Risky Business Podcast

February 22, 2023

Risky Business #696 -- Why Twitter had to kill SMS 2FA

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Why Twitter had to kill SMS 2FA
  • A look at Meta’s new verification service
  • How a ransomware attack disrupted the semiconductor supply chain
  • Why Anonymous Sudan is probably a Russian info op
  • Microsoft mixes up public and private keys in Azure B2C (for real)
  • Much, much more

This week’s show is brought to you by Proofpoint. Its Executive Vice President of Cybersecurity Strategy Ryan Kalember joins the show in the sponsor slot.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Risky Business #696 -- Why Twitter had to kill SMS 2FA
0:00 / 0:00

Show notes

How to Protect Yourself From Twitter’s 2FA Crackdown | WIRED

Elon Musk Says Twitter Lost $60mn a Year Because 390 Telcos Used Bot Accounts to Pump A2P SMS | Commsrisk

Twitter’s Two-Factor Authentication Change ‘Doesn't Make Sense’ | WIRED

Elon Musk on Twitter: "@MKBHD Twitter is getting scammed by phone companies for $60M/year of fake 2FA SMS messages" / Twitter

rat king 🐀 on Twitter: "as twitter goes through diff versions of what it’s subscription service looks like, meta rolls out its own verified program… https://t.co/BPNILEFGZ0" / Twitter

WA wedding photographer’s fury as Instagram account deactivated | news.com.au — Australia’s leading news site

Semiconductor industry giant says ransomware attack on supplier will cost it $250 million - The Record from Recorded Future News

State of emergency as City of Oakland grapples with ransomware attack - The Record from Recorded Future News

Irish TV broadcaster says attempted hack will affect programming - The Record from Recorded Future News

Revealed: the US adviser who tried to swing Nigeria’s 2015 election | Cambridge Analytica | The Guardian

Political aides hacked by ‘Team Jorge’ in run-up to Kenyan election | World news | The Guardian

Fox News stars and staffers privately blasted election fraud claims as bogus, court filing shows

google_fog_of_war_research_report.pdf

Hacks, leaks and wipers: Google analyzes a year of Russian cyberattacks on Ukraine | CyberScoop

Scandinavian Airlines hit by cyberattack, 'Anonymous Sudan' claims responsibility - The Record from Recorded Future News

Azure B2C Crypto Misuse and Account Compromise - Praetorian

GoDaddy: Hackers stole source code, installed malware in multi-year breach

WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks - SentinelOne

Hyundai, Kia to provide anti-theft software updates following viral TikTok challenge - The Record from Recorded Future News

Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica

Latest attack on PyPI users shows crooks are only getting better | Ars Technica

Belgium launches nationwide safe harbor for ethical hackers | The Daily Swig

Tor Project Moves Away from Infrastructure Ran by Internet Monitoring Firm

Bank accounts overdrawn, missing and suspended without warning, bank won't talk to me : LegalAdviceUK