This episode sponsored by Nucleus Security.On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- SEC Twitter account hack moves bitcoin price
- Kaspersky admires Triangulation hackers’ fine work
- Telcos hacked all over
- Israel hacks Iranian gasoline pumps again
- Iran up in Albania, Sudan, Egypt and Tanzania
- and much, much more…
This week’s show is brought to you by Nucleus Security. Co-founder Scott Kuffer joins us to talk about why patch management is more nuanced than just “patch fast!”
Show notes
- U.S. Securities and Exchange Commission on X: "The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products." / X
- Mandiant, the security firm Google bought for $5.4 billion, gets its X account hacked | Ars Technica
- 4-year campaign backdoored iPhones using possibly the most advanced exploit ever | Ars Technica
- Spyware attack chain used previously unknown iPhone hardware feature, report says
- "Dutch engineer carried out Iranian nuclear sabotage": VK - DutchNews.nl
- Russian hackers infiltrated Ukrainian telecom giant months before cyberattack
- Ukraine telecom cyberattack one of ‘highest-impact’ hacks of the war
- Pro-Ukraine hackers claim breach of Russian internet provider
- Ukraine says Russia hacked web cameras to spy on targets in Kyiv
- Optus outage: Banks, telcos to be quizzed at Senate hearing
- A “ridiculously weak” password causes disaster for Spain’s No. 2 mobile carrier | Ars Technica
- Albanian parliament, telecom company hit by cyberattacks
- Paraguay military warns of ‘significant impact’ of ransomware after attack on internet provider
- Iran confirms nationwide cyberattack on gas stations
- Hackers disrupt Beirut airport with anti-Hezbollah message
- Telecom organizations in Africa targeted by Iran-linked hackers
- Myanmar rebels take control of ‘pig butchering’ scam city amid Chinese pressure on junta
- AlphV ransomware site is “seized” by the FBI. Then it’s “unseized.” And so on. | Ars Technica
- BreachForums administrator detained after violating parole
- Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay
- Global law enforcement seizes $300 million, arrests 3,500 involved in transnational cybercrime operation
- Toronto Zoo says it remains open after ransomware attack
- Central Bank of Lesotho facing outages after cyberattack
- Kansas City-area hospital transfers patients, reschedules appointments after cyberattack
- Cyberattack on Massachusetts hospital disrupted records system, emergency services
- LockBit claims November attack on New Jersey hospital that disrupted patient care
- First American becomes latest real estate industry giant hit with cyberattack
- Ivanti warns of critical vulnerability in its popular line of endpoint protection software | Ars Technica
- US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters
- SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica
- LastPass enforces 12-character master password lengths | Cybersecurity Dive
- FTC soliciting contest submissions to help tackle voice cloning technology
- Biden signs short-term FISA extension before year-end deadline
- Foone: "The 37C3 talk on TEA1 encrypti…" - Infosec Exchange
- Crypto hedge fund CEO may not exist; probe finds no record of identity | Ars Technica
