Apple Chip Flaw Leaks Secret Encryption Keys

The next time you stay in a hotel, you may want to use the door’s deadbolt. Apple’s M-series of chips contain a flaw that could allow an attacker to trick the processor into revealing secret end-to-end encryption keys on Macs, according to new research. There are mitigation techniques that cryptographic developers can create to reduce the efficacy of the exploit, but as Kim Zetter at Zero Day writes, “the bottom line for users is that there is nothing you can do to address this.” In a letter sent to governors across the US this week, officials at the Environmental Protection Agency and the White House warned that hackers from Iran and China could attack “water and wastewater systems throughout the United States.” The letter, sent by EPA administrator Michael Regan and White House national security adviser Jake Sullivan, says hackers linked to Iran’s Islamic Revolutionary Guard and Chinese state-backed hacker group known as Volt Typhoon have already attacked drinking water systems and other critical infrastructure. Future attacks, the letter says, “have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities.” There’s a new version of a wiper malware that Russian hackers appear to have used in attacks against several Ukrainian internet and mobile service providers. According to SentinelOne’s analysis of AcidPour, the malware has “expanded capabilities” that could allow it to “better disable embedded devices including networking, IoT, large storage, and possibly ICS devices running Linux x86 distributions.” The researchers tell CyberScoop that AcidPour may be used to carry out more widespread attacks.