't you love hacking as a service? [00:26:28] Speaker A: Isn't it great? Yeah. I mean, clearly there's money in it. [00:26:30] Speaker B: I don't know. [00:26:30] Speaker A: Maybe we're in the wrong field. I'm kidding. [00:26:32] Speaker B: No, we are not in the wrong field. [00:26:33] Speaker A: We are not in the wrong field. [00:26:34] Speaker B: They are in the wrong field. [00:26:35] Speaker A: Use your powers for good. Um, so, yeah, so this is good news. They. They were able to take down this, seize this website, and maybe we'll see in the coming weeks some arrests get made and we'll have a lovely behind bars segment. But speaking of segments, we know you love those segments here, we've got another one here. This one is Deja news. [00:26:52] Speaker B: Deja news. [00:26:57] Speaker A: It's a nice little fun little song. I actually don't know what song that is, so I'll have to google it. [00:27:00] Speaker B: It's Beyonce. [00:27:01] Speaker A: Is it really? [00:27:01] Speaker B: Yeah. [00:27:02] Speaker A: Okay, well, that. Yeah, I'm not a big Beyonce listener, so that would explain it. [00:27:05] Speaker B: Queen bee this. Queen bee. [00:27:06] Speaker A: Never thought I'd hear you say that. [00:27:08] Speaker B: This is not Taylor Swift. [00:27:09] Speaker A: I never thought I'd hear you say that. So you might remember we've covered in the past weeks some stuff going on with the. I'm just gonna say c I s a because people pronounce it differently. And some evangelical. [00:27:19] Speaker B: You don't want to start a religious. [00:27:20] Speaker A: I'm not trying to get. Yeah, people. People can get mad, man. [00:27:23] Speaker B: It is so funny. The things that people will latch onto. Like, like, that's the hill I'm gonna die on. Whether or not it's sissa. Sisa. [00:27:31] Speaker A: It's not debian. It's debian. Yeah, like, yeah. [00:27:36] Speaker B: Who cares? You know what I mean? You know, let's not. [00:27:38] Speaker A: You got the point. So this was another advisory that was issued about a remote code execution vulnerability in avanti standalone century. And this is not the first time that this organization has issued a little advisory. [00:27:51] Speaker B: It's been like, kind of like a pow, pow, pow. Like this is what, week three we've talked about Avanti. [00:27:56] Speaker A: Yeah. Cause it was what they. They were like, hey, there's this flaw. [00:28:00] Speaker B: I think, before that. So we had. Right, there's. There was a cv that came out super, like, uh oh, this is no good. Big. High on the scale. Then we saw Slicer Sisa, whatever the hell they are. They get popped by the one that they told you you better update for. Right then we had another one last week, which was a. Was a big deal. And then we got another one this week. I don't know what the hell's going on over Devante, but they need to get their shit together. [00:28:24] Speaker A: I was gonna say maybe they're. They're going through like a. Everybody's on vacation right now. [00:28:27] Speaker B: I think that because, you know, like a large. A lot of large corporate entities, they tend to buy things instead of build things. [00:28:34] Speaker A: That's a good point. [00:28:34] Speaker B: Right. And that could be. That could be part of the problem. I'm speculating here. I don't know, I'm just, you know, thinking out loud. So I know they have purchased software in the past and made it a part of Avanti's suite of products. So they could just be inheriting flaws from some recent purchases that are now making themselves known, because now they have a larger target on their back. You might. You might have been really good in your space and that's why you got purchased or acquired by a larger company like Avanti. But because you're now Avanti. Avanti has a larger market now you're. You start to see what happens. Now you get targeted, more flaws are going to be more readily discovered and it has a cascading effect. So. [00:29:16] Speaker A: Right. [00:29:17] Speaker B: Maybe that's what's happening here. [00:29:18] Speaker A: Yeah. It's a theory. [00:29:19] Speaker B: It's a theory. [00:29:20] Speaker A: Yeah. Because we don't have a ton of information other than. [00:29:22] Speaker B: Other than rot Ro. [00:29:24] Speaker A: That's really all that. The only other information they. I mean, they, you know, talked about how it worked. An unauthenticated threat actor can execute arbitrary commands. Not. Not a great thing. You know, you never want to hear that. But the other thing they said was, we are not aware of any customers being exploited by this vulnerability at the time of disclosure. We are not aware. So, big difference between nobody was affected and we don't think anybody was affected. [00:29:42] Speaker B: Right. [00:29:43] Speaker A: So I guess it'll be, again, all. [00:29:44] Speaker B: About the terminology, right? How they. How they frame it. It does make me think, because a lot of these things have a proof of concept codes out there, like in GitHub. And stuff. I've been messing around a lot with metasploit, like really diving into the guts of metasploit and maybe I'll use this as a way. Maybe I'll attempt to create a metasploit module for exploit against the CV. That could be fun. That could be a good challenge for myself. [00:30:06] Speaker A: I'd be interesting to. It'd be interesting if you did that, to get like, updates every week on how that's going and then the progress. So, yeah, if I have the time. If you're a busy man, I understand that you've got things to do, places to be, people to see. The vulnerability has been awarded a critical severity score, 9.6 out of ten. So you can see my giant yellow cursor pointing that out on the screen. [00:30:25] Speaker B: Is it sad that we get jaded? We're like, well, it's 9.6. [00:30:29] Speaker A: Yeah, yeah. .6. It's really not that bad. [00:30:31] Speaker B: It's still bad. It's still very bad. [00:30:34] Speaker A: We were looking at one earlier that was like, oh, it's only 8.2. [00:30:37] Speaker B: And I'm like, I saw 7.3. And they were like, it's actively being exploited. [00:30:40] Speaker A: Yeah, it's not that bad. It's still pretty bad. I mean, you know, but, yeah, we've. [00:30:45] Speaker B: We've been warped. If you say so. [00:30:48] Speaker A: And like we mentioned, this disclosure follows the mass exploitation of those other Avanti connect secure VPN vulnerabilities. So it will be interesting to see how much more. I'm sure this won't be the last we hear of this. I mean, I hate to be cynical, but there's got to be more coming. Maybe we'll get more information. It'll be good stuff. [00:31:02] Speaker B: Tune in next week for another episode in Avanti is having trouble this week. [00:31:07] Speaker A: On who got exploited. [00:31:08] Speaker B: We do have trouble this week in Avanti got exploited. [00:31:11] Speaker A: They'll have their own segments. Yeah, it'll be like techno royalty. Well, we've got one more article we wanted to jump into here, and this is probably one you've seen a lot about. A vulnerability in Apple M series chips could expose encryption keys and harm performance. And here's the kicker. It is unpatchable, as far as we know. So vulnerability in these series M chips impact performance is possible, but the leaking encryption keys is the thing that stands out to me, as well as the fact that it supposedly doesn't have a fix, or not even that it doesn't have a fix yet, but that you cannot fix it. [00:31:41] Speaker B: We'll see what happens. I mean, you know, that could just be sensationalization, like, oh, sure. I mean, what's Apple going to do? They're going to throw all their chips in the. In the dumpster and go, well, we tried, guys. This was fun. Yes, I highly doubt it. They're. They're gonna retool, they're gonna refactor, and they're gonna figure out what they can do to make this, or they're gonna come up with some other, like, secondary security control that you have to bolt on. [00:32:06] Speaker A: Yeah. [00:32:07] Speaker B: Right. You might not be able to mitigate it within the chip, but maybe you can do something outside of the chip. There's no way that. I mean, I could be wrong. I'm not a perfect. I don't know everything about everything, but it just seems improbable. [00:32:21] Speaker A: If any organization has the means to fix something like that trillion dollar company. [00:32:25] Speaker B: That is Apple, it would be an organization like that. [00:32:27] Speaker A: Yeah. I feel like when something like this comes up, if it was like a mom and pop or even just a slightly smaller organization. Yeah, it might be. You might be in trouble, but Apple, they'll figure it out. So it's a vulnerability dubbed go fetch by some academic researchers at institutions across the US. Leaks cryptographic data from the cpu cache, and hackers can use that to piece together a cryptographic key. Well, that's fun. [00:32:45] Speaker B: Side channel attacks. They are fun. [00:32:47] Speaker A: Yeah. Microarchitectural side channel attack, which is a lot of syllables. So the reason that it's micro architectural is because it relies on the micro architectural design feature that's only found on these chips and on the intel's Raptor lake, I guess, is the other thing that this is found on. [00:33:03] Speaker B: I didn't see that part. [00:33:04] Speaker A: At least the design is. I don't know about the gotcha, but that type of design is used on these chips and on Intel's Raptor, only. [00:33:10] Speaker B: Found on Apple M series chips and intel's Raptor Lake microarchitecture, intended to reduce memory access latency. A common cpu's bottleneck. [00:33:17] Speaker A: There you go. [00:33:17] Speaker B: Trying to speed things up. Well, you know what they'll do is they'll take that out. [00:33:21] Speaker A: Yeah. [00:33:22] Speaker B: It will slow down the chip. Right. And then they'll figure out a different way of doing it. And then they'll reintroduce that into the new chips in progress. That seems to be like what it probably will do. I'm not a chip designer. [00:33:35] Speaker A: Yeah, it's not. It's not the end of the world. You know, it's. I mean, it's it is a little concerning because they're, the fact that they're saying it's unpatchable tells me at the very least, well, there's not a patch for it right now. It's, you know, not only is there not a patch for it now, but it, they don't think that it can be patched. But like you said, never say never. Uh, we'll have to see if there's any updates that come in. [00:33:53] Speaker B: The real question becomes, is that do I have to worry about this as an end user? And it's probably not, because usually with things like side channel attacks, you have to like, uh, I mean, it's possible you could get someone, if you can do it in software where you get somebody to download something and that can affect the processor, that is possible. I don't know if that happens here, if that is possible here, but that is possible with other side channel attacks. Uh, but other than that, you probably have, have to have access to the machine itself. [00:34:20] Speaker A: Yeah. The, the, uh, kind of not workaround, but sort of mitigation that they recommend is, um, try to mitigate the potential damage using third party software. Uh, but doing that, if you integrate this extra, larger protection, it may take a toll on the encryption and decryption performance. So your efficiency, like you said, might lack. But hey, you got to make that decision. [00:34:39] Speaker B: Pros and cons, ladies and gentlemen. [00:34:41] Speaker A: Do you want it to be efficient or do you want it to be secure? [00:34:42] Speaker B: You want it to be easy or do you want it to be secure? [00:34:45] Speaker A: You gotta, you gotta scale. [00:34:47] Speaker B: Shows up all the time, doesn't it? [00:34:48] Speaker A: Balance that out. Well, I think that's going to do it for our rapid fire segment. Definitely a lot of good stuff going on this week. If there's anything we missed, anything you wish that we had covered or that you want us to cover in the future, let us know in the comments. [00:34:57] Speaker B: But feel free. If you see something like comment on last week's or whatever the most current one is and say, hey, did you see this? Do you say, we'd love to hear like what you guys are interested in as well. So, yeah, feel free to comment that down in the comments below. [00:35:11] Speaker A: There is, that was interesting. There is a lot that happens every week, so there's always a chance that we'll, we'll overlook stories. So we'd love to hear what y'all want to see from us, but we are going to take a quick break so that Daniel can finish his energy drink and I can, you know, sleep for about five minutes and uh, wow. [00:35:28] Speaker B: So sweet. [00:35:31] Speaker A: But don't worry. We will be right back with our deep dive segment here on Technato. Tired of trying to schedule your team's time around in person learning? Isn't it a bummer to spend thousands of dollars on travel for professional development? What if we said you can save money and time and still provide your team with the best training possible? The answer to your woes is live online training from ACI learning. With live online training, we provide our top in person courses in private online instructor led formats. You get to provide professional development in a manner that fits today's expectations. Entertaining, convenient, and effective. Our exam aligned courses inspire the full potential of your team. Visit virtual instructor led training at ACI learning for more info. Welcome back to Technado. Thank you so much for sticking with us through that break as we teased earlier in the show. We are going to get into our deep dive here in a second. And, Daniel, this is something that. It's a little technical, so you might have to kind of help me out here. Is that all right? [00:36:25] Speaker B: Well, I mean, that's the whole purpose of the deep dive, right? [00:36:27] Speaker A: I just mean, like, I don't have a ton of background information. [00:36:29] Speaker B: We're okay. [00:36:30] Speaker A: We're talking about Python, and I'm not a python girly. [00:36:33] Speaker B: That's okay. And that's okay. If the viewer out there is also not a python person, I will. Anything you see that looks interesting that I'm not talking about, you can be like, hey, Daniel, real quick. [00:36:42] Speaker A: Oh, good. [00:36:43] Speaker B: What the hell is that? You assumed I knew this, and I don't. [00:36:47] Speaker A: So I don't know what happens when you assume you're right. [00:36:49] Speaker B: Percent right every time. [00:36:50] Speaker A: All the time, every day. [00:36:51] Speaker B: Every day. [00:36:52] Speaker A: Well, we did. This isn't the first time we've talked about python in a deep dive. Uh, and there were some terms used throughout this that. That are kind of similar, but it is a different attack. So we'll start from the beginning before we get too deep into the weeds. Over 170,000 users affected by an attack using a pa, a fake python infrastructure. And they've got a lovely little image. [00:37:10] Speaker B: I love the AI generated art here. This. [00:37:13] Speaker A: Very cute, very nice kids Halloween movies. They're cute, but the attack's not cute, is scary. [00:37:17] Speaker B: So it's very effective, too. [00:37:20] Speaker A: So, the cliff's notes, this is something that there was some top GitHub contributors that were affected by this, and that's part of why this is such a big deal, right? [00:37:28] Speaker B: That's correct. And because of who they were, it gave. What's the word I'm looking for? It made this seem reliable. It seemed like, oh, yeah, well, I can trust that this is good. And that's why we would call this, like, a supply chain attack, because of where it came from and who it came from. It made this be like, oh, yes, this must be legit. So that's. That's why this is kind of like the scary world on fire kind of thing. Now, it only affected 170,000 people, or python users, but who were those 170,000 users? Right? They could be big companies. And then it finds you start to get the idea, it becomes exponentially a problem. Even though it was only 170,000, you know, we're not looking at 70 million data breed, blah, blah, blah. So it still is a big deal. [00:38:18] Speaker A: Yeah. The way they describe it is a silent software supply chain attack, which stealing sensitive information from victims. A lot of S's in there, which I guess makes sense. Python, that's my contribution. [00:38:30] Speaker B: Can you see the pain right here in stitches here. [00:38:34] Speaker A: I did my best. There's a little testimonial that they include here. Testimonial is probably not the right word for it, but there was. [00:38:41] Speaker B: If you haven't been hacked by a pie. Pie chain tech. [00:38:44] Speaker A: Oh, boy, you just have. I do recommend. But this guy was. This person was a security researcher who fell victim to this attack, and using his laptop, messing around, saw a weird message on his command line, kind of ignored it because, you know, it was nothing he wasn't used to. Then he got the same error message in a different script, and he said the second he saw that, he knew, he got hacked. So that would be kind of scary to have that realization. Uh, and this is just one of the people that was affected, but to know that it's a security researcher, that's kind of scary. Yeah, it's not, like, just a random dude. [00:39:11] Speaker B: Well, that, you know, shows you how effective their camouflage was to bypass any scrutiny that would come their way to go. Oh, man. Uh, I I'm a security researcher, and I didn't catch it. How in God's earth are you supposed to have gotten this thing? Because, you know, I do love how they figured it out. This is. I was using my laptop today, just a regular messing around with python and other stuff on my command line until I see a weird message on my command line saying that there's something wrong with Colorama and Python. I didn't care much because I'm used to this stuff, so I just skipped it. Sounds like what you should do every time, right? A few minutes later, I get the same error message but in a different script I'm using. The moment I see this, I knew what was going on. I got hacked. So good for them for like, throwing it out there, like, hey, I'm not a perfect person. I can fall prey to these things as well. So. But, and because they raised the red flag, now we can start mitigating, right? We can start actually doing something about it. [00:40:09] Speaker A: Yeah, absolutely. But, but, yeah, to your point, if this security researcher fell victim to it, man, I'm certainly not safe. So if he didn't even catch it, I don't know what that means for me, but, uh, it kind of goes into, it talks about, like, it uses a fake python mirror. Now, one of the things that, when we talk about these attacks, they go into detail about once you're in there, how does this work? What is it that they're doing? Yeah, but one of the things that interests me is, okay, well, how did they even get to that point in the first place? What was it, what was their initial point where they were able to get access to what they wanted? [00:40:36] Speaker B: And you, you, you kind of kicked on it right there really quickly when you said the fake python mirror, that's where it began. [00:40:43] Speaker A: Okay. [00:40:43] Speaker B: Okay. So if you're not familiar with pypy, pypy is a really cool thing. It's a repository of python modules, functions, things that you can do, and you can import them into your python scripts. You don't have to reinvent the wheel. I already got something really cool. And you notice. Did we mention Colorama already? I think briefly, yeah, I just did when we were reading the thing. So I actually pulled up Colorama in pypy. So here it is, very simple, straightforward. You do a pip install colorama. It pulls this and downloads it. And now you can have that functionality available for your scripts. So it installs it into your system. And once it's there, when I'm writing a script, I can import colorama. [00:41:25] Speaker A: That's kind of nice. [00:41:26] Speaker B: Really cool. [00:41:27] Speaker A: Yeah. [00:41:27] Speaker B: Any of the functionality that's built into Colorama, I now have access to within my own script. I don't have to build that from scratch. It's already done for me. Right. And there's the download. So if I wanted to download the package, I can grab those. I got a source distribution. I got a built distribution. It's really, really nice. So this is used by many Python programmers to, again, so they don't have to spend time reinventing the wheel. The fake python mirror. What that does is, you'll notice right here, this is where we want to kind of settle in. You'll notice it says files, and you'll notice that this is kind of obfuscated, so you can't click this as a link. Miles dot pypyhosted.org dot. And this is a typo squat, as we can see right here of the official Python mirror. So this is a fake mirror. So what I want to do is if you're searching for Colorama, I want to get SEO to where you might find my malicious package and not the official package. Aha. Right. So I build this thing using the right terminology, the right basically phishing lure, so that as you look at it in your search results, you might get my malicious. So basically I just clone Colorama because it's open source and I bake in malicious stuff. I put it back up. I call it Colorama, and no one's the wiser. [00:42:49] Speaker A: Right. [00:42:50] Speaker B: So that's what happens. They use a clever type of squat because this files dot python hosted.org is the actual right versus taipi hosted.org. There's also another one we'll look at that. We'll make sure to remember there's another type of squat that they used as well. So very crafty type of squatting attacks that they used to make this actually work. So any prying eye you look at the, in your eye would glance over that and go, yeah, pypy hosted. That's right. [00:43:19] Speaker A: Yeah. It comes right from the is. I mean, that's, that's an official name. It's an initial term. It's not like it's python with a. [00:43:24] Speaker B: Typo, like, but files dot pypy hosted.org is not affiliated with pypy. [00:43:30] Speaker A: Right. [00:43:30] Speaker B: That's, that's where they grab you. So what ends up happening is the. You said initial access, right? How did they get into this? What ended up happening was, is that this user that had a lot of access to a lot of things, like top dot GG. Right? They are, right? Is that the name of the. I don't use. Yeah, top GG, which is a repository for, I want to say bots for discord. They're bots for discord. So if you want to, you want to implant a bot into your discord to tell people, hey, here are the top ten songs I'm listening to, or whatever, there's tons of them that you can just kind of use. They have access to that. They also had access to a GitHub repo. They were able to get their fake colorama onto this user's account. They infiltrated this user's account with their malware and then they were able to, because this malware is a stealer, it stole a session token. Then they could use that session token to impersonate that user. Log into GitHub as that user, log in the top GG as that user, and start to promote and star and do all sorts of fun stuff as that user. So that was the main initial access. They have the fake mirror. That was step one. Step two was now we got a heavy hitter and we can utilize that. Masquerading as them being not just me, max rate, we are them as far as the system is concerned. By sealing that session token now we can start dropping our malicious package in legitimate repos and saying, oh, I'm going to modify like the requirements TXT file so that it grabs our malicious package of Colorama and not the actual package of Colorama. [00:45:09] Speaker A: Something that was, they talk about here is something requirements TXT, which I guess is we kind of talked about this. This has a whole bunch of stuff in it that if you just run that, it'll download a bunch of stuff for you. So you don't have to go in and manually do, do a whole bunch of stuff. But even if you go in and look at what's in that file, looking at it, there's not the only difference between these two files. The one that's legitimate, the one that's not, is just that pie py versus python. The rest of it is exactly the same. So even if you went in and looked at it to double check, you might be like, oh yeah, that looks right. You know, it's not like it's, you know, my bad. [00:45:40] Speaker B: Malware.com. [00:45:41] Speaker A: Like it's not like it's something obvious. So even if you're doing your due diligence, it'd be really easy to just slip right over that. [00:45:46] Speaker B: That's exactly right. Or the people that just don't look at those things and they just pip install dash r requirements txt and hit enter. Oh, it did it. I see the little download bar. Look at that. Oh, that's fun. And it did the thing right. To your point, we could take a look at that. My main man Christian's got me right here. So this is what Sophia is referring to. This is the requirements txt file. You can see update of requirements txt and this is what it looks like. And you can see that this is grabbing from pythonhosted.org for this package. This one also grabbing pythonhosted.org and slash packages. But right here, pypyhosted.org packages. And we can see that it is Colorama. This one's grabbing requests, this is grabbing the actual colorama and then pretty able, which is for like beautifying your code and this pretty printing and doing that kind of stuff. Or pretty table. This is pretty table, not pretty able. So maybe I'm different, maybe it's a different thing. But colorama is what's important. These are the differences between the good package here in green and the bad package here in red. So if you're not looking at what's in your requirements txt file, you, you, and you'll notice it downloaded both. It didn't just grab the one, it grabbed both. And then from there you'll probably, the purpose is to try to get you to utilize and import the wrong thing even though you actually downloaded the right thing. [00:47:10] Speaker A: Well, yeah, because I guess then if you go about your business and it looks like, oh, everything downloaded correctly, there's no, well, that's weird. The file I wanted looks like isn't there, it's there. What you wanted has downloaded. [00:47:22] Speaker B: Colorama is a highly popular tool with 150 million plus monthly downloads. [00:47:27] Speaker A: Geez. [00:47:28] Speaker B: Monthly downloads of 150. So this is something that gets used a lot. Now you start to see the exponentiality of this type of attack because even. [00:47:37] Speaker A: If only a fraction of those downloads, you know, were, were folks that, oh, I was looking to download this and I downloaded the wrong thing. That's still a lot of people, right? So, geez, that's not us, that's not concerning. So if you're able to get, if the threat actor is able to get somebody to, you know, visit this, this fake mirror that they've set up and download this package they shouldn't have downloaded, at what point then do things start executing behind the scenes? Does, is there more steps before we get to that point? [00:48:02] Speaker B: Honestly, we're, we're kind of at critical mass at that point. Right. So once, once the malware hits your disk and starts doing its thing, it's game over, man. Unless you got some really good EDR XDR system that's checking for behavioral things that it thinks could be malicious and give you the red flag, it's going to run and it's going to do the thing and you're going to be none the wiser. I mean, we saw that security researcher say that the only reason it knew is because it got errors. You know, they were getting errors in their code and their scripts and like, well, this shouldn't be happening on both of these systems. That's odd. Why is that happening? Ah, right. Rut row, we gotta go fix this. So again, once, once this happened, they talk about the account takeover. So the, the user says one of the victims is the GitHub account editor syntax, who is also a maintainer of TOPG, and they have write permissions to do git repositories. So there, with control over this trusted account, the attacker made malicious commits, right, which looks legit because it comes from the actual user. As far as the system is concerned, that commit came from the real user. [00:49:10] Speaker A: So there's no red flag. [00:49:11] Speaker B: Of, like, there's no red flag. I think they actually made like a bunch of commits to try to obfuscate and hide the fact that they were making the malicious commit as well. So they just did some innocuous changes and just hit commit, commit, commit, commit, commit, commit on all these things to. [00:49:26] Speaker A: Kind of disguise what they're doing. [00:49:28] Speaker B: And they also use this account to star multiple malicious GitHub repos, right? So giving them legitimacy and credibility and visibility. Like, I love how they put that, visibility and credibility. So if, if someone like editor syntax is starring a git repo, people are following them and going, oh, well, if they started, must be worthwhile. Let me go check this out. And so now I know that it's there and I think it's, it's a, it's credible. So I start downloading after that. It's, it's, you know, like I said, we've hit critical mass account takeover. They steal the cookies from this user, they impersonate them, and this is where they think they, they don't know that that's exactly what happened. But that's their best case, most likely scenario. That's the most likely scenario. [00:50:10] Speaker A: Okay, so as far as how they actually got to this legitimate account that people are following, whatever, probably through a session hijacking type thing. [00:50:17] Speaker B: Correct. [00:50:17] Speaker A: Okay. [00:50:18] Speaker B: Grab that token and run. [00:50:19] Speaker A: So they only really have to do that once then, and then it's like, oh, I've got my, got my stuff I can put in, I can set it up to make it look legit. And all I really had to do was steal one of your cookies. And now I'm in. [00:50:29] Speaker B: Yeah. [00:50:29] Speaker A: I mean, as far as access goes, kind of seems, I mean, I'm no hacker, so I don't know. [00:50:35] Speaker B: That's okay. [00:50:36] Speaker A: Seems like it probably didn't take a ton of time or, you know, if all you gotta do is I stole that cookie. This wasn't like, oh, I had to wait for months, and, oh, yeah, no, no, no. [00:50:46] Speaker B: This happened in a very short amount of time. And what's funny is it was the community on top gg that kind of let them know, bro, you're. You're. You're throwing malware out there. [00:50:59] Speaker A: So it wasn't even the guy that owns the account or the person that owns the account. [00:51:02] Speaker B: He was unaware at that time. And you look at the screenshot here, it said that he said he was quite shocked, to say the least, and he realized what had occurred through his GitHub account, it became evident that the malware had compromised multiple individuals, highlighting the scale of the impact. And I love this right here. What's. Whoa. That's not what I'm looking for. Uh, right here. Uh, rm. Dash, rf. Star. Dash. Dash. No, preserve. Dash, root. That's. I love that username. That's just so funny. Uh, says, oh, this person has perms for another repo. Okay, since your GitHub, that's your GitHub account. Want to explain the malware? Yeah, with a little emoji. That is too funny. And then they're like, what malware? Your GitHub account committed malware to the top GG Python library. Oh, snapdog. That's a bro what? Like, that is hysterical right there. Bro. What? Oh, man. [00:52:01] Speaker A: Cyber security researchers, they're just like us. [00:52:03] Speaker B: We are entertaining people. Are we starting to see the type of squatting? Right. Then they realize, oh, we got this. There's another malicious domain of piphosted.org. They dot went down, open user. So it says. Interestingly, the attackers type of squatting technique was so convincing that even a user on GitHub fell victim to it without realizing they were under attack. When the malicious domain piphosted.org went down, the user opened an issue on one of the malicious repositories, complaining, saying, hey, I can't get to this. I want access. Not realizing it had been hosting malicious payloads. Right? And again, the comments on this thing is just gotten so funny. Dude, it's malware. Can't you see? Imagine reporting that the malware you. That hacked you isn't doing its job anymore because the server got taken down. Ah, that's sad. [00:52:57] Speaker A: So he's on top of it. Yeah, it's down. I gotta report this. [00:53:01] Speaker B: Malware's not malware. Yeah, can you fix that? Can you get on top of that? We got to get that. [00:53:06] Speaker A: That's a problem. [00:53:07] Speaker B: Yeah. [00:53:08] Speaker A: Oh, man. So this is really something that they were able to conceal a lot of what they were doing by, I mean, it looked legitimate, the mirror looked legitimate, the package looked legitimate. There was no step where they were like, we'll just kind of let. They really took care to disguise everything that they were doing. So every step of the way, you'd be, it would be so unlikely for somebody to pick up on what was going on. And it looked like the domain that Popeye hosted one, the non legit, the illegitimate one, rather went up, I think, in early February, and this is just this past week that, that this, you know, error report was coming out. Um, so I would be curious to know how many people were affected. I mean, I know 170 people affected, but actually downloaded stuff. Right. [00:53:48] Speaker B: It's like, what is the ultimate fallout. [00:53:49] Speaker A: Going to be exactly? [00:53:51] Speaker B: Uh, because, yeah, 170,000 is probably a conservative estimate at this point. Um, it did, it was kind of funny. I was looking at, uh, they got this needle in a haystack session where I'd already mentioned this about how they did a bunch of commits. They show right here that, showing 52 changed files with 2619 editions. So they, they did this as part of that obfuscation to kind of slip that in under the radar. So it wasn't like ten commits, it wasn't like it was 52 change files with 2619 editions. There was, they did a lot to, to make sure that this kind of, like, was just lost in the milieu. Right. It's just blended in. [00:54:34] Speaker A: Yeah. Super camo'd, is it not the droid you're looking for? I'm gonna hand it to him. That's, that's a lot of effort to put in to do this. So now once we actually get into the, the malicious package that they're trying to deliver. [00:54:44] Speaker B: Yep. [00:54:45] Speaker A: What is it? If, you know, play just plain pretend. I go in, I download this, you know, I use this mirror that I shouldn't be using. I get this colorama package that's not legitimate. What is it that happens to me once that's downloaded? [00:54:56] Speaker B: We got a lovely graphic, thanks to the good people at checksmark right here. Kind of gives you a breakdown of that actual action, right? So here's your, here's your poor victim right here. They download the malicious repo or package which contains the malicious dependency colorama. Then it fetches and executes the python code from the pypyhosted.org version. So the malicious version happens from there. It fetches and executes Python code from this IP address with a file called inj, which is, I assume is like injection or injector or whatever they're trying to call it. Then it fetches and executes Python code from what looks like to be a different. Or is it. No, it's the same. The word wrapping on the icon there went a little crazy, but it's the same IP, but it grabs a different file, which is called GRB. Then persistence is established through Windows registry modifications and from there stolen data is exfiltrated to the attacker server. I know we're running a little short on time with this deep dive. We've kind of walked through a lot about what's going on. This, I don't want to get too deep on what's going on. I think we've covered most of the major highlights on this, but a couple of other useful pieces of information. Obviously those ips are going to be interesting for you as well as if you're into the python code on what goes on in those malicious packages. Very, very fun kind of thing to look at. Not fun to have happen to you, but interesting to see what those ttps are from that attacker, how they were working out, what it made it do and how that actually made its way through that. And it does look like at the. [00:56:24] Speaker A: End of the day, the goal was to steal stuff. [00:56:25] Speaker B: Yeah, it's stealing, it wants to steal things. And as we saw from it, getting this high level users account access, that's a big deal, right? Depending on who the victim is, this could be, this could be really bad. [00:56:41] Speaker A: You're kind of saving yourself a lot of work by doing that because you're not having to go just from your own account or, you know, kind of build credibility, you're just stealing somebody else's. Like when a Twitter account gets hacked and you start tweeting stuff, like you're just stealing somebody else's credibility and their reputation to kind of. Here, I'll just shove this stuff in there and so save yourself a lot of, a lot of time and a lot of work there. But yeah, cryptocurrency, wallets, telegram sessions, computer files, browser data. Yeah. Oh, theft. [00:57:04] Speaker B: We love Instagram data. I love that one on there. Another good reason to get off of Instagram, ladies and gentlemen. [00:57:10] Speaker A: I want somebody to steal my Instagram data. I'll just be an Instagram user. Yeah, that's my data. [00:57:15] Speaker B: Steal my Instagram data when I'm not on Instagram. [00:57:17] Speaker A: That's true. Good for you. I can't say the same, but I. [00:57:21] Speaker B: Technically am on Instagram. My wife runs the account, though. [00:57:24] Speaker A: I know it's not you yeah. It's not because you, like, engage and are active. [00:57:28] Speaker B: If you put, like, a comment or whatever, she'll tell me, hey, someone commented. Yeah, yeah, yeah. [00:57:34] Speaker A: It's nice of her to do that for you, but. Yes, you're right. [00:57:36] Speaker B: Now, I will answer, and she'll. She'll answer for me. [00:57:38] Speaker A: Yeah, that's. That's nice of you. It's. It's. It's called teamwork. [00:57:40] Speaker B: It is. Makes the dream work. [00:57:42] Speaker A: To your point, what you were saying about this, how it's. It's not fun that it's happening. You don't love that it's happening, but if this is something that you're interested in, you know, it just. You find it interesting to go in and look at the code and the specifics. [00:57:51] Speaker B: Yeah. [00:57:51] Speaker A: It's like watching true crime. Right? We don't like people get murdered, but. [00:57:54] Speaker B: But I want to know how they murdered. [00:57:55] Speaker A: Yeah. [00:57:55] Speaker B: What. [00:57:55] Speaker A: Why do people do this? You know, understand how they work and how the case happens. [00:57:58] Speaker B: And through the carpet fibers we found under the fingernails of the victim. You know, that's. That's really what you're looking at with these screenshots of the malicious python, where it goes. And that gives you the ability to start grabbing iocs, which is the other important big part of this is go look at the bottom of the check marks. Um, link, and you can. All the articles that we have checked out today in the rapid fire and in this deep dive, and we'll have one more coming, uh, will be in the description. [00:58:25] Speaker A: Yeah, absolutely. So if you want to take a look at it in detail, you have the option to do that. Those links will be there. But again, this is from check marks. So great for them to kind of go through and break that down for us. We we do appreciate it. Now, I know we're running short on time. [00:58:35] Speaker B: There was one more. [00:58:37] Speaker A: It's a. It's. It's a shallower dive. [00:58:39] Speaker B: Much a shallower deep dive, but it. [00:58:40] Speaker A: Was something that popped up a decent amount. And ironically enough, the the folks that covered this are also from Germany. They're from the CIspa Helmholtz center for Information Security. Those krauts. [00:58:48] Speaker B: They got us a gun. [00:58:49] Speaker A: Yeah, they are. They're on top of it over there. But you may have heard the Germans don't. This was a loop dos, which is fun to say. [00:58:56] Speaker B: Denial of service sounds german. [00:58:57] Speaker A: Sound loop das. [00:58:59] Speaker B: Yeah, das loop. Das loop das. [00:59:02] Speaker A: It's a new denial of service attack targeting application layer protocols. So CisPA de has some information on this, and the media release and everything. But what I wanted to take a look at, they've got, if you scroll down to the bottom, there was a attack specific advisory. It's just Google Doc when you click on it. So they go into the background and you know, folks that might need to be concerned about this, some actions you can take, but they've got an FAQ section. And I thought that was just so nice. I don't know if that's standard with this kind of stuff. Somebody like me that I'm like, maybe some of the technical stuff I'm still kind of learning. It is neat to see an faq, you know, how bad are these compared to other DOS attacks? They're, they're kind of in the same league. Would it be possible without IP spoofing? Apparently not. So at the very least, that's a step they've got to overcome, is a. [00:59:44] Speaker B: Necessary step in making this loop. This is not the first DoS that uses a loop for its functionality, but we have mitigations for those loops and they're building in mitigations for this type of loop. Basically just don't have those services running if you don't have to, which is a tax. UDP. UDP services. So user datagram pro. So this is going to be things like TFTP, DNS, older protocols like charging and echo and time, or the NTP protocol. So things that use this, basically what they do is they spoof an IP address between two servers. It finds two. Malicious or not malicious, I'm sorry, vulnerable servers. Two vulnerable servers. And it spoofs the IP and sends information to them. And one of them tries to respond to the other with, you know, erroneous information because it thought that's where it came from. Well, that server replies to the server back with erroneous information, goes, well, that's not for me, that's for you. And it just starts looping back and forth. It says there is no really good mechanism or one that they can find, at least from this article. They were saying, now Daniel's not saying this. The article says there's no mechanism to make this stop at this point, but they're, they're working on it. They're building those out. And eventually, like some of the big dogs said, that, oh, this doesn't affect our stuff. You know how it is that no one wants to claim responsibility or that it could be possibly used against them in a court of law, right? [01:01:19] Speaker A: Well, yeah, and it does. One of the other faqs was. Has it been exploited by actors already? No, we don't think so. And they're encouraging. If you find evidence that. That it has been. [01:01:27] Speaker B: This was researchers that found this, right? [01:01:29] Speaker A: Exactly. Which is good. That's the ideal scenario, which is the. [01:01:32] Speaker B: Way we want to go. Correct. [01:01:33] Speaker A: If you can't not have vulnerabilities, you want them to be discovered legitimately. So. And then they did have a list of vendors that they think, based on vulnerability scans, these vendors are probably affected and some big names. Broadcom, Cisco, any. [01:01:44] Speaker B: Well, it affects my broadcom thing. But here's the thing. That's like an old legacy system. Nobody uses it, really. It's only this one. It's end of life. So if you're using that, you got to upgrade anyway. [01:01:55] Speaker A: I don't know why. [01:01:56] Speaker B: I just became like. Like I'm from Jersey. [01:02:00] Speaker A: Let me ask you a question. [01:02:01] Speaker B: Yeah. Like, uh. Like, a bit. That's my shady businessman. [01:02:05] Speaker A: Yeah. Tony Soprano. Yeah. So, as far as they know, nobody's, you know, there's no attacks that have been carried out yet, but those vendors may very well be affected by something like this. So it's a little discouraging to know that, as far as they know, there's not really a way you can 100% prevent this. Um, right. But they did give a few scenarios of different ways that this could happen. So I guess, at the very least, you know, you've got attackers pair a target loop with many others to overload resources targeting the backbone. Uh, there was even a scenario said loopy hosts. I thought that was fun. Overload a targets network uplink by pairing loopy hosts within a network with external ones, and they give you a little diagram to show you how that works. Uh, and then self amplifying loops in rare cases where they don't send back a single response, but multiple, so they continue forever. And that's scary. [01:02:47] Speaker B: And then it's like, you. You heard the thing about, well, you told two friends, and they tell two friends, and they tell two friends. It's an exponential attack. That's what they mean by amplification. The. I say this with me. What happens is that the data I send to elicit a response, the response becomes much larger, is a much larger response than what the initial contact was. And because of that, you get a much larger, and it tends to amplify. That's what they mean by amplifying. It's becoming bigger as it goes. So very dangerous attacks. And I did read that a lot of there. There was a lot of DOS activity in 2023, so we. We definitely want to be on the lookout. I feel like DOS attacks kind of get, they don't get as much love as, you know, malware and data breaches and things of that, that nature. But they're a real threat to your organization. Because if your organization goes down and it cannot service request to your customers, you'll probably lose clients and customers. [01:03:49] Speaker A: Your reputation is damaged. [01:03:50] Speaker B: Your reputation, you're definitely losing money because that, that's violating your SLA, your service level agreement says you will have this much uptime to your service. And if it, if it gets beyond that due to a denial of service attack, now you start owing your clients money or time or whatever the resources, whatever it is. So this, it's a, it's a real problem. So definitely be on the lookout for denial service attacks and mitigate for them. [01:04:17] Speaker A: Yeah, absolutely. And I would recommend going through this document if it's something that you might be concerned about. Because even though there's not maybe a way to 100% totally secure against this, they do give some preventative measures, like, you know, obvious ones, shutting down vulnerable services, um, and then also reactive measures. So if you feel like they're, if there's something that, oh, it seems like maybe we're under attack here, you know, this is going on, um, rate limiting, things like that, that can, maybe to try to mitigate against that and. [01:04:42] Speaker B: Yeah, and if you start seeing a bunch of heavy traffic coming in from one server, even if it's a legitimate server, like, these things happen all the time where it's just accidental dosing. [01:04:50] Speaker A: Right. [01:04:51] Speaker B: You'll either either at the very least rate limit or shut down access from that ip from coming in or that domain and saying, nope, I'm not receiving stuff from you at this point, at least on, because you can set your firewall to say, from this domain or this ip on this port with this, you can get real granular depending on your firewall. So just write the right rules to help slow this down and then mitigate for it. [01:05:16] Speaker A: Yeah. So it reminds me of when you, if you hold up a mirror to a mirror and it just goes back and forth forever. That's kind of what this reminds me of. If two network services keep responding to each other with error messages or whatever. [01:05:23] Speaker B: It's just kind of like that analogy. Yeah, it's really fun. [01:05:25] Speaker A: Just over and over and over again. So, so anyway, I know we kind of are running long here, but this is something that will be linked as well. Not only the, the initial, you know, advisory, I guess, but then also this document that kind of goes into detail. So we'll go ahead and call it there for that one just because we could probably spend a lot of time on that. But yeah, it's definitely something to be aware of. Very cool dosses. It's not as. It doesn't get as, it's not as flashy as ransomware, but it's still scary. [01:05:48] Speaker B: But, man, works like a charm. [01:05:50] Speaker A: Oh, yeah. So before, before we kind of finish up this segment, though, was there anything that you saw in the news this week that. We didn't really go into detail, but it seemed like it might be kind of relevant? [01:05:57] Speaker B: I mean, not really. [01:05:58] Speaker A: Not really. [01:05:59] Speaker B: Yeah. I think we did a pretty good job of curating this this week. [01:06:02] Speaker A: Yeah, we did a pretty good job. [01:06:03] Speaker B: You know, as, as of the filming, don't get me wrong, there's probably breaking news that are happening behind us right. [01:06:07] Speaker A: Now out right after paying no attention. [01:06:09] Speaker B: To all these explosions. [01:06:11] Speaker A: Yeah. I would be curious to know if anybody is going to be like, why are you talking about the bridge thing? There's no, like, the whole. The bridge that collapsed. [01:06:17] Speaker B: Oh, yeah, yeah, yeah. [01:06:18] Speaker A: There's no, like, key bridge. We looked, we checked to see, like, was there any updates? Was any. As far as we know right now, it's just, it's just a freak thing. [01:06:24] Speaker B: Yeah, that stuff happens as far as we know. [01:06:26] Speaker A: Yeah, it was. [01:06:27] Speaker B: Yes. [01:06:27] Speaker A: Scary stuff, but it was just, it was an unfortunate accident. So it's not that we didn't know. We forgot about it. [01:06:32] Speaker B: No. [01:06:32] Speaker A: But it's not really a cyber thing. It's just a thing. [01:06:34] Speaker B: Not yet. We don't know that it was. There's no evidence that it was just. [01:06:37] Speaker A: Happened at this point. Sometimes that stuff doesn't come out till way later. So we hope that it's not, you know, you hope that it's just a one time accident. [01:06:43] Speaker B: I hope it was just a big accident. I mean, it was a horrible accident. [01:06:45] Speaker A: But big accident, you know, just like my being here. That one. Gotcha. [01:06:50] Speaker B: Bringing a little levity to heavy topics. [01:06:53] Speaker A: So I think that's pretty much going to do it for us once again. You know, if you have missed any of the technatos in the past, you want to go back and check on those. Those do live here on the channel forever and ever and ever. You can never get away from them. So feel free to go and check those out comment and let us know what you want to see in the future. [01:07:07] Speaker B: He's disappointed I'm not allowed to make this joke in my head. [01:07:10] Speaker A: Okay, we'll talk about it afterwards. Yeah, we'll vet that joke later. And then also webinars. We've got other things that exist here on this channel. We have a webinar, I think Thursday, this week. It's like a, it focused webinar, especially if you're like a woman in it. You want to check that out. I think it's going to be geared more towards that crowd, so should be pretty fun. And then we've got an all things cyber webinar next week as well. [01:07:29] Speaker B: They are happening. [01:07:29] Speaker A: We are going to be on. Oh, my gosh. John Strand, right? [01:07:32] Speaker B: Is it John Strand? [01:07:34] Speaker A: I think so. [01:07:34] Speaker B: Sure. [01:07:35] Speaker A: Oh, gosh. [01:07:36] Speaker B: I'm not sure. [01:07:36] Speaker A: Let me, let me check, let me double check on that. [01:07:39] Speaker B: Fact check on that. [01:07:40] Speaker A: I'm pretty sure. Cause I know we're gonna try to get Jerry Ozer on in May. [01:07:44] Speaker B: Okay. [01:07:44] Speaker A: That's the one that I know for sure. But April is such a packed month. There's just so much stuff. It's John Strand. [01:07:50] Speaker B: Oh, man. [01:07:51] Speaker A: So too good to be true. [01:07:53] Speaker B: I'm just here to tell you, ladies and gentlemen, you do not want to miss that webinar. When Jon Strand, when you wind him up and you pull that string and you get him going, that man is a, a fount of information, of good information and his ability to relay that information to us in a usable way. And he's going to answer your questions. You get to go in a chat room. It's basically an ama, right? You just get to ask me and John anything you want. I'm mostly throwing it on John because I want to hear what Jon has to say because he's up here and let's sit at his feet for a few minutes and listen to what he's got to say. It's going to be really good. Always enjoy having John on. [01:08:33] Speaker A: I think he's been on before. And my favorite quote from last time was, you know, when you make a hacker cry, save their tears. They make the best wine. [01:08:39] Speaker B: They do. [01:08:39] Speaker A: And I just, it stuck with me, you know, he went into all kinds of things in that webinar and prompted. [01:08:44] Speaker B: To pulled up like vms and started doing attacks like, just like on the fly. [01:08:47] Speaker A: We didn't know he was going to. [01:08:48] Speaker B: Do it on the fly. Had no clue. We thought we were just going to be doing, answering questions. And he was like, well, let me show you. Like, you're going to do what now? Oh, my goodness. [01:08:55] Speaker A: Yeah, absolutely. So that will be next week. First week in April. I believe it's the fourth. That's going to be at 02:00 p.m.. Eastern time, so you will not want to miss that. That'll be here on the YouTube channel on LinkedIn, various sources for that. But other than that, that's gonna do it for this episode. So, Daniel, thank you for your patience with me and my ill timed jokes. [01:09:11] Speaker B: Yeah. [01:09:12] Speaker A: And of course, thank you for joining us. We hope we see you back here next week for another tech nado. Thanks for watching. If you enjoyed today's show, consider subscribing so you'll never miss a new episode.

Other Episodes

Episode

February 12, 2018 01:03:50
Episode Cover

ITProTV Podcast 35: Week 6 in Review

In week 6 of 2018, we’ve got a host of operating system stories to cover from Windows, Linux, Chrome OS, and Mac. After that,...

Listen

Episode

October 08, 2020 00:49:08
Episode Cover

Technado, Ep. 172: NetEnrich’s Brandon Hoffman

The new CISO at NetEnrich, Brandon Hoffman, was this week’s guest on Technado, where he discussed the role of the SOC in a company’s...

Listen

Episode

January 13, 2022 00:54:34
Episode Cover

Technado, Ep. 238: Cofense's Ronnie Tokazowski

A business email compromise (BEC) could cost your company millions, so what are you doing to prevent it? In this episode, Ronnie Tokazowski shares...

Listen