Risky Business #696 -- Why Twitter had to kill SMS 2FA

PLUS: Semiconductor supply chain disrupted by ransomware...
22 Feb 2023 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Why Twitter had to kill SMS 2FA
  • A look at Meta’s new verification service
  • How a ransomware attack disrupted the semiconductor supply chain
  • Why Anonymous Sudan is probably a Russian info op
  • Microsoft mixes up public and private keys in Azure B2C (for real)
  • Much, much more

This week’s show is brought to you by Proofpoint. Its Executive Vice President of Cybersecurity Strategy Ryan Kalember joins the show in the sponsor slot.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

How to Protect Yourself From Twitter’s 2FA Crackdown | WIRED
Elon Musk Says Twitter Lost $60mn a Year Because 390 Telcos Used Bot Accounts to Pump A2P SMS | Commsrisk
Twitter’s Two-Factor Authentication Change ‘Doesn't Make Sense’ | WIRED
Elon Musk on Twitter: "@MKBHD Twitter is getting scammed by phone companies for $60M/year of fake 2FA SMS messages" / Twitter
rat king 🐀 on Twitter: "as twitter goes through diff versions of what it’s subscription service looks like, meta rolls out its own verified program… https://t.co/BPNILEFGZ0" / Twitter
WA wedding photographer’s fury as Instagram account deactivated | news.com.au — Australia’s leading news site
Semiconductor industry giant says ransomware attack on supplier will cost it $250 million - The Record from Recorded Future News
State of emergency as City of Oakland grapples with ransomware attack - The Record from Recorded Future News
Irish TV broadcaster says attempted hack will affect programming - The Record from Recorded Future News
Revealed: the US adviser who tried to swing Nigeria’s 2015 election | Cambridge Analytica | The Guardian
Political aides hacked by ‘Team Jorge’ in run-up to Kenyan election | World news | The Guardian
Fox News stars and staffers privately blasted election fraud claims as bogus, court filing shows
Hacks, leaks and wipers: Google analyzes a year of Russian cyberattacks on Ukraine | CyberScoop
Scandinavian Airlines hit by cyberattack, 'Anonymous Sudan' claims responsibility - The Record from Recorded Future News
Azure B2C Crypto Misuse and Account Compromise - Praetorian
GoDaddy: Hackers stole source code, installed malware in multi-year breach
WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks - SentinelOne
Hyundai, Kia to provide anti-theft software updates following viral TikTok challenge - The Record from Recorded Future News
Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica
Latest attack on PyPI users shows crooks are only getting better | Ars Technica
Belgium launches nationwide safe harbor for ethical hackers | The Daily Swig
Tor Project Moves Away from Infrastructure Ran by Internet Monitoring Firm
Bank accounts overdrawn, missing and suspended without warning, bank won't talk to me : LegalAdviceUK